October 2018

Attack of the Robocalls and How to Fight Back

By Jason Wendel

You may have noticed a huge uptick in robocalls and phone scams lately. I receive upwards of 6 or 7 of these calls a day, and I know some people endure even more than that. While phone scams and annoying sales calls are nothing new, we have seen a huge increase in their frequency over the past few years, and most of these are of the automated robocall variety. The Federal Trade Commission (FTC) received over 7 million complaints about scam calls in 2017 alone, and that is just scratching the surface. Some private analysts estimate U.S. consumers now receive more than 4 billion robocalls every month.

Believe it or not, many robocalls are legal, and there are some situations where people find them helpful. For example, school delays, appointment reminders, flight cancellations, and other automated messages are all meant to make our lives easier. Charities and political campaigns also heavily rely on telemarketing for fundraising and campaigning. All these types of calls are perfectly fine according to the FTC. However, if you get a call with a recorded sales message from a company and you have not given them your express permission to receive these calls, that call is illegal and, most likely, fraudulent in nature.

The dramatic increase in robocalls can be attributed to advancements in telemarketing technology, which has been getting progressively cheaper every year. Recent improvements in automated dialing platforms and the advent of Voice Over IP (VoIP) allow these spammers to call thousands of people simultaneously and do so at lower costs than ever before. Robocalling also has a built-in efficiency advantage over traditional telemarketing in that a human caller is not needed until the customer (or victim) decides to engage further by pressing a number on his or her phone or calling a number back that was left by a robocaller’s voicemail.

Recent technology makes it easier to fake the caller identification (caller ID) information that appears on these calls, as well. To trick you into answering, many telemarketers are now spoofing their phone numbers so calls appear to come from the same area code and local prefix as your number. For example, if your phone number is 555-555-5309, their caller ID will show up as 555-555-XXXX, where the last four digits are likely just a few numbers removed from your number. This “neighbor” spoofing is one of the fastest growing areas of abuse in telemarketing, making it even more difficult to discern if a call is spam or not. The idea is that you are more likely to answer a local call. Perhaps you think it is the auto shop calling about your car, your dentist with an appointment reminder, or a restaurant confirming your reservation.

Worse yet, robocallers sometimes select a valid, active phone number from which to spoof. I have had the displeasure of experiencing this firsthand when someone made some robocalls using my cell number as the caller ID. How do I know? A few months ago, I suddenly started receiving calls and texts from people I did not know. Some would ask, “I saw I missed your call, who is this?” Others simply told me to stop calling them. If this happens to you, let the other person know that a robocaller has manipulated their caller ID to look like their calls are coming from your number, and that you did not actually call them. If you consistently receive calls from people about this issue, simply ignore all incoming calls that you do not recognize. If the problem persists, you can update your outgoing voicemail to include an explanation that your phone number is being spoofed and you are not really calling them. Luckily, scammers frequently change their caller ID spoofing to avoid getting that number blocked, and it is likely they will stop using your number after a few hours or so.

Now, you might be wondering, “how did they get my number?” Unfortunately, the sad truth is that they can call you even if they do not have your phone number. With robocalling costs at an all-time low, many of these spammers simply dial every single number combination possible within the valid area codes and prefixes out there. For example, 555-283-0000… 0001… 0002… 0003… etc. Then they move on to another area code/prefix combination and do the same thing. Their automated systems can churn through all these numbers so quickly that it is only a matter of time before they dial your number. Some of the more advanced systems will even mark numbers as active or disconnected for future reference. For example, if the robocall is answered, the system marks the number as an active line, and they will likely harass you more in the future–or, worse yet, sell your number to other telemarketers as part of a database of known active lines. If the call goes to voicemail or they reach a “this number is out of service” message, they likely will not call back as much. If you pick up the phone and realize it is a robocall, hang up immediately. Do not call them back or press any keys to speak to an operator, even if they promise they can add you to a “do not call” list. These scammers are already calling you illegally–do you really think they have a “do not call” list? This is just a trick to confirm they have a real person on the other end of the line. If you respond in any way, it could lead to more robocalls.

