Tag Archive for FTC

FTC Puts an end to “Robocalls” tomorrow

Ever get one of those automated phone calls with the taped (okay, recorded) voice? Most of the time its telling you about something you have no interest in, and you can tell right away you’re not interested, and now you have the added aggravation as you realize the “person” at the other end doesn’t even want to talk to you about it personally.

Well, many, many, many of those calls become history today. Sept. 1 marks the end of the pre-recorded telemarketing “robocall “.

The Federal Trade Commission** said it is banning “robocalls” to consumers, unless the telemarketer has “written permission” from a customer that they want to receive these calls. (Ooo! Ooo! Sign me up, please! …Not!)

Now, perhaps you noticed, I said “many” and not “all”. Did you see that? No? You didn’t? … Oh … you did? Yeah, well, don’t worry, there’s no catch, … really. There will be some automated calls that are allowed without written permission. For example, informative calls like flight cancellations, prescriptions from your doctor or pharmacist, delivery notices, and debt collectors calls will be allowed.

Hmm. I can happily live with the first three, but can I opt out of the last one? (Probably not).

Franly, there are a lot of other annoying calls that are still permitted, and those also include calls from politicians, charities, banks, insurers, phone companies, and survey calls. Why aren’t they banned, too? Because this is an FTC or Federal Trade Commission ruling, and not an FCC or Federal Communications Commission ruling. The FTC deals with trade and sales, not communications. Since the latter calls aren’t selling anything (at least not for money) they they aren’t part of the FTC’s jurisdiction.

Rats! What a difference one letter makes.

By the way, this kinda does away with the do-not-call list, and as of tomorrow no one should be receiving these “most” of these calls anymore; and if you do, now you can file a complaint with the commission at www.FTC.gov or by calling 1-877-FTC-HELP. Under the new rules violators can expect to pay a $16,000 fine.

Loophole: This doesn’t put an end to annoying “live” calls. The robots may have lost some jobs here; but humans are still permitted to pick up the phone and personally annoy their fellow man (or woman).

** Think about who put this out. It’s important later.

Spam Fighting Update

My blog post titled “I’m Fighting Acai Berry Spam Today” from August 14, 2008 is the 4th most read post on Skylarking. It has received a fair amount of commentary since April of this year. The comments have lead me to add an update to the post to clarify the intent and purpose of the article:

This post is about spam in general, using Acai Berry spam as an example. I aim to (1) illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track.

So my point is that spam is often associated with a web site, and discrepancies between a web site and an email message can often help determine the validity of the email and/or the site.

You can read the updated post and comments here.

Thanks to everyone who has commented, and added their thoughts, ideas, and knowledge concerning the subject. And thank you for leading me to elaborate further. I look forward to hearing more comments and thoughts on the subject.

Free Credit Report Scams

Seen those catchy FreeCreditReport.com ads? Pretty funny, eh?

The funny part is that although it is there to allow you to see your credit report from the top three credit reporting agencies — Experian, Equifax, and TransUnion — the site is actually owned by Experian. So once you go there you will be exhorted repeatedly to sign up for one of their pay services.

On Friday, March the unlucky number day, I was surfing the Federal Trade Commission’s (FTC) web site looking for scam alerts, and I found out the following

AnnualCreditReport.com is the ONLY authorized source to get your free annual credit report under federal law.

AnnualCreditReport.com

AnnualCreditReport.com

Pretty interesting. It’s AnnualCreditReport.com, and not FreeCreditReport.com. The Fair Credit Reporting Act guarantees you access to a free credit report from each of the three nationwide reporting agencies – Experian, Equifax, and TransUnion – every twelve months.

The Federal Trade Commission has received complaints from consumers who thought they were ordering their free annual credit report, but instead paid hidden fees or agreed to unwanted services. Don’t be fooled by TV ads, email offers, or online search results. Go to the authorized source when you request your free report.

So if you’re looking for a real free credit report start by:

AnnualCreditReport.com even has their own commerical spot which pokes fun at the better known FreeCreditReport.com ads.

Best Way to Check Your Credit Report
The Fair Credit Reporting Act entitles you to a free credit report from each of the three credit reporting agencies every 12 months. Most people order all three at once, but a better approach is to spread them out or stagger them. That is, don’t get them all at once; instead, order one from one agency in January, then from a different one in May or June, and then from a different one in September or October. Then when the new year begins you can repeat the process. This allows you to montior your credit report all year round.

No matter how you request your report, you have the option to request all three reports at once or to order one report at a time. By requesting the reports separately, you can monitor your credit more frequently throughout the year.

Why should you request a credit report?
Because the information in your credit report is used to evaluate your applications for credit, insurance, employment, and renting a home, you should be sure the information is accurate and up-to-date. In addition, monitoring your credit is one of the best ways to spot identity theft. Check your credit report at least once a year to correct errors and detect unauthorized activity.

