Copying photos and the body text of a legitimate ad would certainly be a lot less time and effort on the part of a scammer than writing new custom scam ads every time.
Oh boy, story time. I encountered the opposite scam.
I was selling a house myself. I took photos, paid to have it listed, posted a sign out front, and posted ads in various places including CL.
Someone contacted me to say they responded to an ad on CL for a rental house. The prospective renter was told by the scammer he was out of town and that they could go to the house and look around the property. He would transact the rental remotely and mail them the keys if they liked it. They were also told to ignore the For Sale sign out front! They did go see the house but saw the For Sale sign and called the number - me - at which point we figured out what was going on. They had also spoken to the guy on the phone, who sounded foreign.
I found the CL fake rental ad, it was all of my photos from my sale posting, simply copied onto the fake rental ad. I responded to the ad and almost instantly got a long response from a Hotmail address. It was clearly a prepared response and included some clumsy standard rental application forms. Anyone who fell for this would have lost their rent/deposit/security as well as all their private info.
Local police couldn't do anything about it but traced the phone to a VOIP, dead end. CL pulled the ad.
It's pretty strong to assert that it is universally possible. From a technical perspective, yes, you can determine the origin of all VoIP calls in exactly the same way as you can determine the origin of all IP packets. This is to say, yes in theory, but in practice, no in many situations, not even necessarily when the origin has intentionally been obscured.
Cold-call spam may in many cases originate from corporate PBXs or VoIP setups which were compromised by an attacker. I'm not sure how common this is but know it happens as I have been involved in the response/cleanup on two different occasions. This is perhaps the most difficult to track case as it becomes a matter of forensics on the compromised PBX setup. This is less likely for inbound though because it's not a very stable arrangement. It is also not unheard of for non-VoIP telecom providers, generally overseas, to be themselves corrupt and involved in facilitating malicious uses of the telephone system (e.g. international calling termination rate scams).
On the other hand, there are a huge number of VoIP providers which may operate overseas, may not be very responsive to complaints and requests, and even unintentionally may not retain logs that allow them to identify customers. This means that when law enforcement determines that a call originated with a VoIP provider (via phone provide records), there is a high chance that getting information about that provider could require costly legal proceedings and even then result in a dead end.
I personally use a VoIP provider right now for completely non-malicious purposes that would probably be very difficult for law enforcement to identify me from because I know the provider to be overseas, small, and to have generally poor operational practices. This isn't even a provider which markets explicitly to criminal uses (which very much exist!), it's just an extremely cheap one.
Yes, law enforcement are certainly not doing everything which is possible. But it's far from a cop-out - law enforcement has limited resources and the way things are right now VoIP providers can easily become a very frustrating dead-end.
Nod. The cops were decent, they put some effort in, but it wasn't the crime of the century so they weren't going all-out with subpoenas for an attempted petty scam. Also, we couldn't find anyone who was actually burned, although this guy could have been operating many ads in many markets. It's a living, I guess.
More should be done to standardize VOIP tracking. It's a huge problem and this method is widely used for scams.
I don't know if caller id spoofing can be prevented though. I get on average 10 scam calls daily, some days more. My phone is on vibrate and am using this as a way to relax instead of geting upset. I stand up from my desk and take a walk around the office. It mostly doesn't bother me but sometimes when it catches me at the wrong time it does get to me and Id rather this stopped. Sure, my phone does give me the 'Scam likely' but I wouldn't pick up from phone numbers that are not in my address book anyway. And I if phone vibrates I check after I finish what I currently doing so it could always wait.
What bothers me is the ease with witch someone on the other side of the planet can do this. This thought only bothers me...
Neighbourhood spoofing is definitely a problem because I have on-call and it means it could be a known or unknown colleague (big org).
Then there’s the time the scammers called every number sequentially (or simultaneously?) in a number block, jamming the incoming/outgoing lines because we have an exchange code block, but only a reasonable number of lines.
I’m currently shopping for a house and have noticed tons of listing pictures are now watermarked with “not for rent”. Now I finally understand why. Thanks :)
