Screen your calls in the cloud

I used to be agitated by the sound of the phone. My wife and I both have cell phones but we got a land line because there are some parts of the house where we have no reception and we occasionally misplace our phones. Shortly after we purchased it and before we could even give the number to friends, the calls started. Political calls, sales calls, and a plethora of other junk was funneled into our house. It was as if I had hooked up a sewer pipe directly to my kitchen and it dumping garbage calls into my home, hence the agitation.

Most of the calls were automated; robots per se. Companies have found it is much cheaper to record a call and then automate the call and playback process rather than hire the work out to a call center. Internet based phones, like the one I have, called Voice Over IP (VOIP) phones make it even easier and cheaper for companies or individuals to implement these automated calls. Such calls have earned the name robocalls and are increasingly used for illegal sales calls and scams. These internet-based calls often originate from overseas but have domestic phone numbers, real or spoofed, which allows them to violate the FTC’s National Do Not Call Registry so don’t count this registry to save you from them.

I wanted to get rid of the phone all-together but my wife, wanting to always be connected with friends and family, had become somewhat attached to the security of a backup line. My first step was to get a phone that audibly announced the caller ID so that I could avoid getting up for more junk calls. I then did my best to ignore the incessant ringing once I heard the telltale caller ID of another vapid robotic exchange.

Last week, however, everything changed. I was preparing for a presentation on hacktivism and I was researching how to prevent fax spam when I came across a cloud-based service that claimed to stop robocalls. I instantly wanted to learn more. Not only did this company claim to have good success in preventing these calls but they were offering the service to consumers for free.

The service I am talking about is Nomorobo. It is pronounced like No More Robo and it came out of a robocall challenge issued by the FTC to develop a solution to the robocall problem. Nomorobo maintains a black list of bad calling numbers but robocallers routinely change their numbers and these are often spoofed, meaning that they are not the actual number that the calls originate from. For this reason, Nomorobo only keeps a number in the blacklist for a short time and relies more on the characteristics of the call in much the same way that spam messages are blocked.

Now, some robocalls are legitimate ones that I actually would want to receive. These include calls from my doctor reminding me of an appointment or from my pharmacy about a prescription to pick up. Nomorobo can identify legitimate robocalls and allow those through so you do not miss that appointment or forget that prescription or bring the kids to school on a school closing.

The service relies upon answer anywhere, a feature of many VOIP carriers that allows calls to be sent to two numbers simultaneously. After signing up for Nomorobo and giving it your phone number, you log into your VOIP carrier and configure answer anywhere to go to Nomorobo’s number. Calls are then routed to both numbers and Nomorobo will drop calls after the first ring if they are a robocall. Nomorobo is currently supported on Verizon FiOS, Comcast Xfinity, Time Warner Cable, and AT&T U-verse.

So, in the end, you still receive the calls but the line will only ring once if it is a robocall. In the last year, Nomorobo has blocked 15.1 million robocalls. For me, it is blocking three to five calls each day. I am so much happier with this service and my wife can keep the phone.

Six Email Scam Tactics you should recognize

Scams exist.  That is a simple truth.  There are honest people, and then there are others who try to cheat.  Email and the technology age facilitate scamming through email.  Often these emails promise jobs or an irresistible offer, but sometimes they are more subtle than that.  This article analyzes the types of email phishing traipsing around the World Wide Web so that, armed with the knowledge of email phishing attacks, you can avoid them in the future.

1. Irresistible Offer

Here is the ultimate dream held by many Americans: Get rich quick.  It just doesn’t work.  The ads that are frequently displayed online or the spam messages sent to people every day offer ways to get rich quick, have free money, receive free gifts or services, or meet someone beautiful and sexy.  The scammers want to take your money, not give it to you and that beautiful woman you see in the picture might not even be a woman.

2. Money Mule
The money mule scam offers you the opportunity to make lots of money by transferring cash. It appears somewhat legitimate but it is actually illegal and you will be the one the evidence points to.  You may see an advertisement for a financial position where you move money around from home and make a lot of cash.  You are actually transferring stolen money or money laundering.

