It should come as no surprise to anyone who’s answered their cellphone in the past year that calls from scammers are reaching astronomical levels nationwide.
Industry reports offer statistics that would boggle the minds of past generations used to the landline-jamming pitches of credit-card companies, travel agencies and the like. Based on survey data, industry trackers estimate 26 billion to 48 billion so-called “robocalls” were placed in the United States last year, likely costing Americans somewhere near $10 billion lost to scammers seeking personal information, including credit-card and bank-account access.
Most of those calls were made to cellphones using technology that has outpaced regulators’ ability to consistently pinpoint those that are breaking the law. But there is some optimism among lawmakers and the industry that there soon may be an answer to what Federal Communications Commission (FCC) Chairman Ajit Pai called “a scourge” in 2016 — when the average American was receiving about half as many phony phone calls as they can expect now.
“Effectively, we’re in an arms race against these robocallers,” said Jonathan Nelson, director of product management for Seattle-based Hiya, which offers a free smartphone app intended to detect potential spam phone calls. “We are actively trying to detect them, and they are actively trying to avoid that detection.”
That has led to a rise of what’s been dubbed “neighbor spoofing,” a technique that, when paired with the automated calling systems tied to computers that robocallers have been using for years, has led to increases in the number of phony phone calls and the number of unwitting cellphone users who pick up. When this technique is used, the number that appears on a cellphone’s caller ID screen will appear similar enough to one’s own phone number (likely the same area code, with a few different digits) that the recipient is more likely to answer.
Even if there doesn’t appear to be anyone on the other end of such a call, simply answering could leave the recipient with future headaches. Regulators have warned that such phone calls are likely the first step of potential scammers, trying to determine if there’s a live person behind a specific phone number.
There are legitimate uses for spoofing a phone number, like when the City of Spokane’s 311 service calls a resident back after they request assistance on their utility bill or when the local school district calls to inform parents that classes are canceled because of snow. Despite coming from one extension within the phone system, the spoof makes it appear as if the call is coming from a unified number that recipients would recognize.
The problem occurs when a person or agency is blanket calling cellphone numbers, likely from an offshore location, and uses the same technique to make it appear the call is local. That type of call is not only dishonest, it’s illegal under a federal law passed in 2009.
But those calls are hard to detect by regulators, who are inundated with reports of scammers. The Federal Trade Commission (FTC) reported more than 7 million complaints in 2017 from people who had signed up for the federal Do Not Call registry who received marketing phone calls anyway, and another 5 million complaints were lodged last year, almost 4 million of them robocalling cases.
“The vast majority of all marketing is illegal spam, because the financial incentives are so strong,” said David Johnston, an Austin, Texas-based tech entrepreneur who has worked on artificial-intelligence strategies for telecommunications firms.
While the potential revenue for scammers amounts to billions of dollars annually, FCC and FTC enforcement has not kept up. In a report published in February, the FCC said it had issued $246 million in fines between 2010 and 2018, while the FTC — responsible for enforcing a different set of telecommunications laws — reported roughly $120 million in fines and civil penalties against robocallers.
To date, those agencies have been urging the nation’s largest telecommunications firms to institute a fix for phone spoofing, a technology that carries the espionage-laden acronym “SHAKEN/STIR.” The system creates a new signature for each individual phone number that must be authenticated by the carrier, essentially a guarantee from the phone company that the caller is legit.
“In the handshakes that the carriers make today, they’re adding a new header to it, a new field to it,” Nelson said. “They’re saying, ‘I am carrier X, and I am asserting that the person making this call, I trust them, that this is their phone number and I’m putting my reputation on the line.”
The implementation of that technology is being spearheaded by two groups representing the telecommunications industry. Marc Robins is the Connecticut-based president and managing director of the nonprofit Session Initiation Protocol (SIP) Forum, one of those agencies.
Robins points to legislation currently working its way through Congress that should encourage many of the larger carriers to speed up putting the technology in place.
“The interesting thing about robocalling, is its one of the few things that is nonpartisan these days,” Robins said.
The legislation, introduced by Sens. John Thune, R-S.D., and Edward Markey, D-Mass., gives the FCC greater authority to impose civil penalties of up to $10,000 against those who knowingly violate federal robocalling laws. More importantly, Robins says, it would require phone carriers to implement the technology to authenticate phone calls across networks within 18 months of the law’s passage.
“It puts teeth in the law in terms of law enforcement,” Robins said. “We assume it’s going to be passed very soon.”
The proposal passed out of a Senate committee that includes Sen. Maria Cantwell, D-Wash., earlier this month and may now be considered by the full legislative body.
Some of the larger carriers, including T-Mobile, AT&T and Verizon, already have taken steps voluntarily toward adopting the technology, Robins said. The only obstacle that remains is what a verified call should look like on the device of a user, he said.
Meanwhile, the FCC is continuing to encourage phone users to hang up on calls that appear to be scams. Even answering a question with a simple “yes” could be a step toward opening yourself up to a potential identity theft, as scammers can use your recorded voice to authorize purchases.
Apps like Hiya, which use analytical data from users and a database compiled by the firm’s parent company, White Pages, are available to help screen calls until the new anti-spoofing system is in place. Even with that technology coming online, spammers are likely to continue to figure out new ways to try to cheat the system, Nelson said, including buying legitimate phone numbers and using them until regulators catch on, then moving on to the next number.
“I’ll be honest, I would love if it rendered me obsolete,” he said. “It would mean we’d won, and the scammers have stopped.”
Other options would be more expensive, but as long as scammers can find a lucrative target, they’ll keep making phone calls, Nelson predicted.
“There’s always going to be ways around it,” he said.