What should I look for when I review my credit report?
If you see accounts you don’t recognize or information that is inaccurate, contact the credit reporting agency and the information provider. For more information, read the FTC’s tips on how to dispute credit errors.

Lastly, if you suspect identity theft, you may need to place a fraud alert on your credit report, close compromised accounts, file a complaint with the FTC, or file a police report. Start by visiting the FTC’s identity theft website.

Check back here at Skylarking for more scam info. Next up: Free Government Grant and Economic Stimulus Scams on TV and Online. You can also watch the FTC news conference on these scams which was recorder earlier this month.



Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

33 percent of all spam ended yesterday

Sort of….

The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang  by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.

The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day.  Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers.  The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.

If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.

The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US.  Many of the drugs being sold had harmful side effects.

The FTC’s investigation aginst this organization had been ongoing for over 2 years.

Here’s a bio about HerbalKing from Spamhous spamfighting organization:

HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.

HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )

There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.

Read more at the FTC‘s web site; the NY Times; and the ars technica web site.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

I’m Fighting Acai Berry Spam Today

Clarifying the
Meaning of Spam

The term spam refers to email that has the purpose of promoting and selling a product or service. Furthermore, the email message has to be from an organization or individual that you didn’t request information from, nor did you tell them that it was okay to contact you. The FTC defines spam as “unsolicited commercial email” or “UCE” for short. If you tell a company it’s okay to send you email, then that applies to all email from that company unless otherwise specified.

FTC Law, Commercial Email:
CAN SPAM ACT 2003

  • Bans false or misleading ‘Header’ information. The “From” and “To” info must be accurate.
  • Prohibits deceptive “Subject” lines. The subject must match the content of the message.
  • Message must have an “opt out” or “unsubscribe” method. The link must
    be good for 30 days, and must be honored in 3 business days. (Previously 10 days
    was the allowance, but this changed in July 2008)
  • Message must list a legitimate physical address. The sender cannot register the address under an assumed name either.
  • Message must clearly state that it is an advertisement.

Update and Clarification (May 6, 2009):  This post is about spam in general, using Acai Berry spam as an example. I aim to (1)  illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track. (Read my “Spam Fighting Update”).

The original article begins here:

I hate spam.

I mean I really hate spam.  I don’t just delete it, I report it. I send it to the FTC’s spam@uce.gov email address so they can record it. If I get really bothered about it, I contact the company that registered the name for the owner of the email address and let them know that someone is using their service for spamming.  A lot of decent companies don’t like to hear about that.  It can hurt their law abiding users. How’d you like to learn that your emails don’t go through because someone on the same service as you was spamming, and getting everyone else blocked because of it?

For about two weeks now I’ve been receiving emails claiming to be from the “American Health Association” telling me how to lose weight with various products made from Acai Berries. After clicking unsubscribe links (when available) and deleting, I began to “get testy” when they continued rolling in. So I started fighting back.

The Law Is On Our Side

Let’s see what laws and such are on my side and yours here.

  1. Web and email addresses have to be registered to an owner or registrant. It is illegal to do so under an assumed name.
  2. Commercial messages (they wanted me to buy these berry products) must by law contain truthful addressing info both in email and in the physical world. And, once more, no assumed names are allowed. A physical address must be included.
  3. Many other nations have teamed up with the US to fight spam, so even if these spammers aren’t in the US, the country they live in may work with the US to fight spam.
  4. Many reputable internet and email services will not allow their clients to use their systems for the delivery of spam.

How did I fight back?

The Registrant / Owner of the Email Address. If the message was from the “American Health Association” then its email address — according to my Google search — would be either “@ahahealth.com” or “@americanhealthfoundation.com”.

Instead the email addresses pointed to “@brightbat.com” and “@prodemosite.com” among others. So there’s an FTC violation for false or misleading header information.

Want to know the registrant/owner of an “@whatever.com” address? Just go to Google and search for “whois whatever.com”. There’s no space in whois, and don’t include the quotation marks either. So I did a search for whois brightbat.com and whois prodemosite.com. Both came up with private or anonymous listings, they were both registered through the same service and one was registered just yesterday (a one day old address) and the other was registered in mid July.  Go to Google and try searching for them yourself. Oh, heck, here’s the direct link to brightbat’s listing and here’s prodemosite.

Also, the addresses were registered through a company in the UK, and the UK works with the US to fight spammers.

I contacted the private registration service, PrivacyProtect.org, and reported the owners of these two addresses. Privacy Protect will reveal the registry information if they deem it appropriate. I let them know the owners of these addresses were sending spam messages in violation of the provisions of the FTC’s CAN SPAM Act. I also forwarded copies of the emails to them at abuse @ privacyprotect.org.

What Other Violations Were In Those Emails?

You can follow along with the violations by taking a look at the legal requirements for commercial email messages listed in the yellow box at right. Several people have received up to three or more years in jail for violating these laws.

