SmartPhone Robocalls – A Tangled Web (CYBR650, Week 3)

In Krebs on Security, Brian Krebs covered an interesting case of a robocall that a reader decided to investigate further.  Most of us have received robocalls on our home phones, and now on our smartphones.  It even seems that the frequency of these have been increasing.

Many of these calls actually sound like a real person looking for someone, but it is really a clever AVR or automated voice response system.  When I receive a robocall, I typically assume that there is just that one entity or company involved in annoying me in an attempt to sell some dubious service.

As Krebs on Security reports, behind that singular call might be a tangled web of connected organizations.  This reader who received the call had become increasingly irritated at getting these calls and decided to stay on the line to play along.

The reader ended up being connected to a representative at creditfix.com.  Later, the reader tried calling the phone number back that had called him and found it disconnected, “suggesting it had been spoofed to make it look like it was coming from his local area” (Krebs, 2017).

He then looked up the domain creditfix.com and found it registered to someone named Michael LaSalla with a mail drop in Las Vegas.  The IP address used by creditfix.com is registered to a company called System Admin, LLC in Florida who lists LaSalla as a manager.  A search for the company’s physical address turned up a filing with the FCC that showed the CEO of System Admin, LLC to be an entrepreneur associated with founding voip.com, an internet telephone service.

After reaching creditfix.com by email, their compliance department said that creditfix.com was likely scammed by a lead generation company called Little Brook Media, a “marketing firm in New York City.  Krebs reports that multiple attempts to contact Little Brook Media were unsuccessful.

As this tangled web points out, the company placing the robocall might not be the company one gets connected to.

 

Reference:

Krebs, B. (2017, June 25). Krebs on Security. Retrieved June 25, 2017, from https://krebsonsecurity.com/2017/06/got-robocalled-dont-get-mad-get-busy/