20.5k unique visitors in the last 3 days

The Commsrisk Review of 2024

Another year transitioned from anticipation to history, during which Father Time showed us the best and worst of corporations, governments and the human race.

I would merely beg you not to be too much bowed down by grief. What seem to us bitter trials are often blessings in disguise.

Oscar Wilde, The Importance of Being Earnest

Superstitions vary between cultures, so some readers may consider my thirteenth consecutive annual review to be portentous, whilst others will associate the number with misfortune. 2024 was the year when certain kinds of networked harm became so commonplace that certain kinds of networked people began to publicly acknowledge the existence of these harms. That was an extraordinary change, though it occurred with barely any commentary about the motives behind it. Bad things had to get worse before there was a public admission of the need to work to make things better.

During most of the history of Commsrisk, corporate attitudes towards the harm done to phone users via the abuse of networks could be summarized by the mantra of the three wise monkeys: see no evil, hear no evil, speak no evil. It is easy to see no evil when you make insufficient effort to find it. As a general rule, people do not like to draw attention to their flaws and vulnerabilities. Communications businesses are too technically complicated for any individual to fully understand how everything works. They are open to doing business with many other parties, often because they are legally obliged to, which places them at risk of being exploited. Most wrongdoing occurs in the shadows, and it happens both inside and outside of these businesses, sometimes through the collusion of insiders and outsiders. This creates an ideal environment for mistakes and crimes to persist unnoticed, unless business leaders demand a thorough understanding of every aspect of their company’s performance.

Businesses based on technology are notorious for boosting their valuations in the short term by exaggerating the upsides and ignoring the downsides to what they are doing. Executives at Theranos lied about being able to manufacture super mini blood-testing machines. A few people at Worldcom deliberately confused capex and opex spending to make the business seem like it was growing, and most of the company’s accountants did not appreciate they were committing fraud. The history of post-war capitalism is replete with examples of corporate boards exercising only a superficial influence over governance, and technology adds a layer of fog that further excuses ignorance.

There was another reason for comms providers to pay scant regard to the nasties that lurked within their systems and processes. Telco business leaders, many of whom come from a background in marketing, calculated that talking about consumer protection would make customers fearful. They could plausibly argue that discussing threats to the public will mostly result in the public having exaggerated fears about those threats, and thus would become an obstacle to the adoption of novel services. These execs were deluding themselves, or perhaps they simply calculated it was more profitable to be deluded. The threats to consumers were actually worse than execs knew about, or wanted to know about. If organizations are not systematic about finding and revealing the wrongdoing that occurs over networks then execs will receive incomplete and inadequate reports.

Somebody has to pay for any form of news because there is always a cost associated with gathering and distilling the information, even if the audience can consume it online for free. That is why people tend to pay for the news they want to hear, and not for news they do not want to hear. We have phrases that describe this concept in the realm of mainstream and social media, such as ‘echo chambers’ and ‘media bubbles’. Nobody applies these phrases to activities within a corporate entity, but internal corporate news is no less biased. Misinformation leads to poor decisions. The scale of the harm suffered by the public through the abuse of communications networks is directly connected to a history of failing to estimate and anticipate the risk of networks being abused. It has grown so large that voters are complaining to politicians, and victims are complaining to the police in such large numbers that executives can no longer pretend to hear no evil.

I am nearing three decades of work at the intersection between gathering data from computerized systems and decision-making about risk. Technology has changed a lot during that time, but human biases also influence decisions, and those biases have not changed at all. One of the worst biases is the naive belief that there is no bias. That bias remains, not least because it is easier to profit by selling the new things that technology can do than by curbing the age-old flaws of human nature. And that is why you are reading this observation here, on a loss-making website that I stubbornly provide for free, as opposed to the many rival free sources of information that mostly repeat content from press releases, or from the paid-for sources of internal and external news that shape the decisions of executives. There is no profit in telling you this truth, but that does not make it less true than the more profitable messages you will frequently receive from other sources. It has become fashionable to talk about restoring trust in communications networks, but any real restoration of trust would need to begin by demanding truth from the sources of information that shape decisions. There is limited appetite for honesty whenever it interferes with the customary way that businesses market themselves.

