I first because interested in finding more about spam text message marketing after receiving a a Debt Settlement Order Unsolicited Text Message and writing about it. When I started writing this article, I intended for it to be a discussion on how they are set up and how they operate, but after reading some of the comments on the original article, I felt compelled to write about the human aspect to this as well.
It started as a mild annoyance – a text message out of the blue from an anonymous source. Immediately I posted an article expressing that, in my humble opinion, that this sort of thing is a scam and a disgrace, which should be rightly condemned, broadly forewarned, and then ignominiously ignored.
Forward-wind three weeks and hit rates for the article are topping 1000 per-day with approaching 50 commenters on each day also. For a small independent blogger such as myself, this was (and is) absolutely staggering.
And then I received a comment which hit me for six:
just got this one today; to apply txt DEBT.2 stop txt STOP +447756209481, I could do with some help just been made redundant. Paul
Suddenly I was struck by humanity of the situation and filled with an acute awareness of the true suffering that some might be feeling.
What if ‘Paul’ was planning for a wedding, or saving for his child’s birthday? What if he had just bought a new house, or spent years on painstaking home improvements only to see it jeopardised?.
Debt is a plight that doesn’t tend to lie in the general public’s compassion sweet-spot. It engenders a perception that somehow an individual has been frivolous, and maybe shouldn’t have bought that 50-inch plasma TV. But in a society where we are openly encouraged to embrace debt, there are inevitably some casualties. When truly desperate people are perhaps are at their most vulnerable, so they clutch at the flimsiest of straws, and there are none flimsier than some of the companies that purport to help with debt relief.
So, when it comes to compassion, a special mention should go to the people at Christians Against Poverty (CAPUK), who I encountered during the course of researching this article. CAPUK are registered charity dedicated helping anyone who seeks their help become debt free. A conversation with one of their counsellors yielded a very generous offer to visit their operations in Bradford, and a lot of very useful information regarding these marketing schemes and how they operate.
Who Are They?
Essentially there are two companies working in this sort of setup.
The first is dedicated to the provision of ‘Leads’ through the spam marketing they provide. These companies have set up the infrastructure to harvest potential customers via spam text. Those that reply are considered fair game, and their details are added to a database to be considered for future bombardments.
The second is the company that acts upon the leads. This is the debt management company, or the accident claims company, or whichever parasite is looking for somewhere into which it can sink its proboscis. They buy the ‘leads’ from the leads company.
Anecdotal evidence from the original blog article comments suggests there are a third, intermediary ‘call centre’, as claimed by one of the operators. I suspect this is bogus, and more an attempt to deflect attention away from the company acting upon the leads.
Telemarketing Leads Companies
I’m sure there are dozens, maybe even hundreds of operators dedicated to the provision of spam text marketing. A Google search for “telemarketing leads” will reveal scores of companies dedicated to “generating leads through telemarketing.”
LeadX (I’ve deliberately omitted the hyperlink) are just such a company. Their website is careful in its wording on how they conduct their business:
LeadX is a company that specialises in data aggregation. Using proprietary software it enables companies to target consumers whose behaviour will ultimately trigger a purchase, even if that purchase is in another market sector.
However their associates are less shy:
Having looked we’re cheaper than the posts on here!!!
We must be doing it right!!!
We are generating DM leads via websites and phone calls specifically engineered around debt management
How did I make that connection? Well, the poster publishes his email address in this other article.
And, not content with basing a whole business model on the concept of harvesting people in the plight of debt, LeadX also made a staggeringly outrageous attempt to claim that it was exempt from VAT by taking it to the United Kingdom VAT & Duties Tribunals! Seeking to deprive the economy of yet more money!
Gladly, they failed, but this sort of action demonstrates how lucrative the business must be to justify the hiring of an indirect taxation specialist.
Debt Management Companies
Although many companies feed off telemarketing spam leads, my focus here is still very much on the debt management companies that do this. There are legitimate and reputable debt management companies out there that provide an fair, honest and valuable service. For me, the measure of their legitimacy has a broad correlation with the level of reticence they have to engage in this sort of business.
As the title suggests, the central issue of the report and our super-complaint is the significant and we believe widespread consumer detriment two related business practices in the consumer credit market:
- Firms cold-calling consumers by telephone and text to promote consumer credit products and ancillary credit services.
- Firms taking upfront fees for credit services, often by persuading customers to give them their banking details, sometimes by taking unauthorised deductions. CAB Clients report getting little or no service in return and are unable to get their money back.
(Further information and advice can be found in this article on the CAB Website).