Back to the Acai berry violations:

  1. Along with the misleading email names (claiming to be the AHA when they weren’t), they also
  2. failed to mention the messages were advertising
  3. failed to include a postal address
  4. In several cases they failed to include an unsubscribe link, and in some cases the link didn’t work. All violations.

What Else Did I Learn?

The people at PowerSupplements, a manufacturer of Acai berry products wasn’t to thrilled to hear about the Acai berry spam. That was according to a report at SpamFighter.com, a provider of spam filtering software at www.spamfighter.com.

So if you decide you’d like to join the fight against spam you can follow my lead.

  1. Look for the same violations I looked out for.
  2. Forward spam to the FTC at spam@uce.gov.  (UCE stands for unsolicited commercial email).
  3. Want to go the extra mile? Go to Google, and do a whois search on the email address it came from.  Just use the part of the address that comes after the @ symbol, don’t use the whole address. Then find out where the reistered the address. For example, whois brightbat.com. Then find out who the registrar is and let them know a user of their service is sending out spam.

If anyone has a question, please email them to me using the Contact link, or, if it relates to today’s message, please use the Comment and Question link below. Follow me on Twitter. I’m looking forward to hearing from you.


One More Way to Deal with Spam — Unsubscribe

Another way to deal with spam or “Unsolicited Commercial Email (UCE)” is to use the required Unsubscribe link all the way at the bottom of the message.

“I Don’t See an Unsubscribe link?”

Then the “spammer” has violated the CAN SPAM Act which also requires an “Unsubscribe Mechanism” in every commercial email message. Forward the message to the Federal Trade Commission (FTC) at spam@uce.gov. You’ll find the “Forward” button on the same row as your “Reply” button.

“I Clicked Unsubscribe, But I Got an Error Message”

That’s another violation for the spammer. There must have an electronic Internet based method of unsubscribing, and it must be functional. Forward the message to spam@uce.gov.

“All This Forwarding, It’s Too Much For Me”

Fair enough. Some email services have a “Spam” button. If you are currently reading the spam message, just look for a button labeled “Spam” or “Junk” and click it. The email address for that message will be added to a spam filter and blocked. Just be sure you don’t want to hear from that person again.

“I Tried All This, and I Got Another Message From The Same Sender”

If you used the Unsubscribe option, then the sender was required to remove your email address within three business days. They’re just looking for trouble, aren’t they? You can now take a few minutes to file a complaint with the FTC using the “FTC Complaint Assistant”. It’s also available in Spanish. Plus they have a special service, Military Sentinel, designed for complaints from members of the Armed Forces and their families. Your tip might just be the one that helps send another spammer to jail.

Read more about the FTC Complaint Assistant.

Related Articles

Please post a Comment or Question with the link below. You can also keep up-to-date with Skylarking by Subscribing by Email or by RSS Newsfeed. You can also respond by email at info @ skylarknetworks.com. I’ll do my best to answer your question either here on Skylarking or by email.


The FTC Complaint Assistant

One handy feature on the FTC web site is the FTC Complaint Assistant from the Bureau of Consumer Protection. I often mention it in my discussions on spam, but it can be used for any of the other following problems:

  • Advertising Practices protects consumers by enforcing the nation’s truth-in-advertising laws, with particular emphasis on claims for food, over-the-counter drugs, dietary supplements, alcohol, and tobacco and on conduct related to high-tech products and the Internet, such as the dissemination of spyware.
  • Financial Practices protects consumers from deceptive and unfair practices in the financial services industry, including protecting consumers from predatory or discriminatory lending practices, as well as deceptive or unfair loan servicing, debt collection, and credit counseling or other debt assistance practices.
  • Marketing Practices leads the Commission’s response to Internet, telecommunications, and direct-mail fraud; deceptive spam; fraudulent business, investment, and work-at-home schemes; and violations of the Do Not Call provisions of the Telemarketing Sales Rule.
  • Planning & Information collects, analyzes, and makes available to law enforcement consumer fraud, identity theft, and National Do Not Call Registry complaints; assists in the distribution of redress to consumers; and provides cutting-edge technological investigative and litigation support.
  • Privacy and Identity Protection safeguards consumers’ financial privacy; investigates breaches of data security; works to prevent identity theft and aids consumers whose identities have been stolen; and implements laws and regulations for the credit reporting industry, including the Fair Credit Reporting Act.

You can file a complaint with the FTC in just a few minutes. It’s available in English and Spanish. Plus they have a special link to Military Sentinel, which is specially designed for complaints from members of the Armed Forces and their families.

Please post a Comment/Question with the link below. You can also keep up-to-date with Skylarking by Subscribing by Email or by RSS Newsfeed. You can also respond by email at info@skylarknetworks.com. I’ll do my best to answer your question either here on Skylarking or by email.