1. trindflo Silver badge
    Flame

    Vuck Vishing

    Phishing is using phony pretexts to socially engineer people into giving out private information, often allowing an attacker access to the victim’s computers and finances. Vishing is doing that with voice: generally a phone call.

    We’ve all received them. People offering to update the insurance on a car that doesn’t exist. Warnings about an Apple device we don’t own.

    The problem is that it is not easy to track down the e-Creeps doing it, and it would take a lot more of your time than the criminals if you did choose to track them down. In fact, the business model for vishing relies on the resignation of people that are not fooled by the calls who simply hang up or not answer. Those calls go really quickly, which is perfect for the people doing the vishing. They don’t have a financial incentive to talk to people who can’t be fooled or frightened. Vishers want to spend their time with people they can extract value from – the fish they get on the line.

    Vishing has also been given legal windfalls. Police, the courts, and governments have adopted the attitude that vishing is no more serious than beggars. If a beggar asks you for money and you refuse, what’s the problem? If you decide to do business with the beggars, that is your business. And now the business of vishing has lobbyist to make certain no official body will stop this.

    I want to wreck this business model. I propose to do this with a consumer level tool: a “Voice-Using Criminal Kill” box; let’s call it a “vucker”.

    A vucker should do a few things:

    • make it more difficult for vishers to get calls to victims

    • make it take more time to establish a victim is not a good target.

    • Empower people using the vucker (make it fun) to encourage its use

    • Make it as cheap as possible

    The simplest such phone app or device is an answering machine. The downsides are you won’t know if you have received a phone call you want, and you still have to listen to at least part of the message to know if it is garbage.

    What I would add to an answering machine is a prompt. The caller would be asked to type in a random four digit code. With a random bit of music in the background (to foul up electronic voice recognition), the caller is asked:

    “Hello, your call is important to us. To make sure your call is directed properly, please dial your parties four digit extension. If you do not know the extension then dial 3351 (a random code)”.

    The message is made unnecessarily long to waste the caller’s time. There is no four digit extension to call, only dialing the random number specified in the message will allow the caller to actually ring the phone.

    This accomplished a few things:

    • The visher is blocked from annoying the victim ideally.

    • Assuming voice recognition is possible at all, the expense at least has gone up. The visher can no longer use a simple robocaller machine to get to the victim.

    • The message adds time to the call, reducing the robocall efficiency.

    Next comes the fun part. Allow users that feel so inclined to attempt to waste more of the visher’s time. With optional settings, let the vucker annoy the visher. And if desired, play the process audibly and/or record it.

    Most vishing calls ask you to press a key on your phone to be connected to a representative (a manipulative creep who attempts to socially engineer the victim into something). Usually pressing any key will do.

    So optionally have the vucker send the sound of a telephone key being pressed. After that, occasionally play messages to the visher that sounds like an elderly person who is hard of hearing. Continue this until the visher hangs up.

    Make records of this easy to upload to YouTube.

    Sell the units as close to cost as possible; it should be little more than an answering machine. It should be possible to implement this with a cheap raspberry Pi.

    Develop a community around the use of the device: stage forums and user supplied annoyance messages. Request nominal participation fees; some people will agree. Use some of the funds to enhance the device.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon