OT: A Rude Awakening

Not long ago, Dr. SJ (for those unaware, that would be my darling wife, who prefers that her real name not appear anywhere on the internets) gave a medical equipment vendor a fax number to send some paperwork.  As she was home at the time, she gave out our home fax. Big mistake.

We have been getting mid-night faxes from a scam business loan operation, night after night. Yes, it violates the CAN-SPAM act of 2003, 15 U.S.C §7701 et seq., but so what?  The operation, traced back to its roots based on a website found at the BBB (communitybf[dot]com), appears to be out of Panama, or Russia, China or a million other places, but otherwise provides a phony telephone number and address.

Domain Name: COMMUNITYBF.COM
Creation Date: 2013-04-29 17:59:00Z
Registrar Registration Expiration Date: 2015-04-29 09:59:00Z
Registrar: ENOM, INC.
Reseller: NAMECHEAP.COM
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: NA
Registrant Country: PA
Admin Name: WHOISGUARD PROTECTED
Admin Organization: WHOISGUARD, INC.
Admin Street: P.O. BOX 0823-03411
Admin City: PANAMA
Admin State/Province: PANAMA
Admin Postal Code: NA
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: 
Tech Name: WHOISGUARD PROTECTED
Tech Organization: WHOISGUARD, INC.
Tech Street: P.O. BOX 0823-03411
Tech City: PANAMA
Tech State/Province: PANAMA
Tech Postal Code: NA
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: 
Name Server: NS1.IPCHINA163.COM
Name Server: NS2.IPCHINA163.COM

Name Server: NS1.IPCHINA163.COM (has 632 domains)

NS2.IPCHINA163.COM (has 632 domains)

Whois Server: whois.enom.com
General TLDs: Communitybf.comcommunitybf.com whois (registered and active website)
Server Type: Apache
IP Address: 141.105.67.87          Reverse-IP |          Ping |          DNS Lookup |          Traceroute
Whois Server: whois.enom.com
ASN: Russian Federation AS49335         NCONNECT-AS Navitel Rusconnect Ltd         (registered May 20, 2009)
IP Location: Russian Federation         – Moscow City         – Moscow         – Mir Telematiki Ltd
Response Code: 200
Domain Status: Registered And Active Website

The toll-free number (800-652-4019) on the fax only traces back to spam calls, and its unsubscribe number is a well-known scam.  The fax was sent from 888-261-0361 (which has been blocked). The scammers go by the name Community Business Funding and Simple Business Funding.

With the scammers outside the jurisdiction, telephone being an inconsequential commodity and no way to shut down the fax calls, it’s getting a little annoying. At my age, being woken up in the middle of the night by a scam fax isn’t nearly as much fun as it sounds.

Now if only there was a way for some smart tech type person to mount a DDoS against this folks, that would be interesting. Or maybe give the medical equipment vendor who sold Dr. SJ’s fax number a taste of his own medicine to remind them that whatever they’re making off the numbers, a dollar per thousand say, isn’t worth their family being woken up nightly for the next month.

But that would be wrong, and I would never advocate doing something wrong.  There really needs to be way to prevent the intrusion of spammers and scammers. Or the terrorists win.

26 comments on “OT: A Rude Awakening

  1. Turk

    Did you really just blame your wife, in public, for initiating a fax problem?

    I suggest you call the florist immediately.

  2. Paul

    Greetings,

    It probably wasn’t the medical device manufacturer, if it came from them at all, but a rogue employee or a hacker of their systems. The scammers/spammers pass around lists of telephone numbers like popcorn at a movie theater. Over time, it is almost certain, that your fax number has been robodialed, and a fax was detected. This happens all the time. Any phone guy at a corporation would tell you the same, that telephone numbers are probed routinely.

    Paul

    1. SHG Post author

      Maybe, and yes, it happens all the time (which doesn’t bring much comfort). But that doesn’t solve my problem.

  3. Jack

    Ditch your old school fax machine and go digital. E-mails don’t make any noise in the middle of the night unless you have them sent to your cell phone! Google “Electronic Faxing”.

    1. SHG Post author

      And when the phone rings over and over as the email searches for a response on the old number. I will think warmly of you. By the way, it’s not my fax, and Dr. SJ is not much of a tech lover. Plus, fixing this would help a bunch of others who are going through the same thing (as the internet tells me).

      Aside: Whenever a tech question comes up, the answers always seek to do everything to avoid addressing the problem, rather than addressing the problem. A slackoisie reaction?

      1. earlwer

        1) turn off the sound on the fax machine
        2) replace the fax machine with a device that can store the fax or save it to a computer.
        Most multi-function devices can print, scan, fax and copy. You connect the device to your computer via USB, network or wifi. Now you can view the junk faxes before printing.

        1. SHG Post author

          The noise isn’t the fax machine, but the telephone ringing. As for replacing the fax machine (a couple people emailed me suggesting this), I have a new, expensive multifunction, but more importantly, my spending more money seems a really awful the answer to scammers. The terrorists win.

  4. Carl H

    Have you thought of going after the company’s/domain’s service providers instead?

