[VoiceOps] FCC RMD Naughty List

Mary Lou Carey marylou at backuptelecom.com
Wed Dec 11 18:35:45 EST 2024 

You certainly don't have to heed the cautions I recommended. Just know
if you're on the list you have 14 days to respond to the FCC and you
don't have to file the information publicly. You can submit the
information that you don't want public confidentially. 

As for the attack vector, I'm just telling people what happened because
its a new scam that may not get picked up by your fraud detection
software. In the situation I dealt with, the scammer used the
information gleaned from the RMD to impersonate the target company's
employees. They created an account that was one or two letters off the
correct contact information provided on the RMD for that company. Then
the scammer contacted the upstream provider and requested they make
changes to the target company's IP addresses. 

The scammers were also impersonating the target company's sales people.
Offering products that are not legal in the US under the target
company's name with an account that is one or two digits off the real
contact information. So if someone has an upstream carrier that signs
their calls with their token, you could be getting hit with trace backs
that aren't really yours.   

If there's one thing I know its that scammers are highly creative and
persistent. If one door is closed, they'll create another. 

MARY LOU CAREY 
BackUP Telecom Consulting 
Office: 615-791-9969 
Cell: 615-796-1111 

On 2024-12-11 11:30 AM, Dave Russo via VoiceOps wrote:

> I believe the concern about listing a company's upstream carriers is overstated. There simply aren't as many carriers as there used to be, and businesses have consolidated who they terminate calls to due to S/S. This simply isn't a commonly exploited attack vector. Even if someone tried, it would be noticed and addressed within a few hours. We work with a core set of about 10 carriers that legitimate providers and our competitors and other players in the market typically use, and this information isn't top secret. I understand you've seen this happen, but of all the risks we face as providers, I'd rank this one at the bottom of the list. 
> 
> -dr 
> 
> On Wed, Dec 11, 2024, at 10:11 AM, Mary Lou Carey via VoiceOps wrote: 
> 
>> I am so sorry....I just realized that I said to file the 499 confidentially. Its not the 499. Its your Robocall Mitigation Plan that you need to file confidentially because they ARE asking for upstream carriers and additional contact information. That requirement was added this year.
>> 
>> MARY LOU CAREY  
>> BackUP Telecom Consulting  
>> Office: 615-791-9969  
>> Cell: 615-796-1111
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241211/37ccf8f4/attachment-0001.htm>

More information about the VoiceOps mailing list