Scammer on Line One
RING... RING… RING
“Your telephone number was qualified by our booking system to receive an all inclusive, complimentary stay. For further details, press one now.”
“This is the information that I promised you about bringing in $10,000 or more every 10 to 14 days.”
“Hi, this is Rachel from Card Services calling about your credit card account. It appears that you are now eligible for a significantly lower interest rate on your account….”
Sound familiar? You’re not alone. With approximately 5 billion robocalls every month in the U.S., constituting nearly a third of all calls, we all get them. Too many of them.
They don’t care if you’re driving to work, in the middle of dinner, or watching your kids in the school orchestra. RING... RING… RING.
And while some are legitimate, many are pure, illegal scams. The minute you “press one to speak to a representative,” you’ll get connected to a scam artist whose goal is to convince you that you’ve won a prize, owe the IRS money, or will go to jail if you don’t give them your credit card, wire money, or send gift cards. Beyond direct payments, some scammers seek to commit identity fraud to take over and empty your bank, brokerage, cryptocurrency, and other accounts.
Unfortunately, some robocalls are even legal, even if they are of questionable legitimacy. For example, you may have someone trying to entice you into a misleading get-out-of-debt program or a credit card with a too-good-to-be-true rate that turns out to be only an introductory rate. Or maybe a call center for a health insurer will bamboozle you with technical details about insurance, hoping to convince you to switch plans. The elderly and other disadvantaged populations such as immigrants are particularly vulnerable and often preyed upon.
Because it’s so lucrative for scammers, and so hard to stop them or punish them, they keep coming, inventing new scams, and mutating new variations. As WIRED recently put it in a headline, the robocall crisis will never totally be fixed.
RING... RING… RING
New attacks need new defenses
If you’ve installed one of the well-known robocall-blocking or call identification apps (like TrueCaller, Robokiller, Nomorobo, or Hiya), you know that they can help but don’t fully get the job done. The calls slow down a bit, but some get through. And they keep coming.
That’s because most of today’s robocall blocker apps work via what’s called a “blacklist” model. That is, they maintain a list of known robocallers, match up incoming calls to it, and block the ones that match the list. New scam numbers are always being added to these lists, which can get sophisticated with user-reported numbers, predictive blacklisting based on patterns across a user base, and so on.
But the blacklist approach has a major flaw–spammers can get around it by “spoofing” legitimate numbers. With the spoofing technique, a robocaller can set a third-party phone number—an innocent-looking, generic one, or one in your area code and local exchange–as the callerID for their thousands of outbound calls.
As a consequence of spoofing and other evasion tactics, even the best blacklist-based robocall apps–some of which tout how large their lists of known spammers are–let a lot of calls through. If you’ve installed one of these apps, you know they’re not enough.
The FCC has been wagging a finger at the big telecom carriers (Verizon, AT&T, T-Mobile, and Sprint), and they claim to be working on the robocall problem via a project called the SHAKEN/STIR framework. But carriers have been dragging their feet on the project for years. Given that the carriers make their money from phone call volume, we’re not holding our breath.
(The fact that the carriers’ own versions of robocall blockers don’t fully solve the problem is also telling.)
Previous regulatory efforts, including the TCPA (Telephone Consumer Protection Act) and the Do Not Call Registry, have also failed to make a difference.
On top of all that, most people get many more unwanted calls that are not robocalls or illegal scams, but simply the normal-but-annoying calls that never seem to stop. Calls from salespeople from the gym, fundraising campaigns, reservation confirmations, and so on are annoying and disruptive. Even the best of the current crop of commercial robocall blocking apps won’t help you here.
Firewall works completely differently–via a whitelist model that forwards all calls away to a high-efficiency voicemail box. This means that all calls get screened by default, and your phone only rings for the callers you want. Everyone else gets analyzed by our algorithms, and either sent to voicemail with high-quality transcription, logged as a missed call with enhanced callerID, or silently marked as a robocall. It’s the killer app for robo blocking.
How do we know Firewall works? We have the receipts. The chart below shows the outcomes per thousand phone calls handled by Firewall during our 3-month beta test.
As you can see, almost 40% of incoming calls to our beta users were not on users’ whitelists and were effectively screened by Firewall. By contrast, only 14% or so (1/3rd of non-whitelist callers) would have been blocked by other apps. Firewall screened three times as many–yet our users were still able to return screened calls as needed. Overall, our beta users were thrilled with the Firewall service and we can’t wait to see how a broader audience reacts to it.
Firewall even blocked a new scam that was discovered during the beta test–one in which a known robocall would dial the user, and a micro-second later a second number would call, hoping to bypass the ringer and leave a scam message on voicemail. Because of the whitelist model, Firewall handled this gracefully.
We believe Firewall is an important new entry to call management, helping above and beyond trying to predict and filter robocalls, and instead screening all calls intelligently.
Learn more about Firewall here, or install it here.
References and further reading:
Cybersecurity and Underserved Populations