More than any other year, the Commsrisk of 2024 has delivered good news for people who love bad news. The bad news has become so bad that it is finally being treated like news. The worst of the news is that the criminal cancers that have perforated networks worldwide have grown so enormous that people have begun openly admitting the need for surgery, although most of the interventions they have proposed are a lot less precise than a surgeon’s knife. The middling news is that the surgery should have occurred years ago, when the operation would have been smaller and easier to survive, before criminal syndicates reinvested the profits from basic crimes into the tools and resources needed for more elaborate scams. The good news is that incompetent doctors get sacked when patients die, so decisions will be made by more competent people in future, even if some businesses will not live long enough to be affected. That was a short but earnest account of what really happened this year; keep reading for more detail.

January to March

2024 opened with news about communications being on the front line of modern conflict. ONE Albania, the country’s second-largest telco, endured a Christmas Day cyber attack alongside Albania’s Parliament. The attacks highlighted how private sector telcos have become prime targets alongside government institutions, though neither organization was officially designated as ‘sensitive’ by Albanian authorities. A more devastating cyber assault occurred in Ukraine, where Russian hackers demonstrated their patience and sophistication by first infiltrating Kyivstar’s systems in May 2023 before launching an attack that “completely destroyed the core” of Ukraine’s biggest mobile operator during the final days of December 2024. The head of Ukraine’s cybersecurity unit said this was a “big warning” to Western telcos. The use of communications technologies for hybrid warfare was also highlighted by a thoroughly researched report on battlefield location tracking by Cathal Mc Daid of Enea. It will not be long before some of the techniques involving drones and radio surveillance that have been developed by the Russian and Ukrainian militaries will be repurposed as threats to civilian life. There were numerous reports over the course of the year of military bases in countries far from the frontline in Ukraine being buzzed by drones that gather data about the phones of Ukrainian soldiers being trained within.

Seemingly having learned nothing from past failure, comms providers confessed to a familiar parade of privacy breaches during the year. This began with US MVNO Mint Mobile warning customers of a data breach affecting potentially millions of users. The timing was particularly awkward as the company awaited approval for its USD1.35bn acquisition by T‑Mobile US. The FCC had specifically asked about “data security breaches and cyberattacks” as part of their review process. Meanwhile, the systematic weakening of privacy took an institutional turn in Kenya, where privacy activists slammed the government’s Device Management System (DMS). While officially meant to combat counterfeit phones, critics argued it would enable surveillance of calls, messages and financial transactions. The controversy highlighted how surveillance capabilities can be introduced under the guise of consumer protection.

Brazilians receive more spam calls than any other nationality, resulting in the development of a unique strategy where leading telesales companies voluntarily fund the authentication of calls they make. Brazil showed how to adopt radical measures to eliminate bad actors from telemarketing without any heavy-handed regulatory intervention and without passing the costs on to phone users. This contrasted with the policies pursued in North America, where candid remarks from SIP Forum Chairman Richard Shockey made it plain that the real motive for the USA’s STIR/SHAKEN mandate was to force all networks to spend on upgrades so that some could sell enhanced services to big business users. The downsides of implementing a centralized regime for controlling calls was further emphasized by revelations that AT&T and Verizon were being sued for infringing patents related to STIR/SHAKEN.

American hopes of imposing favorable conditions for cross-border telemarketing had already been dealt a blow by Ireland’s decision to reject STIR/SHAKEN in 2023, despite Ireland being home to the European headquarters of many US multinationals. The prospect of a syndicate of US corporations controlling a global STIR/SHAKEN regime was effectively ended in February 2024 when UK regulator Ofcom also rejected STIR/SHAKEN. Meanwhile, advocates of STIR/SHAKEN continued to repeat the well-trod lie that STIR/SHAKEN had already been implemented in the UK. Nevertheless, the UK’s decision killed any prospect of STIR/SHAKEN becoming a global standard, especially after Ofcom concluded that “widespread international adoption of CLI authentication is unlikely to happen in the near-term”.

