In Jun 2019, the Federal Telecommunications Commission achieved a new record, one that it is possibly quite ashamed of. The commission received an average of 10,000 complaints of robocalls per day. In October 2019, an average of 182 million robocalls were made per day. That’s more than double the amount from two years ago, an uptick that prompted Americans to complain to the FTC at historic levels.
In this article, I will talk about the robocall problem in more detail. In later articles, I also touch upon what you can do to prevent scam (and spam) robocalls from reaching your employees, and how you can protect your reputation and trust with your customers.
The Context:
I am sure, dear reader, that you are fully aware of what robocalls are, but let’s just all get on the same page: A robocall refers to a phone call placed through an automated dialer delivering a pre-recorded message. (Source: GSMA.com)
Now, robocalls may be spammy and therefore irritating, but why are we treating them as a security concern?
Because a significant number of these robocalls are now ‘scammy’, not ‘spammy’. Robocalls are now a gateway to a whole series of scams and attacks that dramatically reduce trust in the network – to the point where a stunning 80% of Americans no longer pick up calls from phone numbers they do not recognize.
In short, thanks to illicit/scammy/spammy robocalls, trust in the global telephony network is at an all-time low.
Types of Robocall Frauds
The most obvious categories of robocall fraud are:
- fraud campaigns
- lead-generation businesses
Fraud campaigns are just straight scams – the purpose is to extract money or information or both from victims. In mid-2020, over a period of three months, 47% of all Americans received robocalls from the Social Security Administration (SSA) about problems with their Social Security Numbers (SSN). Only thing: It wasn’t the SSA calling, it was scammers. If you received such a call, you were told that your SSN was found to have been linked to a crime and therefore, was suspended. The message mentioned a phone number that you needed to call to re-activate your SSN or get a new SSN.
If you did end up calling, you’d probably share your SSN and pay some money for reactivation.
There have been similar scams – the IRS call was a popular one. Here, ‘IRS officers’ made official-sounding calls to American victims threatening them with arrest if their dues were not paid immediately. Read here for a perspective from the ‘IRS officers’ who called up American victims – fully believing that they were working on behalf of the Internal Revenue Service.
Lead generation businesses while being a nuisance and less of a danger to customers, are still often illegal, and may often mis-sell to customers. For example, you may receive a robocall saying that your car warranty is about to expire, even though that is not the case at all. Another well-known example is Redwood Scientific Technologies – which ended up defrauding customers of over USD 18 million, selling dissolvable oral film strips as effective smoking cessation or weight-loss aids, whereas they helped in neither. (Source: Consumer Reports). There is another way that these businesses often fall foul of the law – they illegally manipulate their phone numbers to misrepresent where they are calling from.
The Technologies Used for Robocalls
Robocall campaigns use the following technologies:
Robocall itself
At its simplest, a robocall delivers a message and ends with a Call to Action – this may be pressing a button to learn more, or calling a specific number. At that point, the recipient may be connected to a live human. This technique is used to allow for a high volume of calls with minimal support staff.
Autodialing
Given the sheer number of calls required to be generated each day, the call center that robocalls people must use autodialer software.
Spoofing
When it comes to telephony, spoofing means replacing the phone number from the originator phone with an alternate phone number. The alternate phone number may be used because it engenders higher trust than the originating phone number, because it’s more convenient, or for any number of other reasons.
All of the technologies mentioned here are legal and have plenty of commercial applications. For example, if a call center from, let’s say, Microsoft needs to call you about some support-related issue, it may make sense to spoof the caller-ID, replacing it with a common ID (1-800-MICROSOFT). However, each of these technologies is also regulated by the FCC.
Illicit robocalls also harvest an additional technology: Number Sourcing
Number Sourcing
The illegal/illicit robocalls need access to a large database of numbers that they can call. Usually, these are brought on the black market – often acquired through data breaches. And to increase the success rates, the numbers acquired by the callers are often profiled – insurance scams are usually more successful with elderly citizens, for example.
In later articles, I will discuss why legitimate companies hate illicit robocalls – the business challenges they pose, what the industry is doing about them, and what you can do to protect your employees and your customers from this menace.
Have more questions? Send me an email at securityeducation@assertion.cloud
About Assertion:
Assertion® is a leading communication security solutions provider that empowers companies to Collaborate Confidently. Our ultimate goal is to secure every conversation through our advanced AI-enabled collaboration security solutions. We also provide holistic infrastructure security for over 38 collaboration products, including full-stack collaboration security solutions for the UC and CC stack.