You do not have to look far to find warnings about accepting help from these sorts of companies. I’d thought i’d share a few links that highlight this:
Simon Read, who writes for the Independent and Daily Mirror newspapers recently penned this excellent article for the Independent: Consuming Issues: Call for curb on rip-off debt and loan firms
However there is a conspicuous opacity to the presence of free forums on the web from which advice can possibly be obtained. I have encountered two that I would personally recommend:
Personal Finance & Money is one of the sites in the StackExchange Inc Network. I contribute regularly to Stackoverflow, another site in their network, and can thoroughly recommend them. As testament to the expertise brought to these forums, you will find two excellently answered questions about this in their network here at Personal Finance & Money, and here at IT Security (asked by me!)
The Legal Beagles Consumer Forum also seems like a great place if you’re looking for help. It was a recommendation from one of the commenters in the original article I wrote. I have no personal experience of this, but looks to be pretty good.
A recent commenter also suggested GetOutOfDebtFree.Org, which offer tempalte letters and simple strategies for lawfully, honestly and truthfully dealing with debt.
How Does It Work?
So, given that we have the companies dedicated to the provision of leads, and the companies that buy these leads, you might be curious to know how the whole operation hangs together.
Being from a technical background, this was central to my original curiosity, so the next few sections delve into a more technical discussion of the setup, which I found to be utterly fascinating, and yet, appalling all at the same time.
My first query surrounded how on earth the companies were able obtain and monitor such a vast array of registered mobile numbers. To do this, it’s useful to understand exactly how many numbers are at their disposal. A standard UK mobile phone number will begin with ’07′ with nine following digits. This translates to a theoretically available numeric range from 07000000000 to 07999999999 – one short of a billion.
Let’s assume that there are one-hundred million allocated and owned numbers in the UK (equivalent to most of the population owning two mobile phones). This leaves nine-hundred million ‘unowned’ numbers going begging. If every ‘unowned’ number in the UK were to send just one text, every ‘owned’ number would receive, on average, nine text messages.
In the spam model adopted by the ‘leads’ companies, one number will be the ‘source’ for hundreds, or possibly thousands of spam texts, scaling the received spam potential for each valid phone user into the tens of thousands (remember, we’re still assuming unrealistically that everyone has two mobile phones!)
But, how do they get these numbers? Well, actually its very easy. There are companies that specialise in selling active pay-as-you-go SIM cards (SIMs that have an associated number). It is possible for a spammer to purchase very large batches on Ebay. At the time of writing these retailed at around £0.40 (40 UK pence) per unit.
The numbers will have a supporting network provider. OfCom (the independent communications industry regulator) actually publish which ranges of number belong to which network provider. (Excel Spreadsheet).
Mobile operators are fairly swift in shutting these down once in becomes apparent they are being used for spam, but their infrastructure is such, that all a company will have to do is ‘plug-in’ a different batch of numbers. It could even be that the company will continue to send out spam text from a number UNTIL it is deactivated.
Apart from being a nuisance, and tricking innocent people into thinking there is a solution to their debt problems, there are two additional consequences of this.
The first consequence surrounds whether or not the blocked numbers eventually being recycled.
If they are then the eventual recipient will end up with a number that was once exposed as having spammed. There are many sites out there (including this one) on which spamming numbers are recorded. Would you fancy your mobile number being cited as being responsible for spam? Not me.
Suffice to say, if the numbers are not being recycled, then we will have an ever-decreasing pool of numbers from which to pick. We may consider the 900 Million or so numbers to be a vast reserve, but if that dwindles sufficiently, then the operators may need to consider adding an extra number in there somewhere. Which, of course, cost time and money to put into effect, and ultimately the people that will be required to foot the bill will be the average customer, us.
Did I mention costs? Well here is the second consequence.
Consider the hundreds of thousands of spam text messages flying around the mobile infrastructure. This infrastructure has been built off the back of investments from the tax payer and the mobile companies themselves (which pass these investment costs onto bill-paying customers).
In the US, the FTC have been fighting to shut down a single operation responsible for sending out in excess of 5.5 Million unsolicited text messages. If you think the network has the capacity to cope with a bit of spam, then consider the impact of dozens of companies conducting the same sort of operation.
Caller ID Spoofing
At this point, I’m hoping you’ll indulge me as I enter a more technical discussion of some of the aspects of the setup.
Let’s define some terms up front:
Caller ID: The term Caller ID (CID) is also referred to as calling line identification (CLID) or calling number identification (CNID). Put simply, this is the bit of information carried with the call that enables the recipient’s phone to display what number is calling.
Like any such piece of information, this can be changed, i.e. faked or ‘spoofed’.
to fool by a hoax; play a trick on, especially one intended to deceive.
