The past year has been a period of progress across several fronts. Nuisance robocalls rose 13% last year according to the 2019 Robocall Investigation Report, while scam and fraud robocalls (the highest risk category to consumers) actually decreased 18% in 2018 from the prior year. The decrease in high risk robocalls suggests recent FCC enforcement actions, such as record fines, alongside proactive carrier and industry efforts that leverage analytics are starting to have a positive impact.
Regulatory and Enforcement Efforts Paying Off
The FCC has focused significant policy-making and enforcement resources on confronting malicious caller ID spoofing. Changes in technology have made it easier and cheaper for scammers to make robocalls and to manipulate caller ID information.
For example, the FCC fined telemarketer Mr. Philip Roesel and his companies more than $82 million for illegal caller ID spoofing and imposed a fine of more than $37.5 million against Affordable Enterprises of Arizona for purportedly making millions of illegally-spoofed telemarketing calls that appeared to originate from consumers and other numbers not assigned to the company. There was also an $82 million fine of a telemarketer which made more than 21 million robocalls to market health insurance.
In addition, a $120 million fine was levied against Mr. Adrian Abramovich for similar activity. In November of 2017, the FCC adopted rules allowing providers to block calls from phone numbers on a Do-Not-Originate (DNO) list and those that purport to be from invalid, unallocated, or unused numbers. Carriers have begun to block some of these calls permissible by the FCC order.
Despite the progress, significant hurdles remain as robocallers continue to adjust tactics in order to elude detection. For one, the same report saw negative call traffic from Canadian numbering resources grow over 100 percent in 2018, and identified three additional robocall challenges that must be addressed in the coming months:
VoIP-originated robocalls
Not surprisingly, VoIP-originated calls continue to generate almost 50% of the negatively scored calls by total volume. Providers that a
A carrier that doesn’t follow established hardware standards (such as Skype) or locks subscribers out of configuration settings on hardware which the subscriber owns outright (such as Vonage) is more restrictive. Providers that market “wholesale VoIP” typically allow any displayed number to be sent, as resellers will want their customer’s numbers to appear.
There are legitimate reasons to modify the calling number, however, bad actors use this same technique to hide their identity. The distribution of nuisance calls is led by VoIP and other non-carrier assigned numbers.
Call spoofing becoming more sophisticated
Robocall spoofing in general remains a preferred scammer tactic – and spoofers are hijacking mobile numbers with few signs of slowing down. TNS’ data finds that 1 in 4,000 mobile numbers are now being hijacked by robocall spoofers every month, which is causing 20% of people who have had their number hijacked to disconnect their phone.
Neighbor spoofing also remains prevalent. High risk (scam/fraud) calls using neighbor spoofing now accounts for 24% of all negative calls – up 5 percentage points from the prior year. With neighbor spoofing, no matter where the call originates, the information on the receiver’s phone matches or closely matches the area code and several digits similar to one’s own phone number – which makes the consumer more likely to trust the call and pick up. Spoofers are also more elusive, using snowshoe spamming to make themselves more difficult to detect. This type of spamming resembles neighbor spoofing where the bad actor will spoof a local number but will spread those calls in high volume over several numbers each day over several days, using deceptive call practices that are difficult for Over-The-Top (OTT) robocall applications to detect. By the time the OTT application determines the number to be from a bad actor, the bad actor has moved on from that number to a new one.
Robocall spoofers are also tapping into political fears surrounding federal law enforcement, as there has been a rise in phone scammers posing as immigration, drug enforcement and social security officials telling people they will be arrested unless they pay fines. To make these scams even more effective, the latest iteration of these fake calls are spoofing legitimate federal agency Caller IDs. The DEA, DHS and Social Security Administration have all reported increased spoofing of their phone numbers for scams this month.
Another tactic scammers are employing is spoofing of legitimate toll-free numbers. More than two-thirds of the calls from legitimate toll-free numbers are identified as nuisance or high-risk. A common technique used by the bad actors is to spoof a legitimate toll-free number which then appears to a subscriber that the number calling them is legitimate. Earlier this year, a convincing scam whereby Apple’s logo and 800-MY-APPLE customer care number showed up as an incoming call on mobile phone screens made the rounds. If the person answered, the scammer would phish for personal information telling them there was something wrong with their Apple ID.
Of course the Apple support line only calls customers after they have issued a trouble ticket and want to be called by Apple. Still, many people might fall for the convincing spoofing tactic. Evidence of its potential success is the fact that we tracked that the call volume for this specific spoofing scam peaked earlier this year in excess of 100,000 robocalls per day.
Tier 1 carriers aren’t the problem
STIR/SHAKEN is an FCC-supported call authentication framework that provides verified information about the calling party as well as the origin of calls, enabling service providers to sign and legitimize calling numbers. Its goal is to help individuals answering the phone know whether calls they receive are from legitimate parties, or from automated voices aiming to scam them out of money or data.
While leading U.S. carriers are moving towards STIR/SHAKEN implementation, a majority of cross-carrier U.S. wireless voice traffic does not exclusively transit the networks of the largest carriers, allowing bad actor robocallers to simply continue originating traffic from Tier 2 and 3 carrier networks that do not deploy STIR/SHAKEN compliant solutions. Many of these smaller, regional carriers lack financial resources to deploy their own STIR/SHAKEN authentication.
The fact that the robocall challenge is not limited to the largest carriers is supported by data from the TNS 2019 Robocall Investigation Report: while almost three-quarters of all calls, positive and negative, come from tier one numbering resources (AT&T, CenturyLink, Comcast, Sprint, T-Mobile and Verizon), only a little over 10% of the calls from those carriers are considered high-risk.
While spoofed calls primarily originate from VoIP services, customers on all types of networks are bothered by nuisance calls. However, it is not possible to deploy STIR/SHAKEN on legacy circuit-switched networks since it is an IP-based standard and framework, which means consumers will still receive spoofed calls.
Broader carrier deployment of STIR/SHAKEN – along with the ability to accurately identify spoofing calls – can mitigate robocaller use of call spoofing. In addition, Tier 2/Tier 3 carriers should consider additional strategies to protect subscribers:
-
Look to analytics providers that provide managed services for mitigating robocalls using advanced machine learning and real-time AI that is now available to them as a way to detect call patterns and stay ahead of the constantly evolving tactics of negative robocallers.
-
Deploy a service to their subscribers that displays alert messages of potential spam, nuisance or high-risk calls using the managed analytic service.
-
Investigate STIR/SHAKEN options that provi
de hosted, fully managed solutions that allow them to go-to-market quicker and at a lower cost. -
Supplement the unstructured data provided by the aforementioned AI/ machine learning methods with crowdsourced data from subscribers. Crowdsourcing allows the analytics layer to provide information at a more granular level, such as whether a telephone number is being used to offer free cruises, or is a legitimate call from a bank concerning an account.
Bad actors are launching more sophisticated robocall campaigns, but data from our 2019 report finds glimmers of hope for the year ahead with a decrease in high risk robocall volume, a trend that can continue with carrier deployment of STIR/SHAKEN, further FCC and FTC enforcement actions, and more innovative robocall detection, alerting, and block