20.5k unique visitors in the last 3 days

Once More Unto the Breach

A marketing firm boasted about displaying adverts that match what was said in private calls, the Indian regulator wants to reduce P2P spam by hiking prices for heavy users, there was another mass deportation of suspected scammers from Myanmar to China, and a scoundrel attempted to make contact.

A strong feeling of déjà vu permeates this week’s bulletin. But if people keep using the same methods to tackle the same problems in the hopes of obtaining different results, then I will have to keep commentating on their insanity…

307 More Suspected Scammers Deported from Myanmar to China

You can always rely on the Chinese news services to regularly provide new photographs of suspected phone scammers who are brought into the country with hands cuffed together and heads bowed down in shame (see above). Credit for the latest batch of 307 arrests and deportations goes to the United Wa State Army (UWSA), one of the rebel armies that is fighting the central government in Myanmar whilst picking off scam compounds in Shan province, a region of Myanmar that neighbors both Wa and China. UWSA were listed amongst my unsung heroes of 2023, mostly because their operations resulted in 1,207 scammers being deported to China in a single day. Add those figures together and the total comes to 1,514 times more phone scammers than the average Western police force has ever captured.

It is not easy to keep up with the rate at which scammers are deported to China. Put simply, Chinese criminal gangs have spread their tentacles around Southeast Asia and lured hundreds of thousands of willing or not-so-willing workers to scam compounds situated in places that are supposed to be beyond the reach of Chinese authorities. Those authorities have responded by extended their reach and finding ways to motivate local forces to take action, though it never seems to be enough to curb the scale of these lucrative crimes. Cambodian police handed over a total of 680 suspects before the end of April, whilst Vietnamese police surrendered 19 telecom fraud suspects in June. In February it was announced that the total number of telecom fraud deportations from Myanmar to China had surpassed 46,000 following the handover of a batch of 497 suspects. You can read this article from the Global Times for more details about the latest batch of 307 deportations.

Advertisers Really Do Listen to Your Calls

404 Media has published a story about a US marketing business pitching a service that promises to listen to private phone conversations in order to identify words that will influence the selection of adverts shown to the phone user. The service was offered by Cox Media Group (CMG), which is part-owned by the same Cox Enterprises that also owns Cox Communications. If it upsets you to think of communications businesses investing in spying on communications then you may not be comforted to learn that CMG’s ‘Active Listening’ service is powered by artificial intelligence.

CMG were not even hiding what they were doing. The sordid details of their ‘Active Listening’ service were openly promoted through a blog on their website. That post has since been deleted but an archived version is still available. It candidly explained why they thought this blatant invasion of privacy is legal. Look away now if you are easily frightened by the methods that lawyers use.

We know what you’re thinking. Is this even legal? The short answer is: yes. It is legal for phones and devices to listen to you. When a new app download or update prompts consumers with a multi-page terms of use agreement somewhere in the fine print, Active Listening is often included.

AT&T Sued by Phone Users of Other Networks Because Breach Affected Them Too

A co-conspirator has tipped me off about another story that dates back a month but which deserves more attention than it has received. The class action lawsuit that is Debbie Hale, et al v. AT&T Inc stems from the massive privacy breach that AT&T admitted to in July. Per AT&T’s disclosure with the US Securities and Exchange Commission (SEC), the data that was breached included…

…records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.

AT&T had already been hit by class action lawsuits from customers who were dissatisfied with the steps being taken to shield them from the increased risk that criminals will exploit their personal data. The argument in Hale et al is that other phone users have also been put at risk. It is a compelling argument on the face of it: records of calls and messages involving AT&T customers will also include data about who they were communicating with, and many of them will be customers of different comms providers.

Indian Regulator Suggests Increasing the Cost of Calls and P2P SMS to Reduce Spam

One common problem with anti-spam controls that focus on business channels like A2P SMS is that scumbags just shift their efforts towards spamming the public using person-to-person (P2P) channels instead. So the Telecom Regulatory Authority of India (TRAI) is considering a refreshingly straightforward way of tackling P2P spam that will not impact most ordinary users.

Per TRAI’s figures, there were under 140,000 complaints during 2023 about spam from registered telemarketers. This represents a two-thirds fall from the peak of 428,290 complaints in 2021, and is credited to new anti-spam rules that were introduced in the meantime and which leverage the national anti-spam distributed ledger. However, complaints about unregistered marketing through P2P voice and messaging originating with 10-digit mobile numbers has continued to rise, and exceeded 1.2 million last year. Comms providers are supposed to warn phone users about excessive use related to telemarketing, and to then impose usage caps or disconnect users who are guilty of repeat violations. The flaw in this approach is that it is too slow to be effective, so one proposed remedy is to end the practice of offering retail customers allowances that include unlimited calls or large numbers of SMS messages. In other words, the cost of making an additional call or sending an additional SMS would rise dramatically at a certain point associated with unusually high levels of usage.

TRAI also proposes mandatory monitoring of usage patterns for any customer who makes more than 50 outgoing calls or sends more than 50 outgoing SMS messages per day. This monitoring regime would look for common indicators of automated spam, such as the use of different B-numbers for each outgoing communication, calls having an average duration of under 10 seconds, or a highly skewed ratio between outgoing and incoming communication.