Singapore reinforced its position as a world leader in consumer protection by giving subscribers the option to block all incoming international calls as well as introducing prison sentences of up to 5 years for selling SIM cards used in scams. The country’s banks later committed to phasing out one-time passwords (OTPs) sent by SMS.

A disturbing connection between Chinese suppliers of surveillance equipment and global fraud was exposed when French newspaper Libération revealed that an arms dealer posing as an LED light salesman had supplied the SMS blasters used in a massive Paris smishing operation. The dealer claimed exports of technology used by fraudsters occurred with the knowledge of Chinese political leaders.

Voice phishing is so common in South Korea that moviemakers released a feature-length film based on the true story of a middle-aged laundromat owner who hunted down the head of a gang that scammed her. Citizen of a Kind was the highest-grossing film in South Korea during the week of its release, and went on to be the 14th-highest grossing film of 2024.

April to June

The authorities in Thailand set an example for other countries with their holistic approach to tackling networked scams. They disconnected cross-border communications exploited by scam compounds in neighboring countries, including the destruction of 84 mobile operator base stations. They also intercepted the equipment used by criminals. A series of raids led to the seizure of 26 Starlink satellite dishes and other paraphernalia that would have provided connectivity to scam compounds in remote areas.

Thai police also demonstrated that they are aware of comms crimes that bypass networks when they arrested two men in April for sending smishing messages with an SMS blaster carried in a backpack. The criminals used the portable radio device whilst walking past hundreds of shoppers in Bangkok’s busy shopping malls, much like the events depicted in an advert for IMSI‑catchers that had been posted to YouTube months earlier. The advert was eventually taken down for violating YouTube’s terms at the end of September, but only when a public policy goon at parent company Google realized that attention would be drawn to the video’s existence by a UK regulatory consultation which asked about the threat posed by SMS blasters. You can still see many other videos advertising various kinds of IMSI‑catcher on YouTube, including the cropped version of the shopping mall video they tore down. Decide for yourself why the world’s richest internet search business, which is committed to spending USD100mn on the development of artificial intelligence, needs human users to report the URLs of videos that advertise SMS blasters even as a different division of the same corporate group warns about the threat they pose.

AT&T reinforced skepticism about attitudes towards customer data when they revealed that personal information belonging to 73 million current and former customers had been compromised. Their response followed the same playbook they have been following for years: blame a different business, insist that AT&T takes privacy seriously, downplay the significance of the risk, and give victims ‘complimentary’ credit monitoring. This approach benefits credit monitoring agencies like Experian that can look forward to converting free subscribers into paying customers when the complimentary period expires. Later in the year AT&T suffered an even larger breach, relating to the records of calls and texts for “nearly all” of their mobile users. The way they handled that breach was just the same: deflecting blame and insisting that maintaining the privacy of customers is a top priority for their management team. The latter claim is difficult to reconcile with the fact that AT&T retains call records dating back to 1987 just so it can sell access to the US government.

Belgium joined the growing number of nations implementing blocks on inbound international calls that present domestic numbers, with the country’s telcos given three months to implement blocks for landline numbers and six months for blocks involving mobile numbers. The approach taken in Belgium follows the guidance issued by Europe’s Electronic Communications Committee, a grouping that represents 46 European regulators, but the same methods have also received the blessing of regulators on other continents too. For example, India announced the extension of existing blocks on spoofed landline calls to include mobile numbers too. Jyotiraditya Scindia, India’s Minister for Communications, later hailed the success of the cooperative program that shares roaming data between telcos so they can block calls that spoof Indian mobile numbers without affecting genuine roamers. Elsewhere, there were telcos that voluntarily implemented the same kinds of blocks on spoofed international traffic, including the Latvian and Lithuanian operations of Bitė Group.