Are you as wary of these calls as I am? If so, read on to learn some strategies to fight back! I will share four general approaches you can take to help reduce these nuisance calls:

  • Use your phone provider’s spam call solution.
  • Utilize your phone’s built-in call identification and blocking features.
  • Install a third-party app to identify and block spam calls.
  • Configure the Do Not Disturb (DND) mode on your phone to only allow calls from your contacts.

Before moving forward with any of these solutions, keep in mind that there are some potential drawbacks. Any solution used for blocking spam calls also risks blocking other calls that you may find helpful. For instance, if your doctor’s office or a friend’s phone number is inadvertently added to the database that your spam-blocking service uses, you may not receive calls from him or her going forward. The good news is that most blocking services allow you to configure how aggressively they block suspected spam calls, so you can adjust your settings as needed.

Services generally categorize spam phone numbers as either likely spam or known spam. Likely spam includes numbers that only a few people have reported back to their service as spam. To indicate these calls, most services simply display a phone notification or modify the caller ID field to include “Likely spam” and allow the call to ring through so you can decide to answer or decline. Known spam includes only the most egregious offenders, where many people have reported their number as spam. Services typically block these entirely or send them directly to your voicemail. If you find that you are missing out on legitimate calls, tweak your call-blocking settings to be less aggressive.

Option 1: Service Provider Solutions

All major mobile phone providers offer database-driven services to help protect you from these calls. These services can block calls from phone numbers based on the provider’s list of likely and known spam numbers. Keep in mind that by using these services, or any spam solution, you risk blocking robocalls that you may find helpful.

  • AT&T Wireless: Their Call Protect app is offered free for all contract customers. Once the app is installed, it automatically blocks calls that are likely fraud, and it shows a warning for “suspected spam” calls as they come in, giving you the option to still answer these calls if you would like. After receiving a call from a suspected spammer, the app gives you the option to block that number from calling back in the future.
  • T-Mobile: Like AT&T’s solution, the Call Protection options from T-Mobile are free for contract customers. However, unlike AT&T’s solution, there is no need to install a special app – which is even better! The always-on Scam ID feature automatically displays “Scam Likely” in the caller ID information for incoming calls from likely spammers. Additionally, you can turn on Scam Block which completely blocks any detected spam calls altogether. To turn on blocking, dial #ONB# (#662#). If you would like to deactivate this feature later on, simply dial #OFB# (#632#).
  • Sprint: The Premium Caller ID feature from Sprint can be added to your account for $2.99 per month. Despite the additional monthly charge, Sprint’s anti-spam service does not automatically block these calls from getting through. It simply identifies suspected spam calls to make it clear that you should probably not answer. Much like AT&T’s solution, Premium Caller ID does give you an option to block future calls from a number after they have called you. Additionally, you can report other numbers as spam to help them better identify those calls in the future.
  • Verizon: For no charge, you can temporarily block up to five phone numbers from calling or texting you for 90 days. Unfortunately, this feature is not all that helpful because modern spammers will likely spoof a different originating number each time they call you. Instead, I suggest using Verizon’s Caller Name ID For $2.99 per month, this app will identify suspected spam/scam calls. It will also allow you to report or block any other numbers you receive that turn out to be spam.

Option 2: Built-In Solutions

If you are unhappy with the options from your provider, or you would rather not deal with additional monthly fees from Verizon or Sprint, consider using your phone’s built-in features. Modern smartphones have the capability to block calls based on the caller ID. For instance, if a specific nuisance caller is bothering you repeatedly, you can manually add their phone number to the block list. Additionally, all phones from Google and Samsung come with database-driven anti-spam features built in, and other phone manufacturers may be looking to add these features down the road. These solutions work using the same strategy offered by the major mobile providers, where likely and known spam calls are dealt with accordingly based on their categorization in the spam caller database.

