INBOUND SPOOFED or PHANTOM Calls on PRI

[remingtonIT]

Folks,

I have a customer with PRI 23b+D with about 50 DID's on a NORSTAR MICS. SINCE INSTALLATION date in 2006 there are numerous, somtimes 20-30 DAILY calls recieved from tel numbers that show name/number display. These calls usually go to the main LDN on the PRI but some get to sequential DID's. These calls either HANGUP or have an endless SWOOSH sound. If the number is logged/trapped and we call the number back we are told that the person never made the call to our number. In some cases we were told that the persons phone line was out of service on the dates we claim they called us. The CALLER ID's of some of these numbers are local government, private residence, local and state-wide business. The TELCO has claimed the caller ID spoofed and the calls did not originate from the CLID sent.

In short it is so time consuming to answer these calls or listen to messages (SWOOSHING SOUND) left all hours of the day. It is getting near changing the LDN and DID range but that will be costly with biz cards letter head etc.

Anyone seen or experienced this?

Your input is appreciated.

TIA

REM

 

[SYQUEST]

Yes, we call those types of calls "junk phone calls". That is why we now have a Do Not Call List, because of unscrupulous telemarketers and scam ripoff scum that generate this type of traffic and crap.

They use Primary ISDN for their exploits and insert any number or series of numbers for the outgoing CLID to hide their real identity or source. It does not matter if the number is valid or assigned to existing service. There are probably some VOIP services that allow a similar setup that they may be using as well.

What to do?? You have alot of detective work ahead. You might check any of the numbers that don't have names on a website: whocalled.us to see if others have received calls from those numbers and gleen any info that might help you find the source.

Next, if the call is a machine and wants you to leave a number for callback, you could leave one that goes to voice mail for the callback to leave a message as a trap to get their real number.

You could contact your service provider, and if they are willing to set up an SS7 trap with the appropriate hardware, they may be able to capture the SS7 messages for the call setup info that may reveal the real ANI and/or source of the calls.

Number changing would be a last resort, and no guaranty that you won't get those calls on the new numbers.

If the CID numbers show up in the SDMR records you might want to make a log file as a reference for tracking them.

Does the SDMR on the MICS provide the CID Name?

Hope this helps!

....JIM....

 

[remingtonIT]

Syquest...thank you for the reply and for your help.

We have the TELCO involved as they have a trap setup. The TELCO claims they have never seen anything like this before. Nor have I.

We also have the Police involved in order to get ATT to deal with this under the ANNOYANCE Policy. I am familiar with the telemarketing scum and how they spoof numbers, all CID, for the most part, include name and number. In some cases we were able to contact people at these numbers and as previously described, they did not contact us and there phone service was out of service at the time we logged the call. When the calls are answered by a GENERAL DELIVERY Mailbox we are not getting any FAXTONES...just a swooshing sound... one call recently hung and stayed in the Auto Attend for 4.5 hours in the middle of the night. ( I have removed the GenDev Mailbox as it gets filled every night).

Any other thoughts are appreciated.

REM

 

[ISDNman]

THere is a "screening indicator octet" for calling party number. This will indicate if the Telco or the user provided the number. If the user provided the number it will also tell you if the telco checked it.

SInce the Telco is involved perhaps there is a way for them to screen by this field and simply return busy on calls that are user provided and not screened.

Another possibility is to see if your PBX vendor can screen on this.

Not perfect as it is not all that unusual for the CON to be user provided and unscreened.

ANy enemies? Fired employees, etc? Sound a lot like someone is spoofing it and targeting you in particular. I wonder what the heck the swooshing sound is. That seems to be a common factor to the calls.

Good luck

 

[DigitelD]

I have had a couple customers that have had these kind of calls. One customer was able to find where the calls were coming from and stopped them.

SHK Certified (School of Hard Knocks)
NCSS

 

[aarenot]

See if you can route calls by the incoming CLID, and do so to a general MB. I work on Avaya IP Office and it allows this type of routing, not sure if your system does.

 

[donb01]

I have a few numbers that seem to have this problem on a regular basis and have unassigned those numbers from the users in question, made them phantoms, and pointed them at a "general" call processing mailbox/menu that says "You have reached widget world. If you received this message in error please press 1 now for assistance." If they don't press 1 it gives the standard "Thank you for calling" and hangs up. If they are primitive enough to have a rotary dial phone they will eventually get pissed off and look up another number in the phone book (we have LOTS of numbers listed).

Most machines won't be able to press 1 and will just get tossed. Most telemarketers will hang up as soon as they get the announcement. Most legitimate customers will press 1 and get an operator to help them. In this case I could care less who the hang ups are.

My big problem is I own 7000 nearly contiguous numbers, and when you get the telemarketers set up to dial down the K block it can drive our folks crazy. Fortuantely those folks will usually start their spiel, and I can ask for a supervisor and demand the supervisor pulls our number blocks out of the database. Most of them are cooperative when politely threatened.

 

[jerryreeve]

Most of them are cooperative when politely threatened.

What is Politely threatened? Sounds like fun.


----------------------------
JerryReeve
Communications Systems Int'l
com-sys.com

 

[donb01]

Well, in our case, I notify them that we are a medical facility and if someone should happen to die as a result of them flooding our switchboards with calls so no one can get through in an emergency they could have some serious liability on their hands. Then you start (quietly and calmly - don't scream at them) talking about the authorities, the FCC, and other folks that handle complaints about harassment over the phone lines. Most of them actually have people assigned to removing numbers from the database once they are identified as police stations, shopping centers and the like - the more responsible companies research this and pull those numbers ahead of time, and they usually have someone you can fax or E-mail the list of numbers you need removed from the list. You just have to ask to find out where to send the stuff.