Sozobe
Sozobe, that's the trouble with posting links instead of the story text. They usually disappear quite soon. I searched through the archives and found it for you.---BBB
April 14 - April 20, 2004
Out of Africa
International Scam Artists Steal Big Money Through a New Telephone Service for the Deaf--and AT&T and the State of Maryland Benefit
By Edward Ericson Jr
Robert Grodevant liked the idea of helping the deaf. As a communications assistant--or CA--for MCI, he earned $10.50 per hour to translate incoming text messages typed by deaf, hard-of-hearing, and speech-impaired people into spoken words he then relayed to hearing people over the phone. He says he enjoyed his job. But he didn't like being an accessory to international organized crime.
For at least a year, crooks based mostly in West Africa have been taking advantage of an Internet-based telephone system known as Internet Protocol Relay, or IP Relay, meant for the deaf to use in order to speak to the nondeaf over the phone. Because IP Relay allows users to make free long-distance phone calls, the crooks cold-call businesses all day, every day. Using CAs like Grodevant as intermediaries and stolen or manufactured credit card numbers and cashier's checks, they buy everything from rolling papers and Bibles to sophisticated electronics in bulk. Most times they want their order shipped immediately to Africa so it's on the way before the merchant discovers that the credit card is no good. Other times they have little interest in the actual merchandise, but pay with a cashier's check made out for much more than the value of the goods, hoping the merchant will send back the "change" before discovering that the check is bogus. Another version of the scheme involves promising an American millions of dollars for helping to move an illicit stash of money--usually $10 million to $60 million--out of Nigeria. The American ends up paying an array of "fees," bribes, and taxes to complete the shady deal, but, of course, there is no stash of money and he or she loses everything.
This type of scam has come to be known to U.S. law enforcement by the number of the Nigerian law that prohibits it: 419. Believed by some to be Nigeria's second largest industry after oil, this brand of international fraud is so prevalent that the Nigerian embassy warns about it on its official Web site--twice. After decades of using direct mail and faxes, 419 scammers migrated to e-mail in the mid-1990s and now have moved to the telephone, using the anonymous computer-based IP Relay service and the earnest CAs to impersonate deaf customers and take advantage of hearing merchants.
"On one given day I calculated that I purchased over $40,000 worth of laptops, inkjet cartridges, and T-shirts, all shipped to Africa," Grodevant says. "Lately they have it shipped to a relative in the U.S. and they forward it to Africa."
Grodevant walked off his job at a Wisconsin call center in mid March, fed up with the scams he was helping to perpetrate. "Sixty to 80 percent [of the calls] were scams and they'd all last 30 minutes, 40 minutes, an hour and a half," Grodevant said in a recent phone interview. Because the scam calls lasted much longer than typical legitimate calls, in which a deaf user calls a friend or relative or orders a pizza, Grodevant says for most of his six-month stint as a CA he spent "damn near all of" his time facilitating scams: "You have deaf people waiting--when they have all these scam people calling, all the CAs are busy, and you have to wait two to five minutes to place a call."
Grodevant's experience is not unique. Several months ago he joined another CA who started an Internet bulletin board dedicated to the problem. Today more than 50 present and former CAs post on the board, all telling much the same story about their call centers around the country. Sources independent of the bulletin board say the same thing has been happening to the 200 CAs at the Maryland Relay call center in Baltimore, which is administered by AT&T.
"You wouldn't believe what AT&T relay operators are asked to do," says one source who has worked as an operator at the Baltimore call center. (Like many CAs contacted for this story, the operator demanded anonymity, saying "they warned us that if we speak to you we will immediately be fired.") The source estimates that until recently 90 percent of the IP Relay calls coming through the Maryland Relay call center were fraudulent.
Nigerian scams are but one annoyance CAs encounter on the job. They also facilitate phone sex and, frequently, endure prank calls in which college students and others call their friends--or even themselves--just for fun. But many CAs say the Nigerian scams bother them the most because they victimize small merchants, damage the reputation of IP Relay among U.S. businesses, and tie up a service the hearing- and speech-impaired need. More than that, the CAs say they're angry because they believe their employers--including three major telecommunications companies--could easily block the foreign fraudsters from access to the relay system but, at least until recently, have done little to do so.