Google’s Pixel phones automatically show a red background for incoming calls that are suspected spam. In addition to the Caller ID field showing “Suspected Spam,” this serves as a visual cue that you probably should not answer the call. For known spam, it sends these calls directly to your voicemail and does not even bother you with a missed call notification. You can configure these settings in the Caller ID & Spam Protection settings on your Pixel phone.

Samsung’s built-in Smart Call feature automatically flags spam calls with the text “suspected spam” or “potential fraud” as they come in, depending on how it categorizes the call. Additional features to block known spam can also be configured, much like in Google’s offering.

Option 3: Third-Party Apps

Another solution is to install a third-party phone app to help block and identify spam calls. There are many different apps out there. I’ve highlighted some of the more popular and effective options available for both Android and iOS below:

  • RoboKiller (7-day trial, $2.99/month): RoboKiller is generally viewed as one of the most effective solutions in the fight against robocalls. Developed by Ethan Garr and Bryan Moyles, winners of the FTC’s Robocalls: Humanity Strikes Back challenge, RoboKiller uses audio “fingerprinting” technology to identify if the caller is a robot or a human. It uses your carrier’s call forwarding feature to intercept and analyze incoming calls. Before your phone even rings, their system tricks robocallers into playing their automated messages to the forwarded number. This allows RoboKiller to start its analysis and, if needed, route and record offending calls to a “SpamBox” where you can review it later via the app (if you so choose). The brilliant part is that live callers will still hear a traditional “ringing” sound on their end during this analysis. Once a live caller is verified as legitimate, their call will ring through to your phone like a normal call.
  • Hiya (Free): Hiya was created by the founder of Whitepages.com, and the app’s creators know a thing or two about managing massive phone databases. The Hiya app is a relatively new offering that has quickly been gaining traction because of its massive database of spam callers. It is so popular that AT&T, T-Mobile, and Samsung all license the use of Hiya’s database for their built-in spam blocking capabilities.
  • YouMail (Free): YouMail started out as a “visual voicemail” replacement for your phone’s default voicemail app. They have since offered robocall blocking and other features. With YouMail, calls from known spammers are rerouted to a “this number is not in service” message with corresponding tones to trick the spammer’s system into marking your line as disconnected or inactive. Theoretically, this should lead to fewer spam calls in the future.
  • TrueCaller (Free): The TrueCaller app was one of the first apps released to combat spam calls back in 2011. While it is a highly rated app with similar functionality to Hiya, there are security concerns to consider, as their database was hacked back in 2013.

I highly recommend RoboKiller as the best paid solution, and Hiya is probably the best free option. Both are highly rated and have a great track record in terms of security. In my experience, RoboKiller’s unique approach makes it more effective than the free options. However, if you don’t have the budget for a paid solution, give Hiya, YouMail, or TrueCaller a shot.

Of course, as with any app-based solution, there are security and privacy concerns to consider. To get a good database of known spammers, these apps need good data. To get that data, many of these apps have turned to crowdsourcing and request permissions to access your phone’s address book. This helps them build and verify their dataset and avoid potentially blocking one of your contacts. However, handing over all that data can be concerning, especially in the case of the TrueCaller hack. If you are uncomfortable with sharing this information, review the app permissions carefully prior to installing.

Option 4: DND Mode

Last, but certainly not least, is the most drastic option of all: using DND mode. All modern smartphones have a DND feature which can be configured to only allow calls from numbers already listed in your phone contacts. Any calls you receive that are not in your contacts will go directly to voicemail. If you would rather give yourself a little more flexibility, you could do the manual equivalent of this approach instead and just never answer your phone unless you recognize the name or number.

Keep in mind that you should only use the DND mode strategy as a last resort, as you will definitely miss out on some legitimate calls using this method.