The anti-spam consultation covers too many other interesting proposals to address them all here, but they include:

  • the use of honeypots;
  • enhanced traceability of comms to their origin;
  • phone users needing to give explicit consent before they can receive any robocalls;
  • tight deadlines for investigating complaints about spam; and
  • new penalties for non-compliance.

TRAI’s consultation document is available here. September 25 is the deadline for the first round of responses, and October 9 is the deadline for follow-on comments.

Drain Swamps to Starve Snakes

Long-time readers of Commsrisk will be astonished by a LinkedIn invitation that I received this week.

I have often expressed my contempt for ‘Papa’ Rob Mattison. The early popularity of Commsrisk was arguably propelled by my regular rubbishing of Mattison and the training business that he founded, the so-called Global Revenue Assurance Professionals Association (GRAPA). His intention to deceive was obvious from the outset. A real global association of telecoms professionals cannot be established overnight by a father, mother and son when two out of these three have never worked in telcos. No other global professional association has been founded by a lifetime President whose CV hinged on two years spent working in AT&T’s billing operations team during the 1980’s, then 20 years of miscellaneous consulting work on data warehouses before he reinvented himself as a ‘thought leader’ in telecoms revenue assurance. An authentic association of professionals would not have launched itself by immediately infringing the copyright of Hugh Roberts, the man who created the RA working group in the TM Forum three years earlier. Mattison claimed that his self-published book represented the telecoms industry’s first standard for revenue assurance despite obviously being aware of the work of peers from whom he stole.

Mattison desperately clings to the undeserved status that he attempted to give to himself, long after his limited knowledge of the telecoms industry has became redundant. Generating an income by selling RA courses worked for a while but evidently fell off as RA fossilized into an increasingly rigid and irrelevant series of reconciliations that he espoused more than any other. This decline in his core market forced him to repeat the same essential trick several more times, variously duping other neophytes who wanted to believe they would acquire a meaningful qualification in fraud management, internal audit, and several other fields where Mattison lacks the competence to determine what ‘best practice’ really is. He sought to sell this training to regulators too, which effectively meant he was seeking to influence their policies. Mattison got away with this because he exploited the cachet of being an American and former AT&T employee who was willing to share his knowledge with ambitious individuals in developing countries, despite him lacking any admirers in his homeland. Needing to repeat the trick to sustain revenues just made each iteration less plausible than the one before. More importantly, telecoms professionals in developing countries are less willing to indulge the stereotype that they are backward compared to Westerners. So now I assume Mattison is slithering on his belly in my direction because he is running out of alternative ways of promoting his business. He will not find any kindness from me. I would rather stamp on a snake than cuddle up with it.

Some people know me through work involving genuine global associations, such as the TM Forum, the i3Forum, and now the Mobile Ecosystem Forum. It takes time to pursue collaboration through associations like these; the experience will inevitably prompt some frustration. That is why these genuine associations will never receive any contribution from an egomaniac dictator like Mattison. He has to behave as if all knowledge flows from him alone. I would prefer not to spend my time denouncing penny-ante imposters like Mattison and the fake association he runs from his garage. However, I feel such enormous disgust at the harm that Mattison has done that I will devote a little more time to warning newer readers about his shenanigans. Here is a brief reminder of occasions when Mattison and GRAPA showed their true colors.

There is nothing wrong with running a small niche training company that generates its income from entry-level workshops for fraud and RA analysts. It is very wrong to pretend to run an international association when it never organizes any working groups, never holds collaborative meetings for its participants, has no board or governance structure, and is dominated by a single individual whose only objective is to make money by exploiting the naivety of people in developing countries. Some problems can only be solved through collaboration. We need the whole world to be working together, making full use of the talents of experts from every region. However, the experience of dealing with Mattison has made me cynical about the overuse of ‘collaboration’ as a word. There will always be villains. Collaborating with villains leads to more villainy, not less. Villains will sometimes exaggerate their achievements or seek to dominate others through bribes and threats. Many of the responsibilities of a risk manager in the communications sector involve identifying imposters, seeking compromise with other players in the ecosystem, or countering monopolistic business models. But what really appalled me was that so many people who are supposed to be curious about facts and committed to the truth were willing to go along with Mattison’s deceit.

GRAPA’s foundation in 2007 depended on a brazen lie about what it was and who was running it, but some people in senior integrity roles went along with the lie in the hope that it might profit them too. That they signaled their willingness to reinforce such a petty and obvious deception taught the rest of us something profound about the more serious challenges that the communications industry faces. Even when the sham had fallen apart, and even though AT&T’s fraud experts should have a better understanding of Mattison’s status in this industry than anyone else, the US-led team at the CFCA was still openly boosting GRAPA on social media, presumably because some people spend more time playacting at collaboration than actually trying to accomplish anything tangible.

Integrity is not a slogan on a tee-shirt, to be put on and taken off as the wearer pleases. Integrity can only be attained if it is relentlessly pursued. That can mean getting your hands, clothes, and body dirty when you have to wade into the swamp. Nobody ever drained a swamp by standing on a hill and chattering some pretty words about collaboration. We need to dive deep to fix this industry. We need to make reputations matter again, which inevitably means encountering some dirt. Maintaining a memory and respect for reputation is crucial to tackling many problems, whether those reputations belong to our customers, to our businesses, or to our associations. We cannot succeed if the truth is always allowed to drown in a swamp of marketing. The snakes that breed in the swamp do not want their true natures to be made apparent. The onus is on the rest of us to bring the truth to the surface.

Other News

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email