Until the 1990s, most people with major speech or hearing disabilities who needed to use the phone had to rely on nondisabled friends and family to translate their calls, or on volunteer communications assistants employed part time by some states. The Americans With Disabilities Act of 1990 mandated better service, and the Federal Communications Commission, which has jurisdiction over the phone companies, encouraged those corporations to develop better and cheaper technologies to provide "functionally equivalent" phone service. Individual states were mandated to provide services for their residents, and in 1993 the United States became the first nation in the world to guarantee around-the-clock telecommunications access for the millions of Americans who are deaf, hard of hearing, or speech-disabled.
To make a traditional relay call, a deaf person uses a teletypewriter, or TTY--a keyboard with a small screen attached to a phone line--to dial a state relay operator, now called a CA. The CA reads the message typed by the deaf person, dials the requested phone number, and translates between the person typing and the person speaking. A hearing person wanting to phone a deaf person calls the relay service first, by dialing 711, and then requests the CA dial the deaf person's TTY.
IP Relay is one of several next-generation variants of relay in use today. Noting the increasing ubiquity of personal computers and the Internet, MCI, then known as WorldCom, started offering a Web-based portal into its call centers officially in February, 2002. Using any computer, deaf people--or anyone else--suddenly had access to the U.S. telephone network, with a CA as an intermediary. This freed the deaf and others from the need to have a TTY handy to make a phone call (they are rarely found in public places), and a personal computer's larger screen made reading messages easier as well. IP Relay is a "major technological advance for the deaf community," says Steve Johnson, MCI's vice president of Information Services and Solutions.
IP Relay may offer hearing- and speech-impaired users new freedoms, but the activities of the Nigerian scammers mean they may have to wait longer to exercise them. By tying up operators, the scammers sometimes force legitimate users to wait to make a call. Grodevant says that was common at his call center, and records from the Maryland call center on file with the FCC hint of a problem here as well.
At the request of Telecommunications Access of Maryland, an office of the Maryland Department of Budget and Management that oversees the state's contract with AT&T relay services, an independent evaluator placed 502 Maryland relay calls during two successive business quarters. Calls encountering "all operators busy" increased from six in December 2002 to 25 in February 2003--a fourfold increase in that single category of complaint, even while other criteria such as typin accuracy and speed improved. Busy operators are a sign of higher-than-predicted call volume--and possible evidence of the Nigerian scam problem--although the report left open the possibility that bad weather on one test day caused some of the increased busy signals.
Once hearing-impaired users do get through, sometimes after several minutes of trying, they often reach merchants who tell CAs they won't accept relay calls because they've already been scammed--or are just tired of receiving scam calls. In a Feb. 9 posting on its Web site, the federal Internet Fraud Complaint Center reported a "dramatic increase in the number of complaints from on-line businesses, who have been victimized by the perpetrators' inappropriate use of the IP Relay to facilitate their criminal activity."
It's "certainly an issue in the deaf community," Barry Strassler, editor of the online newsletter Deaf Digest, writes in an e-mail. "I know of several deaf people that were turned down in their efforts to make purchases via IP Relay because some big box stores, having been burned, no longer accept such orders. And if they need to make such purchases, they need to go to the store in person."
Mark Drolsbaugh of North Wales, Pa., says his wife, who is deaf, was one of those people. "My wife got blown off by the manager at OfficeMax in Montgomeryville, Pa.," he writes in an e-mail. "Wifey was only calling via relay to find out [if an item was in stock] that we planned to pick up in person if the guy could just answer our question. He instead referred us to a national 800 number and wouldn't have anything to do with us. We went down anyway, met with him in person, and that's when we learned about the IP Relay fraud."
Even ordinary citizens have been contacted. Marty Powell, a Kentucky man trying to sell the shell of an old Land Rover online, got e-mails from a buyer who claimed to be in New Zealand. The buyer offered Powell his $2,000 asking price plus shipping (via a Nigerian shipping company), to be paid by a $6,000 cashier's check--but he also wanted some change from that. "So he calls me on the relay service," Powell says. "It kept getting disconnected. I guess Internet service isn't all it should be in Nigeria."
In fact, some CAs--like Grodevant--say they intentionally disconnect the scammers to thwart their scams, in violation of the rules they are supposed to live by. In his case, Powell says the CA called him back after the disconnect to warn him about Nigerian scams--another violation. In either case, operators who break the rules do so at the risk of losing their jobs.