Examples of Common Scams

While many scam calls are made via robocalls, some will have a live person on the other end or ask you to call back to speak with a person. The following are a few paraphrased examples of common scams:

  • “This call is an official call from the IRS. We are filing a lawsuit against you for fraud. We are taking legal action to issue an arrest warrant in your name. To get more information regarding this case file, call us back on our department number, XXX-XXX-XXXX.”
    If you were to call this fake “IRS” number back, they would likely ask for immediate payment to rectify the situation. Worse yet, they sometimes request payment in gift cards to make it more difficult to track their fraud. The real IRS will never demand immediate payment, and they certainly will not ask you to pay in gift cards. They always send a bill in the mail first and allow you ample time to appeal any amounts owed. They will also never ask for your credit card number over the phone. See the IRS website for more tips on avoiding these types of scams.
  • “This is an emergency call. The license key of your Microsoft Windows has expired. Please call us immediately to renew your Windows license at XXX-XXX-XXXX.”
    There are several variations on this scam telling you that you either need to renew your license or that there is a technical issue that needs resolved immediately. The perpetrators then attempt to get your credit card number so they can make bogus “support” or “renewal” charges to your account. In other cases, they try to get you to install supposed “support” software that turns out to be malicious, such as ransomware that locks down your personal files until you pay them a fee to unlock them. Microsoft will never call you directly unless it is in relation to an existing support case that you opened with them. See Microsoft’s article on avoiding tech support phone scams for more information.
  • “You will be taken under custody by the local cops as there are four serious allegations pressed on your name at this moment. Get back to us at XXX-XXX-XXXX so that we can discuss this case before taking any legal action against you.”
    As we all know, the police love to call ahead and give advanced warning of a pending arrest! In real life, people usually do not know they are going to be arrested until they feel the handcuffs slapped on their wrists. However, if you want to be certain there are no arrest warrants issued in your name, please check your state’s public records website or call your local county clerk’s office.
  • “There was suspicious activity on your iCloud account. Your iCloud account credentials have been compromised. Please press 2 or call XXX-XXX-XXXX to be connected to an Apple advisor to resolve this breach and restore normal functionality.”
    Apple will never reach out about a suspected breach in this way. If you have reason to believe that one of your accounts was hacked, please sign into the affected account and change your password immediately. Check out Apple’s site for additional tips on avoiding scams.
  • “Hi, this is Rachel from card services calling about your credit card. It appears that you are now eligible for a significantly lower interest rate on your account. Please press 1 now to be transferred to a live representative who can assist.”
    This scam has been going on for years. If you opt for their services promising a lower interest rate, they charge you a fee upwards of $5,000 (and never change your interest rates). The FTC has additional information regarding this specific scam and how to recognize it.
  • “This is an urgent request for your help. We need immediate donations to provide relief efforts for [insert recent disaster here]. Press 1 to be connected to a donation agent.”
    One of the great ways to scam people out of money is to pull at their heartstrings. If you receive a donation request for a charity, disaster relief effort, or veterans fund, always do your due diligence before donating – and do not donate directly over the phone to an unsolicited caller. They may not be an official representative of the organization as they claim. There are several great resources that rate various charities and call out scams, including information about how much of your donation goes to the charity as opposed to the group collecting the funds. Use one of these websites to research a charity before opening your wallet:

  • “Grandma, it’s me, and I need help.”
    Sadly, there is no limit to how low some of these scammers will go. These calls are usually made by a live caller with a younger-sounding voice. Their intent is to trick an elderly victim into providing a credit card number or wiring money to them, posing as the victim’s grandchild. Unfortunately, there are many other similar scams going around. The FTC has an excellent article and video posted with examples of other live caller scams.
  • “Can you hear me?”
    Again, the best protection against scams is to not answer calls unless you recognize the caller. If you do answer a call and later realize it is a robocall or scam, hang up immediately. In this example, simply responding with “yes” to their question might be detrimental. Your response can be recorded and later edited to make it seem as if you have given permission for a purchase or other transaction. If you feel the need to answer unrecognized calls, try to respond with something that does not include the affirmative “yes,” such as “I can hear you.” Be on the lookout for other questions that may be fishing for a “yes” response as scammers frequently change their tactics.

