Posted on

The Kitchen Scrappage/Recycling Scheme (cold call scam)

They’re at it again – cold-calling households (or numbers they think are households) with recorded messages from abroad. If you hang up they are pretending this means you would like to hear more, and call back from the UK (judging by the accent) but withholding their CLI. They do this to avoid prosecution  under the  Privacy and Electronic Communications (EC Directive) Regulations 2003. They’re also not prepared to give any contact details when asked. They are obviously working a con.

Their choice of name suggests they’re connected with official government initiatives such as the widely publicised boiler and car scrappage schemes, but there’s no such scheme in reality.

So what’s their con? Are they trying to pressure sell dodgy kitchens? Or obtain personal details for sale for marketing purposes? This is what the Information Commissioner’s Office think. Certainly, if they were trying to sell kitchens they’d be able to at least tell you which company they were calling from. I’ve just tied the low-life calling me in knots on that one. “Contact details?”, “No, but are you interested in a new kitchen.”, “I might be, but I can’t buy one from anyone without contact details, can I?”, “Er….”

Previously I’d listened longer to the spiel, and they were asking details about your existing kitchen, and then moving on to household income and other dodgy stuff. I had to lie to keep them talking, as they were calling the office and we don’t have that kind of kitchen.

These people are not complying with the TPS block-lists, and going to some trouble to avoid prosecution for cold-calling. I doubt they’re legitimate in any way, but the foregoing is enough to demonstrate that you can’t trust them. The ICO doesn’t have a number trace to go on, but complain anyway (on this link) and leave them to do the leg-work with better resources.

 

Posted on

eBay security problem in February – just noticed!

Well, it had to happen. Today eBay announced a serious security compromise. Apparently someone’s got hold of employee login details that allowed access to databases containing customer names and contact details, together with a password hashes.

Should anyone be worried?

Well, a hashed password isn’t a password but it’s possible to crack, especially if it was a weak one (i.e. a word or two words conflated, with a digit on the end and possibly a full stop). eBay says that there’s no evidence of anything fraudulent transactions. Yeah, great. The problem is going to come when people have used the same password elsewhere, like on their PayPal account, bank account or somewhere important – armed with their contact details and a crackable password, those people could be in real trouble.

eBay is due to email everyone very soon to ask them to change their password. It’s called shutting the stable door once the horse has bolted – this data may have been in the hands of the criminals for a couple of months now. You don’t need to change your eBay password; you need to change the password on every system that used it.

The sooner this antiquated means of verifying identity was replaced by secure public certificates, the better – by the punters won’t understand how those work.

So what does this mean? Your password was secure but now it isn’t? No. It was only secure before if you trusted the eBay employees. And a find upstanding bunch they are.

Next, of course, the scammers are going to spam everyone with phishing eBay credential change emails. And when this hits the news, who’s going to disbelieve it. eBay really needed to manage the news dissemination better.

 

 

Posted on

New way to deal with cold callers

I’ve just had another cold-call from one of those idiots from a call centre located a long way to the East. “Hello, I am from Choice UK…”

It’s insulting that they’d be so stupid as to believe anyone would be so stupid as to believe they’re in the UK, or anywhere nearby.  But I found another way to turn the tables – “Prove it.”, I said. When he’d figure out what it meant he asked “How can I do that?”

“If you’re from the UK you can tell me the first line of the National Anthem?”. As usually happens eventually, he hung up.

So what are these people up to? Well, EU Law makes it illegal for companies to cold-call people without their permission. The is implied if there’s a pre-existing business relationship, but cold-calls are out. Great! A law from Brussels that we all like. Except it’s pointless – locate your call centre in Hyderabad and no EU member state can touch you. As a bonus, you can hire a load of cheap local labour to do the calling.

Now these outfits don’t try to sell you anything. To be honest, their English isn’t good enough anyway. What they’re doing is canvassing so they can sell your details on to companies in the UK. One you’ve said “yes” to a question like “Would you like to know how to save money on electricity?”, then, according to their interpretation, you’ve given permission for a UK company to call you with their latest special offer.

Of course, these are not honest people. They’ll sell your name on whether you said “yes” or “*$^@: Off!” And companies in the UK trying to mount a telephone marketing campaign within the law will buy the data and call you anyway.

I’ve spoken to a few companies buying false data about me (apparently I’ve been seriously injured in a car crash). They trace back to a company called Communication Avenue in Newark on Trent. If you talk to the caller nicely, often they’ll tell you – because remember – they’ve paid someone good money for something they thought was a sales lead and they’re not happy either. Communication Avenue declined to comment (or more precisely, ignored my email and failed to answer the phone). I have now left the matter with the ICO.

BT is powerless to help. So it says. They claim they can’t, technically, block calls from overseas numbers for you. As a “help” they gave me “free” caller-ID, so I could simply not answer foreign numbers. BT the BT caller display telephone didn’t display anything and to add insult to injury, after a year they started charging for it.

So what can be done? The solution to this one IS technical. All it needs is an option to block all calls coming from countries that do not subscribe to, and enforce, EU-wide telecoms regulations – including VoIP gateways. One has to ask why this hasn’t been done, but I dare say the answer is commercial.