    I wouldn’t bother with their ISP, Navitel Rusconnect Ltd. A quick check on their ASN (49335) reveals they have three upstream peers in Russia but their main link to the Internet seems to run through the Belgian ISP EDP (AS Number 9031) — who have data centres in Belgium and Russia. If you do a Google search for “”EDP Net” they are first link.

    Although we don’t have a CAN-SPAM law their usage of the system is clearly a breach of, if not any EU law, then at the very least their peering agreement with EDP. So a compliant with EDP might be one way to go.

    Another way might be to check American Registry for Internet Numbers and check who the block of AS numbers is owned by and then write an e-mail to the e-mail addresses listed as their admin and abuse contacts (every AS number, like a domain must have an abuse and admin contact e-mail).

      1. Carl H

        I wish I had the brain and skills of someone like Brian Krebs, Mark Russinovich or Bruce Schneier.

        Whilst I appreciate and share your somewhat mischievous intent; looking at this from a technical perspective I’m not sure what to make of it. The website communitybf [dot] com appears to have gone dead. Even the domain’s authoritative DNS servers claim to have no record of the domain.

        The IP address in your post has hundreds of other sites run on it, including some which would be of some interest to not only US regulatory authorities (RIAA, MPAA) but also plenty of “pharmacy” sites and sites of that ilk. There are at least a few sites that do seem quite legit, as far as I can tell, at any rate.

        Just pointing one’s browser at the IP address in your post shows the site is set up for shared hosting (using some notoriously insecure software at that).

        At the same time, registering your domain behind a front in Panama, hosting your IP addresses on Chinese DNS servers and hosting your website on a Russian server shows someone has put some thought into this. It also suggests to me, at least, that this isn’t the only “business” they run.

        I suspect they’re very much a “boiler room” type operation and even were one to be successful in cutting off their Internet access they’d be back in business within a week. And then there’s the fact that scuzzy company will still have Dr SJ’s fax number. To remove that problem someone might have to, ahem, have it removed from their server somehow.

        Behind such boiler room operations you’ll each get SPAM magnets (such as Krebs often exposes) or something a bit more sinister. The latter is a group I really wouldn’t want on my radar.

        Fortunately, that upstanding former Moscow cop Pavel Karpov might have just the right contacts for this…

        Where’s pj_cryptostream when you need him? He’s got mad skillz right?

          1. Fubar

            Maybe you don’t need mad computer skilz to put at least one stumbling block in the path of your FAX spammer.

            If you know (approximately) when you are expecting actual FAX material from actual correspondents, put the FAX machine on the telephone line.

            At all other times, put an answering machine on the line, which has a repeating outgoing message consisting of Special Information Tones (SIT tones).[1]

            SIT tones are the tritones you hear when you reach a number that is out of service. A voice message typically follows the tones.

            Some, but not all, robot spammers, detect and purge out of service numbers from their internal lists of numbers to call. They don’t want to waste time calling dead numbers.

            SIT tones and messages are availble for free as MP3 files many places on teh intarwebz. One such source is thisisarecording.com.

            FN 1: Yeah, it’s redundundant.

            1. SHG Post author

              That’s an interesting idea and eminently doable idea. It won’t save the rest of the world or make the scammers cry (I would really like to do both), but it could work.

  5. JR

    I feel silly giving law related advice to lawyer considering I am not one.

    I have had a bit of success over the years dealing with the ugly brother of the fax spammers, Telemarketers. The laws as I understand them are written to take care of that whole family of pests. Federal law, but you are allowed to sue in local court.

    The standard way it is done is a call center in India makes the call with a faked caller ID number. They play a pre-recorded message. If you press 1 the system forwards the call to a scammer center in the US. Now they try to get you to get a free alarm system, of course you have sign up for the monthly monitoring fee, and they get a kickback for the maker of the alarm and a bonus from the monitoring company.

    This year the FCC produced a ruling the scammer center is an agent of the manufacture, thus companies like GE, or Honneywell are now being named for the actions of the scammer centers. This should stop a lot of calls for Satellite TV.

    The same rules should apply for faxes. Go after the US maker of the product they are pushing. Look up the TCPA and any recent cases from Diana Mey. On top of that fill out the online complaint form at FCC.Gov. They like fining them up to $11,000 per junk fax or pre-recorded telemarketing call.

    1. SHG Post author

      Don’t feel badly about offering something that worked for you, even if you’re not a lawyer. Unfortunately, I’m not only painfully familiar with the TCPA (see Stern v. Bluestone), but the idea won’t work here. They aren’t selling a product with some American connection, but it’s a business loan scam. It’s just a total scam, start to finish.

  6. Tom M

    Maybe you could find a way to suggest that they are the purveyors of Revenge Porn and turn loose Prof Franks on them? Think of the fun and hilarity of new proposed law that would come from that!

    1. SHG Post author

      Every day I block the number (I can do it from here). Every night, they send it on a different number. They have lots of numbers.

  7. onlymom

    if you really want to be evil. get a 900 number that charges 10 bucks a min then forward the fax number to it before going to bed.

Comments are closed.