$116mn Fine for Toll-Free Fraudster Who Embarrassed US Telecoms Industry with His Anti-Scam Antics

The man and the companies commonly known as ‘ScammerBlaster’ have been hit with a USD116mn fine by the US Federal Communications Commission (FCC) for pumping traffic to toll-free numbers. However, this accurate statement about the penalty theoretically levied by the US comms regulator last week does not do justice to the story of a man who clearly will not be paying this fine (because he cannot afford it) and his wild plan to gain YouTube notoriety by singing (yes, singing) about how much he hates scammers whilst using the proceeds of crime to finance vigilante denial-of-service attacks against comms providers he accused of profiting from illegal robocalls.

As previously reported in more detail, Thomas Dorsher of North Dakota, USA, is an unusual fellow who portrayed himself as partly a YouTube scambaiter, partly a vigilante who punished corporate malfeasance when nobody else would. Or to be precise, Dorsher presented himself as an anonymous collective of people who did these things, although it is likely that Dorsher was the only member of that collective. (If more people really were involved, then the FCC should have added those names to the list of individuals expected to pay their ridiculously large fine.) The ScammerBlaster brand was linked to all of the following activities.

  • The ScammerBlaster website made potentially libelous claims about well-known US comms providers profiting from scam robocalls. It also, seemingly seriously, stated the hope that ScammerBlaster would receive government funding to help them reduce the number of scam calls. The website has since been seized by US law enforcement. I am not clear why the website was seized, because defamation is a civil tort that should be pursued by the businesses that were defamed, and is not a crime that justifies the intervention of the state. The seizure may be connected to the site also being used to solicit for tips about companies that enabled scam calls, so that they may then be hit by denial of service attacks. Hoever, it seems a stretch to argue that obtaining tips about wrongdoing was the cause of Dorsher’s attacks, not least because the authorities allowed him to continue to receive tips via other channels, such as his Twitter account.
  • A YouTube channel was used to mock Indian scammers by singing them rude songs. The emphasis for later videos shifted towards original musical compositions whose lyrics did not mention the telecoms industry, with titles such as “I’m In Love With You” and “Can’t Live Without This Love”. This change in style may have been motivated by the severe punishments that Dorsher had already been threatened with. YouTube sometimes exhibits a disturbing eagerness to ban or demonetize channels run by people who have broken no law, but the ScammerBlaster channel remained unmolested, and can be found here.
  • Per the FCC, Dorsher and the various companies he registered made large numbers of automated calls to toll-free phone numbers in order to pocket a share of the proceeds. To some extent, this arbitrage possibility reflects badly on the complicated regulatory pricing regime imposed upon carriers in the USA, but traffic pumping is also clearly illegal. Dorsher might have hoped to obfuscate his true purpose through the choice of the recording that was played by these automated calls: recipients were spammed with warnings about scam calls. But there may also be an extent to which Dorsher believed he was doing the right thing when he used the same method to spam companies he blamed for the prevalence of scam robocalls.

Dorsher was apparently a fan of Commsrisk; one of his YouTube videos includes the following message in the description field.

Hoping for Conmsrisk to see this video and give me an interview.

I share this because Dorsher seemingly contacted me in 2022, after the FCC had begun its enforcement activity, with the intention of giving his side of the story. Emails were sent to me from an address that referenced ScammerBlaster, and the sender made some effort to establish their credibility by demonstrating they had access to ScammerBlaster’s online accounts. However, the sender refused to say who they were even though I directly asked if I was dealing with Thomas Dorsher.

Establishing the identity of the correspondent was crucial to determining the meaningfulness of any interview which followed; Dorsher’s name had been used to register the legal entities cited by the FCC in their investigation and he was the only individual explicitly threatened with punishment. Nevertheless, I sent a list of prospective questions for an interview; the reply promised to provide answers at a later date. This promise was not kept. So whilst I do not know more about Dorsher than is available in the public domain, I have some justification for my intuition that Dorsher sought to exaggerate the significance of ScammerBlaster by pretending several other people were helping him to run it. This is also why I believe a USD116mn fine is ludicrous when compared to any amount the US Department of Justice could realistically hope to collect. Multimillionaires do not single-handedly run a few empty shell companies between writing songs for YouTube.