Once cautioned, Powell consulted his bank when he got the check in early March, only to discover it was forged. "If that service operator hadn't tipped me off, I'd like to think that things were strange enough that I would still have caught on to it," he says. "But cashier's checks I was taught were gold."
Although the deaf community is becoming aware of the problem, so far its leadership has not spoken out beyond the American Association of the Deaf issuing a press release in March warning the deaf community to watch out for scammers and admonishing business owners to accept IP Relay calls. Messages left with the American Association of the Deaf were not returned; the president of the Maryland Association of the Deaf, Lee Smith, referred an e-mail outlining the fraud problem to the director of Telecommunications Access of Maryland and otherwise refused comment about the issue. By press time, Telecommunications Access of Maryland director Brenda Kelly-Frey had not responded to repeated attempts to reach her.
Part of the problem may be that the deaf community, for so long relegated to a communications backwater, is worried about what scam problems bode for the IP Relay system. That's what Ed Bosson, the Texas-based chair of the National Association for State Relay Administrators, surmises. "Maybe they're worried that Internet relay will be closed because of that," Bosson, who is deaf, said in a recent relay call. "I know the Maryland Relay administrator and I guess she is being cautious and wants to protect the Internet relay. Internet relay is very, very nice."
Another part of the problem in Kelly-Frey's case may be embarrassment that the state of Maryland indirectly benefits from the scam calls.
States collect a 20-cent monthly tax on local telephone service from each customer and use that money to pay the relay companies to staff call centers 24 hours a day, seven days a week. States monitor performance of the relay providers (relay companies must answer 85 percent of incoming calls within 10 seconds) and occasionally put the service out to bid. AT&T, for example, won the Maryland state contract in 2002, after Sprint held the contract for 10 years.
The relay companies are paid from the state fund whenever they handle in-state calls. Interstate calls are funded by the federal Telecommunications Relay Service Fund, a pool of money collected from the 4,300 long-distance phone companies.
After MCI demonstrated IP Relay technology to the FCC, it asked that it be paid by the federal Telecommunications Relay Service Fund for all IP Relay calls at the same rate as interstate TTY relay calls. The FCC began allowing payment for IP Relay calls in April 2002, and today the four companies that offer IP Relay service--AT&T, MCI, Hamilton Relay, and Sprint (plus nonprofit Communications Services for the Deaf, which is a Sprint subcontractor)--make $1.368 per minute to process every call, scam or legitimate.
The FCC agreed to use the Telecommunications Relay Service Fund to pay for IP Relay for the same technical reason that allows easy access by scammers: unlike phones, which can be quickly traced to a particular location, computer IP addresses are not tied to any place. As one FCC document put it, "WorldCom states that there is no way of determining the origin of IP Relay calls, because Internet addresses have no geographical correlates."
Regulators and consumers alike figured the new IP Relay service would soon begin to displace the clunky old TTY system. If more callers started using the federally funded IP Relay system, the theory went that the states' share of the financial burden for in-state calls would decrease. "I can imagine how it could benefit the state, because it does reduce the traditional call volume," Bosson says.
Maryland Relay administrators thought so too and made a deal with AT&T to take advantage of it. That agreement "allows AT&T's national and Internet Protocol Relay (IP) calls to be processed through the Maryland Relay Center with the understanding that Maryland Relay calls are the center's top priority," according to Telecommunications Access of Maryland's 2003 annual report, published in January. "This decision not only creates a larger pool of Maryland Relay Operators dedicated to processing calls during emergency or unusually high call volume situations, but also provides significant economic benefits to the state."
Telecommunications Access of Maryland spokeswoman Nancy Seidman referred questions about the relay service to the state attorney general's office. Later, Ellis Kitchen, chief information officer at the state Department of Budget and Management, called and said that on the question of the state's benefit from IP Relay, "our position is that they're not related" because "the state doesn't pay for that."
Asked to square that position with the agency's annual report, which says, "Although Maryland Relay traditional Relay call volumes are declining, the volume of Internet Protocol (IP) Relay calls is increasing dramatically, thus keeping the cost-per-minute rate of Maryland calls lower," Kitchen referred the question to Assistant Attorney General Steve Sakamoto-Wengel.
