Robocalls and neighbor spoofing

It’s not your imagination. Your cell phone is ringing off the hook with automated spam calls – 3.4 billion robocalls in April alone, a 35% increase from the previous year.

Advances in call technology make it easier for the bad guys to make higher volumes of calls. VOIP calls can be placed inexpensively from anywhere in the world.

The latest trick is the most annoying one yet. The bad guys can make any number appear to be the source of the call and they are using more sophisticated tools to generate that caller ID. “Neighbor spoofing” is the term for calls that appear to be from your area code. In fact, the bad guys can easily match the first 3-6 digits of your own number in addition to the area code, just in case that fools you into thinking the call might be from someone nearby.

But that’s not all. The bad guys can also make the caller ID display any name they want, and they’re using data analysis of information about you obtained from hacks or public records or guesswork to fool you into picking up the phone. You might get a call whose caller ID makes it appear to be your insurance agent or your doctor; there’s no way for you to know the name was faked unless you hang up and call the office back directly. The New York Times reported recently about a Miami robocaller who would ring phones with a call that appeared to be from Marriott, then transfer the calls to foreign call centers trying to sell time shares.

The Congressional testimony about the Miami robocaller led the House and Senate to work on legislation to curb abuses, which is bound to make the nasty bad guys sit up and take notice, right? Except for one detail – automated calls to your cell phone are already illegal. They’ve been illegal since 1991. All autodialed or prerecorded non-emergency calls to wireless phones are prohibited without prior expressed consent, regardless of the call’s content. Why, it’s almost as if the bad guys sitting overseas don’t care!

Theoretically the FCC and FTC each have some regulatory authority to help consumers, but – shocker! – federal regulatory agencies are not doing their best work on behalf of consumers right now. The New York Times describes the problem this way: “Business groups, including the Consumer Bankers Association, counter that defining auto-dialers too broadly would hurt legitimate businesses trying to reach their customers. Robocallers see the current F.C.C. leadership ‘as friendly to industry,’ said Margot Saunders, senior counsel at the National Consumer Law Center, ‘and they are anticipating F.C.C. rulings that will enable more calling and forgive past mistakes — or violations of the current law.’” Don’t expect much help from federal agencies in the current Washington climate.

Broadly speaking, there are two types of spam calls. The first is the pitch for an arguably legitimate business trying to sell something. Complex rules apply to those calls based on whether a live human or a robot speaks to you, and whether you might have given some kind of consent for the call.

The other is the true spam call, anything that is trying to steal your money or identity. These are the completely immoral criminal scum who pretend to be the IRS or Microsoft or your grandson in a foreign country. These calls are illegal. And yet the phone rings anyway. A few years ago Consumer Reports estimated that telemarketing fraud and robocalls were costing consumers $350 million/year. That number is almost certainly far higher today.

 

How do telemarketers get your number? Why have junk calls shifted to our cell phones?

The bad guys get your phone number from you. We share our phone numbers all the time. You fill in your phone number on online service signup forms, social networking profiles, warranty registrations, apps that will text you when your order is ready, shopping sites that ask for a phone number when you place an order, on and on.

You always used your landline number for those until a few years ago. And I’ll be darned, your landline got all the junk calls.

But now you almost always use your cell phone number, right? You’ve given up your landline or you almost never use it. You fill your cell phone number into every form and every website that asks for it. It shouldn’t be a surprise that your cell phone is now getting hit with spam calls.

Telemarketers are able to take advantage of the huge amount of data about you that is available online. There are many companies devoted to scooping up data from big companies, from census data and public records, and from huge hacking events like the Equifax disaster, and correlating all that info into a shockingly complete picture of you – your address, your family, your income, your phone number, and much, much more.

“Legitimate” companies might even claim that you consented to receive telemarketing calls. Many mobile apps are really only interested in selling the personal information that you provide when you sign up for the app, so your consent to telemarketing is in the terms of service that you didn’t read. Credit bureaus are in the business of giving away or selling your information; literally, that’s  what they do for a living. If you contribute to a charity, you have established a relationship that might technically permit them to approach you again and again, until you want to scream. You already know that. But charities hire telemarketing firms to solicit those donations from you – and the telemarketing companies make a profit by re-selling your information to other companies.

The bad guys have even more data to work with, because they have no compunctions about working with hacked or stolen data, of which there is no shortage these days. Plus they can use the new VOIP calling technology to dial ten quadrillion random numbers every day without breaking into a sweat.

 

What can you do about spam calls?

Oh, dear, did you think there was some magic bullet? You poor thing. There’s nothing you can do. It’s just one of the many ways we’re in techno-hell. We are all connected to two global communication networks – the Internet, the phone system – and anyone can use them to contact us. That has had amazing, wonderful, life-changing effects on our world, but it also means every two-bit piece-of-crap moron anywhere in the world can set up some inexpensive equipment and use it to try to fool you or terrorize you or scam you.

The most effective thing you can do is: don’t answer calls from numbers you don’t recognize. Leave messages when you call people you know, and count on real people leaving messages for you if you don’t pick up.

If you answer the phone and discover it’s a telemarketer, don’t engage a live person in any kind of conversation and don’t hit 1 “to be added to our Do Not Call list.” Any response will confirm that it’s a live number, which moves the number to a list that is called more often.

Here’s a scary scenario. Supposedly the worst of the scammers will try to get you to say “Yes” or “Okay” by asking to confirm your name or answer something innocuous. They’ll then stitch together a recording of you saying “Yes” in response to something else completely – consent to ship you something and bill you for it or the like.

But I hear you cry – what about the National Do Not Call registry! Sure, whatever, if it makes you feel better. When you register your number, you might get fewer calls from the handful of legitimate businesses that observe the rules. But let me double-check – you’ve gotten the message here that the scammers are criminals who don’t pay attention to the rules, right?

The whole point of the Do Not Call registry is that registered numbers are supplied to businesses wishing to comply with the rules. And there are anecdotes about abuse of that database, so that registered numbers actually receive more spam calls than before. There’s no proof of that. It’s just rumors but it sounds right to me. Oh, and if somebody calls you and asks for information to help you renew your registration in the Do Not Call registry . . . it’s a scam. Do Not Call Registrations never expire. Sigh.

There are phone apps that claim to block spam calls. Some of them are legitimate and might help a bit, but they are mostly stymied by the spoofed caller IDs used now.

Nope, the best answer is, don’t answer the phone. Be careful out there!

Share This