Dorsher made many claims about the wrongdoing of others, but never provided much reason to believe he could be trusted. This is exemplified by how he tried to fight the FCC’s inquisition. His companies were registered using his real name. His videos promised to ‘break the phone system’ of businesses he targeted. Calls were traced by the Industry Traceback Group to a business which named one of Dorsher’s companies as the source. But the FCC’s forfeiture order states that Dorsher claimed he was a victim of mistaken identity. This fits a pattern where Dorsher behaves like ScammerBlaster is run unknown mysterious other people even though he is the only person who can be connected to it. The best that can be said about some of Dorsher’s deceptions are that they are naïve, just like his hope he would attract government funding.

Generating fraudulent profits from traffic pumping is against the law and deserves to be punished. Dorsher is a liar, or a fantasist, or a bit of both. But having made this observation, I now find it fair to observe that his accusers also have a strained relationship with the truth. The instincts which lead me to doubt much of Dorsher’s account also lead me to question the honesty of the authorities who have levied this fine against him. Consider the opening paragraph of the statement issued by FCC Chair Jessica Rosenworcel following the imposition of the fine on Dorsher.

The scammers behind robocalls are nothing if not persistent. But so is the Federal Communications Commission. We are not going to stop fighting the good fight to block these annoying calls from our phones. So today, we follow through on an investigation and finalize a $116 million fine against a company whose scheme was to make money off of phony toll free calls. In total, we have referred over $500 million in robocall fines to the Department of Justice for collection this year.

The FCC’s investigation argued they were justified in punishing Dorsher because there was no credible connection between his calls and those received by ordinary people. They said he made a bogus association between his traffic pumping fraud and consumer scams. But after the FCC reached this conclusion, its Chair tried to generate positive publicity by deliberately conflating Dorsher’s traffic pumping scheme with consumer scams. She somehow adds a USD116mn fine for traffic pumping fraud to the total for fines issued for completely different frauds committed against the public, and argues this is further evidence of the FCC doing all it can to protect ordinary phone users from harm. However, the only genuine similarity between these two distinct types of fraud is that both involve calls made by machines. The FCC is right to protect businesses by punishing traffic pumping fraud but wrong to pretend this has anything to do with reducing scam calls received by the public.

Rosenworcel’s statement contradicts the FCC’s forfeiture order against Dorsher, which unambiguously states he was not fined for making robocalls to ‘our phones’.

Although we agree that illegal robocalls are a serious threat to the American public, we are not convinced that the Dorsher Enterprise’s prerecorded message did anything to protect the health and safety of consumers. The “public service announcement” cannot reasonably be interpreted as necessary to warn anyone about specific threats posed by illegal robocalls, as the message directed the recipient to visit the ScammerBlaster website and report information that would allow the Dorsher Enterprise to take action into its own hands. Furthermore, the fact that the Dorsher Enterprise: (a) only sent the prerecorded message to Toll Free Customers; and (b) configured his message to play on repeat for up to ten hours if not disconnected convinces us that the Dorsher Enterprise’s motivations were far more pecuniary than philanthropic. The Dorsher Enterprise intended to target Toll Free Customers to generate revenue, not to warn any specific person or entities of a supposed imminent health or safety threat.

There are other reasons to challenge the honesty of the people that sought Dorsher’s punishment. This the first line of the FCC’s press release about Dorsher’s punishment:

The Federal Communications Commission today adopted a $116,156,250 fine against a group of parties responsible for nearly 10 million robocalls made for the purposes of generating toll free dialing fees.

A ‘group of parties’ is a rather grandiose way to describe one man and several hollow companies he registered and ran single-handedly. But more importantly, Dorsher was not fined USD116,156,250 because the FCC established he had made 10 million illegal calls. The entirety of that enormous fine relates to just 20,650 calls that were verified to be infringements of the Telephone Consumer Protection Act.

Under the Commission’s forfeiture guidelines, we may adjust a forfeiture upward for violations that are egregious, intentional, or repeated, or that cause substantial harm or generate substantial economic gain for the violator. As explained in the Notice, the total forfeiture results from assessing a base forfeiture of $4,500 for each unlawful robocall that the Bureau verified was made without the requisite prior express consent. The Commission verified 20,650 unlawful prerecorded voice message calls to toll free numbers. We also found the Dorsher Enterprise’s violations were egregious because it targeted toll free numbers to fund TDoS attacks, and we proposed to adjust upwardly the base forfeiture to $5,625 per violation.