When contacted, Sakamoto-Wengel said he is unfamiliar with the issue, but after being briefed he referred the matter to the Maryland Attorney General's criminal investigations division.
For about a year, IP Relay communications assistants have been surreptitiously teaching one another how to foil the scams while holding on to their jobs. They've not only disconnected scammers and warned the potential marks, they've contacted the FBI, the Secret Service (which has jurisdiction over Nigerian scams), the FCC, and this newspaper, where an emotional anonymous voice-mail message from a Baltimore Relay CA triggered the reporting for this story. Several months ago, one CA started an Internet bulletin board under the title "Nigerian Scams Using IP Relay" to allow CAs to anonymously gripe, trade tips, and alert law enforcement, regulators, and the media to the problem.
Authorities are finally taking notice. The board's administrator, who goes by the alias Buster Scambles, says he's got an FBI agent and the NBC television show Dateline interested. Calls to the FBI from City Paper were not returned, although a Secret Service agent takes down the details with interest. "I have to admit to you, this is the first I have heard of this," says Jeff Gappert, the assistant special agent in charge of the Secret Service's Baltimore field office.
The FCC is also beginning to address the matter of IP Relay scams. "In fact, this is a concern," says June Taylor, chief of staff for the FCC's Consumer and Government Affairs Bureau, which oversees IP Relay. But the FCC will not investigate the fraudsters or the telephone companies facilitating the fraud, she says, as issues involving wire fraud are handled by the Federal Trade Commission and the FBI.
Taylor says she's read only one complaint about relay fraud, but acknowledges that part of the problem is that the CAs, who know most about it, are not allowed to talk about it.
FCC regulations require CAs to keep call information secret, to protect the privacy of the callers. The phone companies, in turn, require CAs to sign an oath of secrecy promising not to discuss "any information pertaining to relay users or call content with other Relay Operators, friends or family members," in the words of MCI's Pledge of Confidentiality and Code of Ethics. The phone company rules as put forth in the same document also state that CAs face "immediate dismissal, without prior written warnings or probation," for any violation.
The rules are meant to allow relay users the same rights enjoyed by hearing people. "That's what makes this a useful service to the deaf community," says Sprint spokesman Steve Lunceford. "If the community learns this is broken down, then the system doesn't work for them. They can order a pizza, but will they order a prescription?"
Grodevant and other CAs who post to the "Nigerian Scams" bulletin board say that they keep strict confidentiality when dealing with legitimate calls from deaf people. But some CAs say they feel no allegiance to the scam callers, who are obviously not deaf (they often misuse typed shorthand common among hearing-impaired users) and, as foreigners, not authorized to use the service in the first place. "My social responsibility is stronger than the company's greed and I report anything I can," one CA posted on another bulletin board last November.
The CAs argue over tactics, some refusing to warn people being scammed, for example. But most of them are united by the belief that their employers have neglected to stanch the flow of scam calls because those calls are so profitable.
"It's antithetical to the way we would do business around here," AT&T spokesman Roberto Cruz says when asked about allegations that his company allows the scams to continue simply to reap more profits. The scam calls, although "unfortunately . . . a growing trend," are an unavoidable fact of life, Cruz says. "As you might know, we're restricted by FCC rules and guidelines from preventing these kinds of calls."
The other companies say much the same--that they're awaiting guidance from the FCC. But current FCC guidelines do not restrict relay companies from preventing foreign scam calls from connecting in the first place. And AT&T doesn't need the FCC's permission to restrict calls from overseas.
According to AT&T's IP Relay license agreement, "to be an 'Authorized User' you must reside within and place the IP relay call from within the domestic United States. . . . AT&T may investigate and help prevent potentially unlawful activity or activity that threatens the network or otherwise violates the customer agreement for this service."
Sprint's IP Web site specifies, "No international calls permitted," and Hamilton Relay's "terms and conditions" say the same.
MCI's site does not specifically prohibit international calls, but Grodevant says a strange thing happened in early February of this year: Suddenly the scam calls stopped. He asked a techie friend what happened. "They said that all these calls were going through one server [at MCI]," Grodevant says he was told. "And MCI made the decision to unplug that server." Another CA working for MCI, this one in California, confirms that scam calls dropped significantly around that same time.
