←back to thread

USPS text scammers duped his wife, so he hacked their operation

(blog.smithsecurity.biz)
460 points wglb | 1 comments | 08 Aug 24 23:00 UTC | HN request time: 0.214s | source
Show context
prmoustache ◴[09 Aug 24 11:47 UTC] No.41200920[source]
we need a new phone/text messaging infrastructure that prevent number spoofing AND force operators to filter out scams attempts.
replies(5): >>41201031 #>>41201400 #>>41201842 #>>41201969 #>>41203375 #
athenot ◴[09 Aug 24 13:50 UTC] No.41201842[source]
We have a lot of progress under the form of STIR/SHAKEN. Now it doesn't prevent all types of spoofing but it makes the calls traceable back to the originating carrier.

What happens is scammers get numbers with small carriers who interconnect with major ones. Eventually the reputable carriers notice spam from these smaller carriers and start dropping their calls (or banning them altogether). So the smaller carriers decide whether they want to see their legitimate traffic dropped or just ban the offending users (which is eventually what ends up happening). Scammers end up hopping to a different carrier so it's a cat-and-mouse game, but it's a lot more expensive to play now than it was with simple number spoofing.

In parallel, numbers are starting to get reputations attached to them, similar to IP addresses. Some filtering takes advantage of that.

Of course, spearfishing can continue unimpeded with someone buying a prepaid cell phone and using that to call a specific target. :(

https://transnexus.com/whitepapers/understanding-stir-shaken...

replies(1): >>41204504 #
1. kelnos ◴[09 Aug 24 19:07 UTC] No.41204504[source]
STIR/SHAKEN is only for calls, though, not SMS/MMS. Messaging is a giant hole, there...