Applying a fine of USD5,625 per call to 20,650 illegal calls gives a total penalty of USD116,156,250. But does the tariff of USD5,625 per call not seem excessive? The recurring pattern with the FCC is to issue press releases about fines worth millions of dollars, supposedly in response to millions of robocalls, but actually calculated on the basis of mere thousands of calls that were proven to be illegal. Or to put it another way, if Dorsher had made 10 million illegal calls, and was fined USD5,625 for each call, then the penalty would be over 56 billion dollars. Does that not seem absurd, especially as FCC fines for illegal calls made by small-scale crooks almost never result in any money being collected? The penalty per each individual infraction has been set idiotically high because the FCC and the US legal system have become totally dysfunctional at extracting a fair punishment commensurate with the scale of the wrongdoing and the likelihood of collecting a penalty. They do not seem to care, because the only purpose of these fines is to keep inflating the boasts of administrators like Rosenworcel.

But perhaps the strangest and most vindictive part of the enforcement action against Dorsher relates to the supposed seriousness of Dorsher’s attack on the fraud hotline maintained by AT&T. It is cited in the forfeiture order as one of the reasons why Dorsher deserves the higher level of fine for ‘egregious’ wrongdoing.

…in at least two instances, Dorsher and [his company] ChariTel made prerecorded voice message calls to AT&T’s fraud protection hotline, tied up the toll free line, and made it impossible for consumers to reach AT&T’s hotline to report fraud issues. In some instances, a single robocall from the Dorsher Enterprise generated revenue by seizing toll free lines for up to 10 hours. This can have a crippling effect on toll free businesses and customers seeking support for legitimate purposes such as AT&T’s fraud assistance services, and the Commission has observed that traffic pumping imposes undue costs on consumers and harm competition. Accordingly, we affirm that the Dorsher Enterprise’s conduct was egregious; we find no basis to reduce the forfeiture.

That paragraph says Dorsher ‘made it impossible’ to call AT&T’s fraud protection team on at least two separate occasions. But how many calls did it take to literally deny anybody else the ability to call AT&T and inform them about fraud?

Two… calls were to an AT&T Service, Inc. (AT&T) toll free fraud protection hotline.

Two calls were made to the hotline. Each call ‘tied up’ the hotline so nobody else could get through. This essentially means that anyone who makes any call to the AT&T fraud hotline has instantly made it impossible for anyone else to call the hotline because the hotline can only cope with one call at a time. If I was responsible for consumer protection at the FCC, I would be asking why the business which was previously the world’s richest phone company is incapable of handling two simultaneous calls to their fraud hotline. And if I was managing fraud on behalf of AT&T, I would wonder about my career prospects at a company which has slashed its employee headcount by at least 74,130 since the beginning of 2021; the full total is uncertain because AT&T simply stopped reporting job reductions after a while. If they take fraud seriously then they might want to install a few more phones in their office and hence justify having a few fraud analysts to answer them.

This year has grown increasingly peculiar for me as a rising number of Americans contact me, via public forums and in private, to complain their fellow countryfolk are not being adequately protected from scammers. As they feed me more stories, this website keeps getting more traffic from the USA. But I am not American, and I am not an expert in the US telecoms industry. I only started taking an interest in the suffering of Americans because STIR/SHAKEN was so obviously a bad idea that I did not want to see other, poorer countries wasting billions of dollars on a massive distraction from the cheap, simple and efficient controls that would reduce scam calls far more rapidly than STIR/SHAKEN ever could. But all sorts of people from around the USA — lawyers, CEOs, engineers, and even the ScammerBlaster — have been getting in touch because they assert that the goal of consumer protection has been utterly corrupted within the telecoms realm. Some of these people sound like conspiracy theorists to me, but a conspiracy theory can also contain some grains of truth.

There is no analysis that I can provide which will deliver solutions to the severe and deeply ingrained problems faced by the US telecoms industry and the consumers who suffer as a consequence. But I doubt the solution involves obtaining revenge for the embarrassment caused by a lone fraudster by calculating a vindictively large fine which he cannot possibly pay. And I am certain that punishing traffic pumping fraud will never have any impact on the number of scam calls received by ordinary Americans, no matter how much the Chair of the FCC pretends otherwise.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.