There was a quickening of the pace with which businesses seek to transition away from SMS OTPs, with Google announcing they would no longer require phone numbers for two-factor authentication. India’s central bank began exploring alternatives to SMS OTPs for the authentication of transactions. These shifts signaled that the A2P SMS market is nearing its plateau and is soon expected to decline. This decline will be accelerated if Telegram succeeds in creating an SMS bypass mechanism that other comms apps might copy. In the meantime, SMS remains a useful way to bribe telco insiders to commit SIM swap fraud.

China unveiled CHAKEN, a rival method of CLI verification that copies some aspects of STIR/SHAKEN, discards other parts of its governance structure, and adds some technological enhancements including personal avatars and video identification. The Chinese government has been at the forefront of fighting scams with all methods at their disposal, with the result that Chinese crime syndicates have moved their operations around Southeast Asia in the hope of evading Beijing’s reach. Rioters took to the streets during May in the Cambodian city of Sihanoukville after escaping the slavery imposed by scamlords that have effectively taken control of the city with the support of corrupt law enforcement and bureaucrats. There are routine reports of violence suffered by the 300,000 scammers working from compounds in Myanmar, Cambodia and Laos. These criminal enterprises are estimated to generate more than USD43.8bn annually, approximately 40 percent of the combined GDP of the three host countries.

Commonwealth Bank became the first Australian bank to integrate with their country’s intelligence loop, a mechanism for rapidly sharing data about scams between banks, telcos, police, and other relevant parties. This highlighted Australia’s increasingly sophisticated and comprehensive approach to fighting fraud across multiple sectors, which culminated with the roll-out of a comprehensive cross-sector national fraud strategy later in the year.

Signs that leading Indian RAFM vendor Subex is struggling became apparent when they reported enormous losses despite rising revenues. An INR1.48bn (USD17.8mn) write-down of goodwill indicates management no longer believes previous valuations were justifiable.

July to September

I said goodbye to Commsrisk in July, with every intention of taking my life in a new direction. 17 years and 9 months of uninterrupted service appeared sufficient to me, especially as regulators need to become more prescriptive about the ways that telcos manage risk. The old canard of ‘self-regulation’ has evidently failed to protect the public from harm, and the extent to which influence will increasingly be exercised through written rules in the public domain will also make Commsrisk less important over time. However, an unexpected offer from the Mobile Ecosystem Forum (MEF) prompted me to reverse my decision and to bring Commsrisk back as a weekly bulletin that complemented the schedule for MEF’s newsletters. Hindsight has not helped to clarify if that was the right choice, as the CEO of MEF announced just 14 weeks later that Commsrisk was not meeting his revenue expectations, although this appeared to be a pretext. The real problem is that communications industry has plenty of tolerance for businesses that spy upon you, lose your data, charge you the wrong price, and exploit you through the creation of lucrative monopolies that are supposed to protect you whilst remaining accountable to nobody, but the industry has far less tolerance for anyone who questions the ethics of doing business like this.

A partnership of anti-fraud organizations lobbied US Secretary of State Antony Blinken to impose sanctions in response to the explosion in human trafficking to staff scam call centers in Cambodia. The request highlighted the the extent to which the US authorities have emphasized technical solutions like STIR/SHAKEN to distract from the enormous gaping holes in their anti-scam strategy. China offered a sharp contrast in approach by pressuring countries that harbor scammers, with 307 more suspected scammers being deported from Myanmer during a single day. The running total of deportations from Myanmar to China of suspected phone and internet scammers is now above 46,000. China has taken custody of many thousands more from other countries.

Much was made of the news that fines were issued in response to a robocall operation that copied the voice of President Biden to try to influence voters in the state of New Hampshire. This was presented as a success for STIR/SHAKEN, even though the calls were given an A-grade STIR/SHAKEN attestation despite spoofing the phone number of a prominent Democrat politician. Lingo Telecom agreed to a USD1mn settlement for their part in applying the STIR/SHAKEN signatures because they had relied on another party that failed to perform meaningful know-your-customer (KYC) checks. However, the absence of any enforceable KYC rules was made plain when Lingo Telecom’s lawyers observed:

The settlement… contains no findings of any rule violations, and Lingo Telecom continues to believe that it complied with all FCC rules, including those pertaining to STIR/SHAKEN call attestations.

