back to article Ten nations tell social media, banks, and telcos to get better at stopping scams

The governments of ten nations have called on social media operators to improve their ability to detect and prevent fraud from flourishing on their platforms. The call came in a communiqué issued in the wake of the Global Fraud Summit – a meeting attended by reps from Australia, Canada, France, Germany, Italy, Japan, New …

  1. Headley_Grange Silver badge

    Hard Way that will never work: tell social media, banks, and telcos to get better at stopping scams.

    Easy Way that would work very quickly: change the law to make social media, banks, and telcos jointly and severally responsible for all losses suffered by members of the public who are scammed via social media, banks, and telcos.

    1. Michael Hoffmann Silver badge

      you forgot:

      ... responsible at the C- and board-level. With jail time.

    2. Patrician

      You don't think that the end user bares some responsibility for allowing themselves to be scammed?

      1. ComputerSays_noAbsolutelyNo Silver badge

        Maybe some, possibly; but the big corps aren't off the hook.

        If everyone would drive in a sane, non-aggressive manner, we could do away with all traffic regulation.

        Guess what, they're there for a very good reason.

        1. Patrician

          It's not quite the same thing though; people do things online that they wouldn't dream of doing in real life, such as happily handing over bank details to a total stranger.

          The TV show, Hustle stated "you can't con an honest person"; but some still think that something that looks too good to be true is, indeed, true; and get scammed.

          1. Jedit Silver badge
            FAIL

            "Hustle stated "you can't con an honest person""

            Do you have to be dishonest to fall for one of the conmen who call up pretending to be from your bank, or from Microsoft tech support? No. But it happens all the time.

            Hustle is a TV show and should not be confused with reality, particularly when it spreads disinformation.

        2. very angry man

          Irony

          Recently I tried to report a scam site, in the wonderful land of Oz, there's only one place to report scams, the federal police, there response was that if it was only a non government scam, to piss off and that they would prosecution me for wasting there time, so as an Oz person this big monthed poly can just get on his govt supplied unicorn and fug off

          1. David Newall

            Re: Irony

            I tried to report a telephone scam where they fake somebody else's number. It's a federal crime Australia's Federal police told me it was too widespread so they couldn't do anything. I said they could start with one instance and they'd certainly sweep up a whole gang. They wouldn't.

            I'm so glad we live in an age where pathetic people like that are no longer called pigs.

      2. cookieMonster
        Joke

        Unfortunately stupid is not yet illegal, in fact it seems to be actively encouraged

      3. brett_x

        You must not have aging parents, or be one yourself.

        Scammers are getting better and people are still using technology as they age now. As they age, they don't always retain their defenses. I've seen this first hand on people who would not have fallen for such a thing just a year prior. It can be absolutely devastating (it wasn't in this case). I truly hope it doesn't happen to anyone you know. But just be aware that it absolutely can.

    3. Sam not the Viking Silver badge

      Presumably, the platforms make money from these scams and so benefit from fraud. It's not difficult to imagine that they have no interest in preventing it. Quite the reverse.

      Of course they could do more to prevent it and they should.

      1. Edwin

        Of course they do

        Any time you report a clearly fake user profile on Facebook they'll refuse to act because more impressions is more money.

        And if you spot a scam ad on Youtube, there isn't even a mechanism to flag it because Google is getting cash direct from the scammers.

    4. Phil O'Sophical Silver badge

      make social media, banks, and telcos jointly and severally responsible for all losses

      All losses? It's not that easy, for several reasons.

      Many of these scams work because greedy or stupid punters are willing to ignore the "if it looks too good to be true" rule in the hope of making a quick buck. If you buy a too-cheap Rolex from a guy down the pub, and it turns out (surprise!) to be a fake, should the publican be required to reimburse you? Why should the honest, sensible, customers of those businesses be on the hook to bail out all the dumb ones? Make no mistake, if a bank has to pay out compensation that money won't come from the bank, it will come from the bank's customers, which after all is where the bank gets all its money.

      There's also the risk of unintended consequences, if people get used to the idea that they will always be bailed out when they do something stupid there's a risk that they will be more careless about scams: "It might be a scam, but who cares, I can't lose either way". There still needs to be some level of personal responsibility involved, even if that's not very trendy in these nanny-state days.

