I doubt that there is much that they can do about that since they are just a gateway. Even if they were to blacklist every CID they were told about, that would be an impractical whack-a-mole process requiring expensive investigation and appeals structures. This would also then become a problem where legitimate users (for some definition of legitimate) would then be victims of these take-downs.

It is somewhat analogous to demanding that your ISP take down websites you don’t like or block them for all users (which turns into the aforementioned whack-a-mole process): They are just a gateway.

I suspect that you need to educate your users about what is/isn’t real as opposed to expecting some authority to remove the problem. Not a trivial solution, but one which should be far more robust as it is likely to generalize into other permutations of this problem.