Not to be outdone by the USA in the hypocrisy stakes, the European Union demonstrated its deep commitment to the rule of law by using illegal microtargeted online ads to boost public support for new comms surveillance powers. But what else would you expect from institutions that wrote the toughest data protection rules in the world, then made them irrelevant by unlawfully concluding that personal data about Europeans could be sent to the USA without any safeguards?

Australian police discovered an “evil twin” wifi operation that harvested personal data from passengers at airports in Melbourne, Perth and Adelaide. India demonstrated the advantages of using modern technology to address old problems by implementing new controls that require URLs in A2P SMS messages to be pre-registered in a distributed ledger.

Regular readers of Commsrisk have often read about the varied dangers of possessing a radio networked device. Perhaps the wider public may have begun to appreciate the seriousness of those dangers after communication devices used by Hezbollah exploded all over Lebanon. There was much pointing of the remaining fingers over where the supply chain for these devices had been subverted. Recent CBS reportage claimed Israeli security agency Mossad created a front organization which cloned the brand of a legitimate Taiwanese vendor.

Rob Mattison of GRAPA infamy attempted to connect with me on LinkedIn at the beginning of September. Regular Commsrisk readers will join me in my astonishment at this news. Less regular readers should inform themselves about the most dishonest snake in the revenue assurance swamp. That Mattison continues to sell RAFM training is proof that too few telecoms risk professionals are in the habit of independently verifying what they are told.

October to December

South Korean expatriates that had moved abroad to work in scam compounds were offered an amnesty if they returned before the end of October. The police promised financial rewards and reduced sentences if they provided intelligence about the scam gangs they worked for. Meanwhile, the connection between scammers and corruption became plain when fearless Cambodian journalist Mech Dara was arrested and detained on charges of ‘incitement to disturb social security’ after writing numerous reports about human trafficking of workers in scam compounds. How diplomacy really works was also made plain where Dara was released following an intervention by the head of the USA’s foreign aid program. It is not necessary to trace scam calls to Cambodia because the growing scale of Cambodian scam compounds is evident from satellite photography.

British operator BT showed it is possible to prioritize consumer protection over profits by reporting an 83 percent fall in smishing by A2P SMS. This was driven by the use of bespoke firewalls, the imposition of uncompromising requirements over whose messages they will deliver, and active collaboration with the police.

Some American industry insiders that insist on blaming the rest of the world for scam calls caused me trouble when Commsrisk pointed out that the US companies who pay for the supposedly successful US traceback mechanism are also the companies at the top of the league tables for originating the scam calls that were traced. The need for independent scrutiny of the comms industry was demonstrated by the robocall research team at North Carolina State University. Their latest paper revealed that robocall volumes had declined, but that the honeypots they had implemented showed 80 percent of unsolicited robocalls had been given a STIR/SHAKEN signature.

Corruption is not just limited to the USA; it can also occur in Africa. In October it was revealed that Ugandan authorities had paid USD4mn for a largely hypothetical audit of MTN Uganda’s data that resulted in a demand for back taxes worth USD76mn. However, the demand was soon withdrawn when it became clear that the largely hypothetical audit had been performed by a business with largely hypothetical credentials, no known address, and a history of performing similarly hypothetical audits of telcos elsewhere. You and I might surmise these very large demands for tax have something to do with the hypothetical auditors obtaining a guaranteed 5 percent cut of any additional taxes paid, and that these millions of dollars might also have influence who was contracted to perform the auditing. However, nobody working for the relevant Ugandan authority had anything to say about that.

Malaysian police chased down two vehicles carrying SMS blasters that sent smishing messages to an estimated 32,000 people per day, resulting in the arrest of four men. Thai police separately seized 642 unlicensed simboxes used to relay scam communications from properties linked to Chinese organized crime. But these accomplishments paled in comparison to a joint operation by Thai police and leading operator AIS that succeeded in locating a car that drove a smishing SMS blaster around Bangkok just three days after it began circulating. Earlier in the year, the Philippine government announced they were working with leading operator Globe to prevent the import of SMS blasters. Criminals have begun working around border checks for SMS blasters by transporting them as separate components and assembling them within the country.