Grodevant's job became enjoyable again, he says, as he was able to help actual deaf and hard-of-hearing folks and even occasionally take a break between calls. Then, on a recent Saturday, the scam calls started coming back. On his screen, he started seeing the words "IP Relay International" popping up again. It was the same old routine. (The California CA confirms that calls came back at his call center as well, though the problem went down again soon after.)
Thus, Grodevant says, he figured the bosses could adjust the scam traffic at will: "One really suspicious thing is on really slow days these calls go up."
"That is an incorrect conclusion--we don't manage traffic in or out or turn it off or on in any fashion," says Steve Johnson, MCI's vice president of Information Services and Solutions. "We are proactive to make sure [the tech staff] can cut off [scam calls]--it doesn't mean the other side doesn't continue to probe, if you will."
Johnson describes an ongoing cat-and-mouse game at MCI, pitting company technicians and software that tracks scam computers against the scammers. "We run very sophisticated Internet types of databases and our own screening software to identify high-fraud IP addresses, and we block those addresses," Johnson says. "We started [blocking] during the third or fourth quarter of last year. We're better at it now. It's something that you really have to keep doing."
A source who has worked at the AT&T call center in Baltimore says international calls coming into the center were blocked shortly after City Paper began inquiring about the issue. "Right away the fraud calls dropped off," the CA says, estimating that the volume of IP Relay scam calls as of the first week of April had decreased to 40 percent, from the usual 80 percent. "They could have blocked them the whole time, and they didn't," the source contends, "because they were being paid."
AT&T spokesman Cruz says his company can block scam calls but would not reveal whether AT&T had ever blocked IP addresses, or for how long. He emphasized that such addresses are not tied to geography. "The main thing to walk away with is that fraud, as we all know, is a terrible thing, and it's unfortunate that some people have latched on to this," Cruz says. "It's a darn good service. And it's unfortunate that some people are trying to abuse it."
Officials from AT&T, Sprint, and MCI all say that the IP Relay fraud is a recent phenomenon, and a very small part of the service. "This is totally new," says Sprint spokesman Lunceford. "It's really cropped up over the past--oh, say within the past 60 to 90 days."
MCI's Johnson echoes Lunceford, saying fraud calls are "an extremely small number" of the total IP Relay calls processed.
AT&T's Cruz says "over the past few months we've seen a spike" in fraud calls. But he refuses to be more specific about the timing of the spike or the overall fraud volume. Cruz and Lunceford both emphasize the confidentiality of the relay service. Cruz takes it further, saying that to discuss even such general estimates of the problem could run afoul of FCC regulations--and the corporate prerogative to keep its information private.
"The rule is you don't violate the confidentiality of calls, period," Cruz says. "Once you step outside that arena you are discussing issues that are proprietary, that belong inside the company."
Cruz does say, however, that "I don't think 80 percent is right" as an estimate of fraud call volume. And he derides anonymous CAs as sources lacking "credibility."
Lunceford contends the CAs who post to the "Nigerian Scams" bulletin board are not necessarily representative of the whole industry. "That board is a very vocal group, but I think it's a very isolated group," he says. "Like many internet communities, it's a very passionate group."
But members of the group like Grodevant, who posts under the screen name origdisconnect, are in a position to estimate scam-call volume. Besides handling calls themselves, they overhear conversations in the cubicles around them, and they watch as colleagues are fired, or quit, or just stop showing up for work because of the fraud calls.
The CAs also say the fraud problem is much older than a few months or a few business quarters. "It started as soon as IP Relay started," says the Baltimore CA.
An October 2003 memo AT&T management sent to its communications assistants and posted on the Internet by a CA supports the claim that IP Relay fraud is an established and well-known problem in the industry. Titled "IP Relay and Fraud calls--A watching and waiting game," the memo calls scam calls "an industry-wide issue." The memo refers to comments, actions, and updates "during the past six months," meaning that scam calls were already an acknowledged industry problem by April 2003.
The memo tells the CAs to handle the scam calls like any other, while the company awaits instructions from the FCC. "We share the same concerns about these difficult calls," the memo reads. "However, we have not been given the direction or authority by the FCC to intervene, or restrict, the calls at this time."