      If there's negligence on the part of the bank or other platform then by all means make them pay, but it can't be a blanket rule.

      1. cookieMonster
        Pint

        Upvoted and have a pint (or two)

      2. Jedit Silver badge
        Stop

        "If you buy a too-cheap Rolex from a guy down the pub..."

        "... should the publican be required to reimburse you?"

        Of course not. But if the publican has been told that there's a guy in his pub selling suspicious watches and he does nothing about it because he's taking a cut, then it does become his responsibility because he's complicit.

        Facebook advertising is no different. Facebook is the pub, their advertisers are the dodgy guy. Facebook are not to blame for the actions of any individual advertiser because everyone is innocent until proven guilty, but it is on them to hold their clients to a reasonable standard after accepting their money and it is on them to police their platform when complaints are received. If they instead allow obvious scammers to rip off their users, then they are as complicit as our shady pub landlord.

        1. Headley_Grange Silver badge

          Re: "If you buy a too-cheap Rolex from a guy down the pub..."

          Not only is the publican taking a cut, but the fact that Telcos allow scammers to spoof the banks' telephone numbers is like Rolex providing authentication papers for the watch.

      3. Headley_Grange Silver badge

        "Many of these scams work because greedy or stupid punters are willing to ignore the "if it looks too good to be true" rule in the hope of making a quick buck."

        No they don't. The main money is made when someone calls you from you bank's phone number and tells you that someone's got access to your accounts and you've got very little time to send your money to a special secure account set up by the bank before you lose it all. They tell you to hang up and call the bank's number on the back of your bank card to prove it's not a scam call, but they don't hang up so if the scammer makes the right noises they person being scammed believes they are through to the bank when in reality you're still on the line to the original scammer. The Telcos facilitate this - they allow spoofing of numbers and they have a phone system that doesn't let one side of the call hang up (in the UK). If the Telcos were made responsible for all losses (including consequential) then they'd close these two holes so fucking fast it would make your eyes bleed.

        1. Anonymous Coward
          Anonymous Coward

          you've got very little time to send your money to a special secure account set up by the bank before you lose it all.

          If you're dumb enough to believe that, it's at least partly your own fault if you lose the money. Why on earth would a bank, which has full control over your accounts, ask you to move the money yourself, in a hurry?! If it's that urgent, they would simply freeze your account, and move the money themselves. Then they'd phone you.

          Also, the "don't hang up & spoof dial tone" trick only works on a real landline, not a mobile or VoIP phone, so will soon be a thing of the past anyway.

        2. Anonymous Coward
          Anonymous Coward

          they allow spoofing of numbers and they have a phone system that doesn't let one side of the call hang up (in the UK). If the Telcos were made responsible for all losses (including consequential) then they'd close these two holes so fucking fast it would make your eyes bleed.

          Both of those exist for a reason.

          Remember that Caller ID is a presentation service, it is designed to allow the caller to present a number of their choice to the called party. That is often a switchboard number, or an 800 number, so there may be a good reason that it isn't the caller's actual number, and the telcos are unlikely to remove that functionality. The network still has the "real" number available, for billing purposes, and with suitable permissions (police warrant, 999 operator, etc.) it can be obtained. This obviously only applies for calls within the same network, no telco has control over signalling information sent from another network, they have little choice but to believe it. That's why these scammers work from international locations like India.

          As for the ability to terminate the call by the recipient ("called party clear"), the original mechanical telephone network design had to choose which end would control the call, since there was no separate signalling network to send a cleardown signal to the other end. Logically the caller, who is paying for the call, was given control. People got used to that, you could answer a call on one phone, then hang up & pick up an extension to continue it in another room. With the advent of electronic exchanges and SS7 signalling it was no longer mandatory, but until recently there was no good reason to break a functionality which had been useful for decades, so even when the called party hung up the line would remain open for 2-3 minutes. The growth of scam calls changed that, and about 10 years ago BT changed the system so that by default a call will clear 10 seconds after the called party hangs up, and they are considering reducing that period. Again, once you cross networks (more common now that there's no monopoly supplier) things get complicated, since you're relying on the caller's network correctly handling the signaling message.