New Zealand joined the list of Western countries reporting the ‘first known’ use of an SMS blaster to send smishing messages from a vehicle to any mobile phone within range. You might think that law enforcement agencies in advanced economies would assume international criminal gangs will use the same methods in multiple countries, but that would reveal how little they want to spend on tackling the kinds of frauds that cannot be blamed on apathy within the private sector. Earlier in the year, British authorities chose to share almost nothing about their ‘first ever’ SMS blaster arrests, but the rapidly-emerging scale of Europe’s problem with portable SMS blasters was highlighted by a 3-year prison sentence for a Malaysian who drove an SMS blaster around Norway.

Two seemingly unrelated standards suggested the beginnings of a potential consensus on how to make phone numbers trustworthy again. One was written by technical experts on behalf of the banking sector and was published by the International Organization for Standardization (ISO); the other is a draft submitted by one of the architects of STIR/SHAKEN to the Internet Engineering Task Force (IETF). However, independent expert Pieter Veenstra argued that the latest attempt to fix the flaws which undermine STIR/SHAKEN still suffers from numerous ‘garbage in, garbage out’ weaknesses.

Hybrid comms warfare made international headlines again when the Danish Navy detained a Chinese ship suspected to have deliberately cut submarine comms cables in the Baltic Sea.

In rather less serious news, a marketing stunt by UK operator Virgin Media O2 (VMO2) was misrepresented as a genuine attempt to protect consumers from scams. Just a little bit of digging would have revealed the real purpose of the exercise: to signal to the new UK government a willingness to engage in a publicity war if the authorities suggest that telcos are not doing enough to stop scams. VMO2 generated a lot of (undeserved, ill-informed) praise for creating an AI grandmother that supposedly wastes the time of scammers which call it, although this system was made by an advertising agency, not by anti-fraud professionals. The real story occurred two weeks earlier, when VMO2 issued a little-noticed press release demanding that the government doubled the number of police being recruited to fight fraud.

A comparison of British and American complaints about spam and scam calls since 2020 showed strikingly similar trends despite divergent consumer protection policies. Both countries have seen a dramatic fall in complaints about automated calls, although Americans remain seven times more likely to complain than their British peers. The steep fall in the number of complaints about automated calls means insufficient attention is being focused on the more intractable problem of live calls from human scammers.

Another source of information is to ask people about their real-life experiences, and that is what happened when I spent a day with hundreds of children at Granbury Middle School, Texas. The sad truth was that many 12 and 13 year olds could recount their experiences of dealing with scam callers. On the positive side, these kids appeared better able to recognize a scam than many adults, and some shared stories where they had intervened when listening to their parents talking to scammers on the phone. Many also expressed their admiration for the work done by popular scambaiters on YouTube.

US politicians have been banning Chinese telcos and banning Chinese network manufacturers for years. The US government is so keen on removing Chinese tech from US networks that in December they finally found the money needed to reimburse the telcos that have been doing it, although the national ‘rip and replace’ program was instigated in 2019. In contrast, there have seemingly been fewer restrictions on the travel budgets of US experts who like to fly to other countries to tell them how to secure their networks. So some may have been surprised when the White House revealed that eight of the USA’s largest comms providers were compromised by Chinese hackers. These hackers gained access to systems specifically created so that US law enforcement can gather copious information about phone users. The US Cybersecurity and Infrastructure Security Agency (CISA) responded by warning ‘highly targeted’ people to only use communications that is encrypted end-to-end. Meanwhile, the Federal Bureau of Investigation (FBI) stuck to their established approach of advocating for the kind of encryption that is supposedly secure except when the FBI decides it wants to hack into it. When thinking of the advice that has been given so freely to other countries, my response is to question why so many US experts have repeatedly proven so incapable of cleaning their own house first.