Spoofing is a term that IT professionals use to describe a myriad of technological deceptions. Browser Spoofing, where the user gets a browser to pretend it is some other browser, is one of the more common types. Here, we are talking about Caller ID Spoofing, which is a trick is played to make you think that the number on the text message is the number that sent it.
Voice Over IP: Have you ever used Skype, or had a telephone call over the internet? Well, this will have been underpinned by a collection of communications protocols called Voice-Over-IP (or VOIP for short). To use VOIP, you generally register with a provider (like Skype) who will give you an account with a dedicated number which will allow you to connect to their service.
Using that VOIP account, your voice is sent over the internet to the recipient at the other end. In addition to this, it will carry information about the account you are using, specifically, your Caller ID (see above). It is this Caller ID that can be spoofed, and there are numerous applications out there that will let you do this (see Caller ID Spoofing w/ Asterisk).
The difficulty in doing this lies with finding an appropriate provider that will let you use an ID they have not allocated to you. This is tricky in countries that have more mature technological infrastructure and legislation, but much easier in developing counties. India and Eastern Europe are considered hotbeds for this sort of activity.
The spoofing of text (SMS) message sender numbers presents a much smaller hurdle for a would-be spammer to overcome. SMS messages can be sent directly through an SMS Gateway without the need for a mobile phone. An SMS gateway is an opening to the SMS universe. It provides a way of sending a text message with or without using a mobile phone. There are dozens of SMS Gateway Providers, many of which allow the message to originate from the internet (these can be seen by looking at ‘Web-To-SMS Gateway‘ column in the list on the previous link)
To demonstrate how easy it is, you can send an email through the gateway to arrive as an SMS on your phone. This site describes how to do this, and also allows you to send a text to your phone directly from a web page. These providers will be much less rigorous on in enforcing correct Caller-ID notification.
So, how easy is it for a company to put all this in place? The answer is, ‘very’ – you can get someone else to do it for you. Freelancer.co.uk, a small-projects outsourcing marketplace contains projects (see here, here and here) for people setup this very infrastructure with asking prices varying around the range £100 to £2000. Even the latter of these two is a not a significant outlay when compared to the ‘rewards’ that the spammer will reap.
The human impact of all is the first and most important consideration. It is no accident that appropriate precedence has been accredited by discussing at the very first instance. However, there are other factors worthy of note.
Very much secondary to the human impact (but still relevant) is the economic one. In a time of austerity, where the everyday person is being squeezed for every penny, the presence of parasitic debt management companies only serves to syphon more money from the economy.
Economists sometimes talk about Marginal Propensity to Consume. Put simply this, means that the richer you are, the smaller proportion of your wealth you are likely to spend. Any extra income received by the less affluent will be noticed, appreciated and most likely spent, whilst the richer are less likely to notice it, and less likely to subsequently feed it back into the economy.
When bogus debt management companies take money from the very poorest, and line their own pockets, they, in effectively suck money from the economy. When times are hard, so they will seek to keep them hard.
Legislation against this sort of practice is essential. The United States has introduced legislation to make the spoofing of caller-ids illegal. It is something called the Truth in Caller ID Act, and more information can be found in this article and this article. Caller ID spoofing has a much broader implication than simply these spam marketing tactics. It has also been complicit in facilitating prank calls, attempted privacy invasions and phishing attacks.
There is concern that the Truth In Caller ID Act penalises those that use these techniques legitimately, for example, businesses that would like to present common call centre number when calling, regardless of the internal extension from which their operator may be calling. For me is this is easily solved by adding a clause that allows firms to demonstrate their use of Caller ID spoofing is legitimate.
Any legislative changes in this area should encompass SMS gateway providers as well as network operators.
In addition, I would suggest the following legislative and regulatory changes:
1) Make illegal the practice of marketing by cold calling and spam text messaging.
2) Large batches of numbers can only be bought and sold by licensed and regulated operatives.
3) Make it illegal for anyone to charge up-front for helping to resolve debt.
4) Make it illegal for anyone to charge more than a certain percentage for managing an individual’s debt, and make it illegal for any debt resolution fees to be paid as a lump sump as the burden of the debt.
5) For all debt management companies, rigorously enforce the principle of Treating Customers Fairly (TCF). Force the companies to recommend that individuals seek free, impartial and independent debt advice. Also, enforce Money Laundering compliance and checking, and the provision of documented Data Protection training for all staff working at these companies. Fundamentally, bring these organisations under the most scrutinous rigors of the Financial Services Authority.
I hope you have found this interesting/informative/both. Feel free to comment or correct.