          At the end of the day the best approach is common sense. Does what the caller is asking you to do make sense? If not, don't do it.

          1. IGotOut Silver badge

            Your partly right about caller ID but it can very, very easily enforced.

            All numbers have to have an underlying bearer number. Some telcos INSIST that your "spoofed" number lies on top of your carrier number block.

            E.g. 0800 123 123 must be presented on the companies bearer number e..g 01234 000 - 999.

            This is no different on VoIP using asserted ID and source IP.

            It would be trivial for telecoms companies to say drop all presentation numbers not on a valid bearer for financial services.

            1. Anonymous Coward
              Anonymous Coward

              It would be trivial for telecoms companies to say drop all presentation numbers not on a valid bearer for financial services.

              Even if coming in on an international trunk? How would they know the correspondence between presentation & bearer is correct?

  2. Pascal Monett Silver badge

    "making it easier to recover money lost to scams"

    I don't know what is going on on social media, I don't have any account. But, here in France, there is a platform called LeBonCoin (the Good Corner) that allows people to sell stuff they don't want any more. It's basically a nation-wide garage sale. Prices are reasonable because it's not Ebay, so people who want to gouge find their offerings languguishing.

    But the important part is since LBC integrated a secure payment system. It's not secure as far as banks are concerned (well, not any more than elsewhere), it's secure as far as the user is concerned. When I purchase an item on LBC, I can use its payment system or I can pay directly. If I choose LBC's system, I pay the money to LBC. LBC then notifies the seller that the money has been paid and the seller can send the item. When I receive the item, I notify LBC which then releases the money to the seller.

    If I'm the one selling, the system works in reverse, of course.

    There is obviously the case where the buyer lies about receiving the item, I don't know what LBC does about that but, when I am selling via LBC, I am specifically encouraged to send the item with postal trace - so I'm guessing if the buyer tries to stiff me, LBC will contact La Poste and get the record of that item.

    In any case, I've never heard of wiespread problems or scams on LBC. I think the payment system has a lot to do with it. Maybe that sort of system should be widely copied on other platforms ?

  3. Eclectic Man Silver badge

    Moneysavingexpert vs FaceBook

    There were lots of scams on FB purporting to be financial advice from Martin Lewis the creator of the MoneySavingExpert web site. They used his name, his photograph and claimed to provide services approved by him. It took him ages to get FB to take each one down. He reckoned that as any site purporting to be from or approved by Mark Zuckerberg got taken down pretty much immediately, FB had the technology, but just was not interested in using it to protect users. He even sued them, but eventually settled out of court:

    https://news.sky.com/story/martin-lewis-settles-lawsuit-against-facebook-over-scam-ads-11615288#:~:text=The%20MoneySavingExpert%20founder%20took%20the,abusing%20his%20name%20and%20image.&text=Martin%20Lewis%2C%20the%20founder%20of,featuring%20his%20name%20and%20image.

    "Martin Lewis, the founder of MoneySavingExpert.com, has dropped his lawsuit against Facebook for running scam advertisements featuring his name and image.

    The entrepreneur had lodged papers against the social media giant in the High Court last year, telling Sky News the legal action was the result of months of frustration with scammers piggybacking on his reputation and preying on Facebook users with get-rich-quick scams.

    Mr Lewis, who was given an OBE in 2014, said he was aware of a woman who had lost £100,000 as a result of a bogus advert featuring his face."

    1. cookieMonster
      Joke

      Re: Moneysavingexpert vs FaceBook

      Yeah, but £100,000 is just a sushi lunch for Mark, no big deal

  4. Anonymous Coward
    Anonymous Coward

    It all starts with an URL

    Make domain registration slow and difficult. Except some cheap dev domains forbidden to link/ads of top social networks. Also blacklist all "fast" or "unfriendly country" top level domains from ads and add warnings to such links in posts/comments of top social networks. Make email providers and search engines show a warning for links to young or never seen domains.

    When have you last seen a high quality top level domain site used for scam?

  5. navarac Silver badge

    Apologies

    Apologies to those with Indian subcontinent accents, especially from Virgin Media, but as soon as I hear an Indian accent, I put the phone down. If it isn't a scam, it is generally telemarketing trying to gouge more money by upping the package. They can use snail mail to me for that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like