3. Pyramid schemes

Follow this formula with several people and they will all send you money after you send money to me and other more complex variations of this.  You get money if enough of the people you send the message to end up sending money and also participating.  Eventually, the system runs out and someone loses.  Other times you participate in a service that requires little but promises much.  What you actually get, if anything, is far different from what is promised because the only ones that make out of the deal are those who first started.  When it is time for you to get paid, there is nothing left in the pot.

4. Stolen Goods Mule

Similar to the money mule but goods are transferred instead of money.  These services typically offer themselves as a shipping consultant and your job will be to receive packages and then ship them to another location.  Criminals purchase goods using stolen credit cards and then sell the items on eBay.  You receive the stolen goods and sent the merchandise off.  Unfortunately, when the fraudulent charges are noticed, the address they shipped to is the one the police will go to.

5. Spear Phishing

Spear phishing messages provide you with a link to what appears to be the site, and they ask you to log in or to update your password.  Spear phishing messages are crafted to appear to come from some service that is legitimate but they are just copies or fakes.

6. Whale Phishing

Whale Phishing is a specific attack against an individual with wealth or access to valuable assets or information.

Awareness of such attacks is increasing, but the mere fact that the average user still receives so much spam means that it must be paying off for someone.  Don’t be the one who gets burned.  Educate your employees on the risks.


There are steps that can be taken to safeguard yourself against potential malfeasance.  First, always pay attention to the website you are visiting.  Frequently, phishers will set up a mirror site that looks exactly like the site you want to see.  Always be skeptical and go to the website directly rather than clicking on any link provided in an email.  Be wary of hyperlinks within emails and remember that banks will not ask for personal information via email.  Installing anti-spam software from a reputable source will significantly diminish your vulnerability to attack.  Finally, if something phishy does occur to any one of your accounts, change your password and secret questions.

Scamming happens, that is a simple fact.  Today I looked at multiple ways that a person could get burnt ranging from spear phishing to a money mule.  In any case, the best defense is a proactive one.  Pay attention to your financials, and always protect your personal information.  Be cautious about any offer that seems too good to be true.  Follow these steps and the job of sifting out what is potentially dangerous versus what is benign becomes much easier.

Spelling SPAM filter

Much of the SPAM I get uses misspelled words. This is probably so
that the messages can pass through Bayesian filters because their
words do not accurately match the words on the list. I would like a
filter that marks all messages as SPAM if they go over a set threshold
of spelling mistakes. I do have a few people in my address book who
send me terribly misspelled messages. Maybe this would encourage them
to spell correctly. Anyway, this is not really a hashed out SPAM
filter plan or anything. It is simply something I was thinking about
over lunch.

Down with the SPAM King

Alan Ralsky, the "SPAM King" and one of the largest spammers in the world, was jailed by the Department of Justice last month. The Detroit News said the following:
"Warrants unsealed last week revealed that agents
in September seized computers, laptops, financial records and disks
from the 8,000-square-foot home of Alan M. Ralsky. The $750,000 West
Bloomfield mini-mansion was built off profits from the 100 million
electronic offers for everything from Botox to mortgages that Ralsky
sends every day."  

It is rumored that he will rat out many other spammers and hackers as well. 80% of the SPAM you receive is sent from large spammers such as Alan Ralsky. Alan Ralsky has been spamming since 1997. Ralsky sent out millions of messages per year and also hosted many other spammers. He began using dial-up accounts and then moved to setting up dummy ISPs. He bought his own IP space from ARIN and spammed using an address from his address space until many complaints would cause him to switch to a new address in the space. Later, he moved his operations to China to attempt to avoid US authorities. He hosted websites on the same dial-up connections he
used to send SPAM. He then used an auto-updating DNS server to point
to a new IP address whenever one of the DUN’s cut him off.
Ralsky also hosted quite a bit of the spammed website
content on servers in the US, He used a VPN connection to route the
traffic from the Chinese IP’s back to his systems in the US.

Here is an interview about it with the hacker "Memehacker".