The Future of Phone Scams

As technology improves, scammers may start to incorporate artificial intelligence (AI) to further automate interaction with their victims. The robotic tones of the robocall voices will improve, as well. We are in the golden age of AI and machine learning, and computer-synthesized speech is sounding more realistic every day. Eventually, speech synthesis and AI interaction may be so good that it is impossible to differentiate robocalls from human callers. Newer technologies like this will inevitably make our lives better, but these same breakthroughs can also be used to defraud us. If something does not seem right, ask the caller for a callback number. Then, hang up and do some research before taking any action.

Additional Tips

Here are some additional tips to keep in mind:

  • If the call was made using a robotic voice, it is most likely a fraudulent attempt to get your money or personal information. But, keep in mind that these same scams can also be perpetrated using live callers.
  • If the call or recording contains grammar issues and/or broken English, it is most likely a scam. Many call facilities and scammers operate overseas, and English may not be their primary language.
  • No legitimate utility company or government agency will ever call you demanding immediate payment or threaten immediate disconnection of services without several warning calls or letters beforehand. They will also never ask you to pay in gift cards.
  • Add your number to the National Do Not Call Registry. While this option seems to be less effective than it was in the past, it certainly cannot hurt.
  • If you have been defrauded or would like to report a scammer, file a complaint with the FTC at gov/complaint or call 1-877-FTC-HELP (382-4357).
  • Never allow anyone to have remote access to your computer or other electronic devices unless it is for an official support call or ticket that you have initiated.
  • Never give any personal information such as a credit card number, Social Security number, or banking information to an unknown caller. If they say they just need to “confirm” this information, it is likely a trick. The only time you should give out such information over the phone is for calls that you have initiated by dialing known legitimate numbers for the business with which you wish to speak. And, even then, they will only ever ask for a partial Social Security number, etc. as confirmation for any information they already have on file.
  • Never share your account passwords or temporary verification codes with anyone. Legitimate phone support resources will never ask you for these.
  • Be on the lookout for other types of phone scams. Fraudsters are always trying new and innovative ways to rip people off. For instance, one scam involves several calls to the victim where the perpetrator hangs up after one ring each time to try to get you to call them back out of curiosity. This scam originated in Japan, and it is known as Wangiri which means “one and cut” in Japanese. If you receive a call like this, do not call them back. Their number could be an international premium rate line where exorbitant charges are billed back to your phone account. In the U. S., we can easily recognize these as “900” numbers, but the identifiers in other countries are different. Check Wikipedia’s entry on phone fraud to keep up on that latest scamming techniques.

Conclusion

In addition to the above solutions and tips, it is important to stay vigilant. Do not be afraid to question the authenticity of any call you receive. Be sure to warn your friends and family members about this type of fraud, especially elderly members of your family who are frequently targeted in scams. If these calls are happening to you, they are likely happening to the people you care about, as well.

Recent Posts

October 2018

Attack of the Robocalls and How to Fight Back

You may have noticed a huge uptick in robocalls and phone scams lately. I receive upwards of 6 or 7 of these calls a day, and I know some people…

September 2018

Briljent at MESC: Is Your Training Approach Holding You Back? We're Here to Help

Every year, vendors and state agencies get a chance to come together at the Medicaid Enterprise Systems Conference (MESC) and exchange ideas on how we can improve Medicaid systems. It’s…

June 2018

Success Story: New Hire Time to Proficiency Reduced by 70%

The Challenge The onboarding of a new hire significantly impacts both the employer and the new employee. The employer’s investment in each new hire starts on day one. The time…