The tendency to await FCC guidance continues to this day at Sprint. Asked about Sprint's ability to block the scammers, Lunceford says the matter is up for debate--even though CAs working in his company have already reported apparent scam-call blocking. "Are we able to track IPs, and do it accurately? It's something we've been studying," Lunceford says. "Will the FCC allow us [to block scam calls]? It's something we're trying to get a handle on . . . , and part of this is also a competitive issue."
Sprint, Hamilton Relay, AT&T, and MCI are always competing--for long-distance customers as well as specialized relay contracts. The companies can be more competitive and make more money by keeping call volume in their relay centers high.
The federal Telecommunications Relay Service Fund, which pays for all IP Relay calls and other interstate relay services, is administered by the National Exchange Carrier Association, a nonprofit corporation created by the FCC in 1983 after the breakup of mega phone company AT&T. Each year the National Exchange Carrier Association estimates how big the Telecommunications Relay Service Fund will need to be, and the FCC turns the association's estimates into a tax--called a "contribution factor"--to be paid by each long-distance company, based on their gross income. Most companies pay monthly.
According to National Exchange Carrier Association documents, the contribution factor has increased substantially since the system started in 1993. Under the original payment plan, the carriers contributed 3 cents for every $100 they took in. By 2000 the contribution factor was 7.3 cents per $100, and it remained steady until the end of 2002, as IP and webcam-based video relay for sign-language users rolled out. Since then, the contribution factor has nearly tripled, to 22 cents per $100.
Unanticipated high volume of IP Relay use has caused much of this contribution factor increase, National Exchange Carrier Association documents show. On Jan. 16, an association official sent the FCC a letter revising its forecasts of both IP and video relay growth. "NECA has found that actual minutes have significantly outpaced projections," the letter read, and revised the earlier annual projections of 28 percent IP Relay growth and 30 percent video relay growth to 79 percent and 196 percent, respectively, for fiscal year 2003. The fund that pays for IP Relay calls ran short of money by January 2004, and administrators requested a increase of the tax on long-distance carriers to make up the shortfall. The increase totaled $55 million--and that is meant to cover the fund through June.
"What we think is that people are transitioning from the old text telephone into the use of the Internet," says Maripat Brennan, the Telecommunications Relay Service Fund administrator. "I guess the good news is that these services are growing by leaps and bounds, but we needed more money in the fund." Asked to outline the steps the National Exchange Carrier Association is taking to curb the extraordinary fraud rates CAs are complaining about, Brennan demurs. "I don't know that that's accurate," she says.
The association's records of IP Relay figures reveal that between June 2002 and November 2003 total IP usage was 44.8 million minutes. At $1.368 per minute, the total cost of IP Relay to long-distance companies was more than $61.3 million, a cost passed along incrementally to consumers. If CA estimates that as much as 80 percent of that use was fraud are true, then the Nigerian scammers cost Americans using long distance $49 million as of November 2003. The National Exchange Carrier Association projects total IP Relay minutes between December 2003 and June 2004 at just over 40.3 million minutes. If those projections hold and the alleged amount of fraud is not curbed, then the IP fraud calls could cost all Americans who use long distance an additional $44 million through June 2004.
In other words, if what Grodevant and other CAs say is accurate, then thousands of U.S. long-distance phone companies--and their customers--could by June have paid the handful of phone companies running IP Relay $93 million just to facilitate fraud on Americans. And that's just for the calls alone, not including the unaccounted-for millions lost to the resulting scams. If the amount of scam calls is a mere quarter of what the people who take the calls claim, the cost could then total $23 million.
Scam-call volume estimates as high as 90 percent have been routinely bandied about the "Nigerian Scams" bulletin board, and none of the 50 or more CAs who've posted so far has disputed those numbers, even if they've sometimes posted percentages as low as 20 percent. The first anonymous caller to City Paper estimated 80 percent. Another source with close ties to the Maryland Relay center in Baltimore confirmed that estimate, and two other CAs working for different companies confirmed that figure via e-mail.
Perhaps the most intriguing evidence of Nigerian scams' ubiquity, however, is a Web-based T-shirt emporium, found at
www.cafeshops.com/relaywear, peddling T-shirts with fraud-related insider slogans: i want 50 laptops!, do you ship to ghana?, and one occurrence away from getting fired.