Epilogue

This may be the last time that I write an annual review because this may be my final Commsrisk post. Several weeks ago I indicated that I planned to share the content that was already in the publishing pipeline, then step away from the commitment required to keep putting out impartial news and analysis every week without interruption. As occurred previously, this prompted a few people to ask that I keep Commsrisk going. They seem to believe that Commsrisk has a fair chance of defeating the evils enabled by some of the Goliaths of this industry. That may be wishful thinking on their part. If Commsrisk does continue, it will be because of your response to the following.

The trouble with publishing Commsrisk is that it inevitably leads to friction from people who dislike the opinions expressed. I tend not to respect the pushback I receive for one simple reason: critics of Commsrisk are rarely able to show much data to justify their opinions, whilst I pride myself on being scrupulous at finding and analyzing whatever relevant data is available, from every available source. One fair way to solve the problem of people expressing fact-free opinions is to permit alternative opinions to be published in the same place, but critics of Commsrisk almost never bother to state their case on Commsrisk, or on any forum which permits counterargument. They only seek to punish me for writing things they dislike, whilst also turning a blind eye to the many occasions when so-called professionals have unambiguously spouted codswallop in support of a conclusion that they like.

The punishment for publishing Commsrisk comes via quiet conversations that discourage others from paying me for a fair day’s work. I have reached a stage in life where I do not need an income from this industry to keep doing things like this. However, the endless grind against petty little mediocrities who will not permit their arguments to be cross-examined makes the job of running Commsrisk exceedingly dull at times. Put simply, it can be boring to out-research liars just to show they are lying, especially if this research is not then used to pursue a more positive goal, such as the shaping of regulatory policy. If some regulators decide they only want to listen to big business lobbyists then there is not much I can do about that. However, now is a crucial time because national comms regulators are speaking to each other about consumer protection more than they ever have before. There are differences of opinion between those regulators. A big business that successfully lobbies one nation’s regulator may find the most serious opposition to their plans comes from the regulator of a different country. One way to diversify the opinions that regulators will hear is for some of the experts whose voices are heard less often to sometimes speak through Commsrisk’s amplifier too. That would lessen the burden on me, and make bullies more wary of trying to suppress independent industry analysis.

Now would be a good time to end Commsrisk. It has been running for 18 years. It cannot run forever. Commsrisk was instrumental in derailing the inept plan for a global STIR/SHAKEN regime. I expect a few zombie reincarnations of STIR/SHAKEN will be dug up from time to time, but history will date the epitaph of STIR/SHAKEN as occurring when Ofcom rejected it on February 1, 2024. That makes me happy. Saving untold billions from being wasted on the single most dishonest contrivance in the history of global telecoms fraud management might mean a few additional thousands will be spent on consumer protection measures that actually work. So I can feel like I played a part in making the world a better place, even if I did it by tediously recounting all the idiocies of a plan that many other professionals also understood to be flawed from the outset. I can hardly blame them for not wanting to shout as loudly as me; they may have families to support, whilst I have been reckless about making money and ingratiating myself with authority.

On the other hand, it is almost certain that there will be future idiocies which will deserve scrutiny too. The question in my mind is whether I need to be the person doing the scrutinizing, especially as I might otherwise be laying in a hammock, enjoying the luxury of doing nothing of merit for each and every day between now and the end of my existence. If I am to be persuaded to continue, it will be by you, because you are the unusual reader who reads the annual review until its very end.

The data is clear, and it informs my opinion again: relatively few read these annual reviews, and even fewer spend long enough on the webpage to read it all. Most other Commsrisk articles are far more popular. That makes you special. I have always known the annual review served a niche within a niche. The review has been delivered for 13 years in a row because it establishes my bona fides with the professionals whose opinions I most care about. You care enough about the topics covered by Commsrisk to want to re-evaluate the most important news of the year, perhaps to close any gaps in your knowledge. That makes you more professional than other professionals. So I want to know what you think about whether Commsrisk should continue, because the opinions of the people who really care should be given more weight. Frivolous people are influenced by trivial measures. If I am going to be influenced, it will be by you. See the simple survey below. Fill it out if you wish. The data gathered will inform what, if anything, comes next.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email