Why a $120 million fine can’t stop the “insane” growth of phone spam

By Steven Melendez

May 16, 2018

 

 

Last week, the Federal Communications Commission fined a Florida man $120 million for allegedly flooding consumers with almost 100 million robocalls with falsified caller IDs in just one three-month period.

 

Robocalls aren’t always illegal in the U.S. But federal law requires all telephone calls using prerecorded messages–from political groups to marketers–to identify who is initiating them, and to include a telephone number or address where the initiator can be reached. The law also forbids marketers from calling people who are on the Do Not Call list and restricts automated calls to cell phones, hospital rooms, and emergency lines. And all non-emergency robocalls require a consumer’s permission to be made to their wireless phone.

The FCC says the calls, allegedly orchestrated by Adrian Abramovich of Miami, violated a law known as the Truth in Caller ID Act by sending fabricated caller ID information, making them appear to come from the same area as their recipients’ numbers. The calls also falsely claimed ties to big travel companies like Expedia, Marriott, and TripAdvisor, said the FTC, which was tipped off to the scheme by TripAdvisor. The telecom regulator alleges Abramovich also violated the Telephone Consumer Protection Act, which governs telemarketing calls, and the federal wire fraud law.

“From what I can tell, his intent was to make a buck,” FCC Commissioner Michael O’Rielly said in a statement. “More succinctly, he wanted to make as many bucks as possible.”

The $120 million fine is the largest forfeiture order in the FCC’s history, but the massive amount of robocalls allegedly made by Abramovich’s operation is just a small part of a growing nuisance that is consistently the top source of consumer complaints received by the agency. A study released last month by caller ID provider Truecaller estimated Americans lost $8.9 billion to phone scams last year, with the average person reporting receiving 23 spam calls per month. And more than 3.4 billion calls were placed in the U.S. in April alone, according to data from Irvine, California, call filtering company YouMail.

“That’s one-third more robocalls than during the same month last year,” FCC Commissioner Jessica Rosenworcel said in a statement. “This is insane.”

“Extremely Cheap” To Spoof And Bombard

Experts say cheap, internet-routed calling options have outpaced both legal and technological solutions, making it cheaper and easier than ever before to bombard people with unwanted phone calls.

 

“It used to cost multiple cents a minute and now it’s like one-tenth of a cent per minute to make a call if someone connects,” says YouMail CEO Alex Quilici. “That’s extremely cheap.”

Meanwhile, a lack of built-in security around caller ID systems has made it easy for shady marketers to lie about what numbers they’re calling from, as the FCC alleges Abramovich did. Spoofing technology even allows callers to match the first six digits of recipients’ own numbers. Consumer complaints about that practice, dubbed “neighbor spoofing,” are on the rise, according to the FCC.

Setting up a robocalling operation no longer takes much technical prowess. Some companies that are essentially robocall-as-a-service providers make it especially easy for marketers to upload lists of phone numbers to be called, sometimes even charging only for calls that last a certain amount of time. Those providers aren’t necessarily malicious themselves, Quilici says. They may also also work with organizations delivering legitimate robocalls, like banks reminding customers when credit card payments are due or companies delivering opt-in marketing messages, he says.

While many such providers say they require users to comply with the Do Not Call list and other legal requirements, it can be difficult for them to know who their clients genuinely have consent to call, Quilici says.

When callers do answer the shadier robocalls, they’re usually given the option to speak to a real person to actually seal whatever deal they’re being offered, but those people can be located in ultracheap overseas call centers. In some cases, they may not even be aware they’re part of an unsavory operation, Quilici says.

“You can basically convince the call center you’re doing good,” he says. “Scam the call centers on one end, scam the users on the other, and that’s your business.”

 

 

In the future, call centers themselves may even be less necessary, with artificial intelligence-backed software and voice recognition systems rapidly advancing. Google recently demoed a digital tool it calls Duplex, which could place automated phone calls on behalf of individual users to do things like book salon appointments, but it’s easy to imagine a similar tool bombarding people with unwanted sales pitches or downright scams.

Without Stronger Rules, Stronger Tech

Carriers are working on developing a set of technologies nicknamed SHAKEN and STIR that will allow them to digitally sign off on caller ID information using cryptographic keys. The Canadian telecom regulator has told phone companies in that country to implement authentication for internet-routed calls by the end of next March, and Rosenworcel has called on the FCC to introduce a similar mandate.

“Our robocall resistance deserves to be every bit as strong as our neighbors to the north,” she said in her statement.

Separate carrier tests blocking calls from specific numbers associated with fraudulent calls, like those impersonating numbers linked to the IRS, have proven successful, that approach–called “Do Not Originate”–won’t stop all unwanted robocalls, according to a report issued last year by the phone industry’s Robocall Strike Force.

“As [industry group] USTelecom has previously noted, there is no single ‘silver bullet’ to the robocall problem, and the process of blocking DNO numbers should be viewed as one of a growing number of tools available to address the robocall problem,” according to the report.

The FCC has also struggled at times to regulate the robocall industry. The U.S. Court of Appeals for the D.C. Circuit ruling in March said that the agency’s regulatory definition of autodialer was too broad, potentially encompassing ordinary smartphones as well as robocalling equipment, in limiting what tools can be used to make unsolicited calls.

 

In the meantime, major phone companies have launched services that can flag likely fraudulent calls and, if customers wish, block them. “AT&T blocked its billionth unwanted robocall in cases where its business contracts allow it to block impermissible traffic using a new program that detects violators through network data analysis,” according to the Strike Force report.

Third-party, app-controlled services like those from YouMail and Nomorobo are also increasingly helping to keep consumers from actually being reached by unwanted callers. And even people who don’t use any technical tools are less likely to answer calls from unknown numbers.

Of course, that means that even legitimate robocallers like the ones from banks are forced to make more attempts to reach their customers. For many consumers, Quilici says, that may mean still more automated calls.

 

Fast Company , Read Full Story

(33)