In January, Commsrisk reported on the copious evidence collected by Demurrage, a volunteer collective of scamhunters, about Sinch, Microsoft and callback frauds involving American VoIP numbers. Now Demurrage has shared further evidence of Sinch’s failings in the form of an email sent by Sinch to Microsoft, and which was also sent to a member of Demurrage’s team, apparently by mistake.
Demurrage has consistently claimed that scammers obtain Microsoft Teams numbers through Sinch’s network as a consequence of inadequate know-your-customer (KYC) checks. Put simply, they blame Sinch for not taking an interest in the relationship between crooked number resellers and the numbers reportedly used for scams, despite all the information supplied to Sinch’s fraud team by Demurrage. Calls to these American VoIP numbers are typically forwarded to scam call centers located outside of the USA. Victims are tricked into dialing these numbers because they received a message through another channel; for example, they may dial the phone number presented on a fake invoice sent by email. American businesses and regulators dogmatically focus on the risks posed by inbound voice traffic, so are blind to scams that stimulate outbound voice calls from the victim to the scammer.
The following email sent to a Demurrage team member, seemingly by accident, corroborated their observations about a lackluster attitude towards tackling scams within Sinch’s US operations. Demurrage explains that…
The email was sent to us one day after we reported what we suspected was an MS Teams number used in a McAfee refund scam. The email, which is addressed to “Microsoft PSTN calling” and sent by someone in Sinch/Intelliquent’s paralegal department, states the following:
“Dear Microsoft PSTN Calling:
Inteliquent/Sinch Voice received the following complaint concerning a telephone number assigned to your company.
Please initiate an investigation and take appropriate action which includes adding the complainant’s telephone number to all relevant do not call lists if applicable.
The following is all the information provided to Inteliquent/Sinch Voice by the complainant. Please don’t hesitate to contact the complainant directly if you need additional information to complete your investigation.
Please contact me within 24 hours with the results of your investigation and confirmation of the action taken.
Thank you!”
This email, if genuine, demonstrates incompetence within Sinch, whose US business is sometimes also referred to as Intelliquent or Onvoy because of a convoluted history of takeovers. The primary purpose of a Do Not Call (DNC) list is for the public to register that they do not wish to receive telemarketing calls. They are not meant to be general purpose blacklists for numbers used by criminals. If a phone number is being used for crime it should be taken out of service so nobody can use it. Placing a number on a DNC list does not take it out of service, and begs serious questions about the training of staff that handle fraud complaints received from American consumers. The message reveals a ‘box ticking’ mentality where responsibility for crime prevention ends with the exchange of a routine message about an individual phone number, instead of anybody investigating how so many numbers have been obtained by criminals.
The good news is that Microsoft did seemingly take the number out of service, although nobody had the grace to thank or acknowledge the individual who complained about it. More importantly, Demurrage’s analysis makes the connection that nobody in Microsoft or Sinch has talked about publicly.
This response confirms that these VOIP numbers (non-toll-free/local consumer numbers) are in fact MS Teams numbers, as the email was addressed to Microsoft directly. It also suggests that the claims made by the Sinch representative in the report’s emails may not have been entirely accurate after all.
So how is Sinch failing in their duty to protect the public from crime? Per Demurrage’s analysis, Sinch are apathetic about the number resellers who have become essential enablers of crime. Demurrage refers to these crooked number resellers as ‘marks’:
While it is possible that the “marks” (bad actors) linked to the first wave of MS Teams numbers may have been removed from the Sinch network, it has not stopped scammers from acquiring more MS Teams numbers for continued use in refund scams. Sinch is still lagging behind when it comes to removing “marks” from their network.
I grow increasingly impressed with the insights of Demurrage into the phone scams that plague Americans. They stand in contrast to the drivel spouted by ‘experts’ who sit on various committees supposedly created to protect Americans from scams. These experts are either ignorant of a lot of data about scam activity on phone networks, or they are consciously choosing to ignore that data. Either way, I find myself opposed to a lot of bad advice being aggressively pushed by American businesses that seek to influence the anti-scam policies of other countries for commercial and political reasons unrelated to protecting the public from harm.
Demurrage has many worthwhile observations to make about the weaknesses surrounding the supply of the Microsoft-Sinch VoIP numbers. These are written as a supplement to their earlier report on Sinch, Microsoft and callback frauds involving American VoIP numbers. You can read the supplement below, or click here to download it.
