To considerable fanfare and media coverage, regulators and mobile network operators have taken an admirable first shot across the bow of robocall scammers. The catchy "STIR/SHAKEN" framework is a hopeful measure, but the technology mainly addresses area code "neighbor spoofing."
By the end of September, global carriers must register with the FCC Robocall Database and articulate their robocall mitigation plans. Federal law enforcement can trace back originators and levy heavy fines and criminal penalties. The FTC, state legislatures and attorneys general are also enhancing protections. That said, neither commission has jurisdiction over the global telecommunications ecosystem and many scams originate overseas.
Early indications are that the countermeasures are already being circumvented by both domestic and international bad actors, putting consumers once again at financial risk. We must now all work together to manage the next wave of robocall fraud.
Despite this public/private cooperation at scale, there are many limitations to STIR/SHAKEN which are being exploited with more ingenuity than ever as scammers and criminals use a combination of brute force mass autodialing, profiling data and manipulative techniques to extort consumers and small businesses. Simply put, the "con" will never go away – the fraudsters simply get more sophisticated. Since our devices are always with us, mobile is and will remain the primary medium for digital fraud.
Not only have scammers mastered communications technology, they are diabolical social engineers, capitalizing on current events like COVID-19 or even Prime Day. The most vulnerable in society are targeted: young adults, seniors, and immigrant communities. These are also the populations least able to afford losing money through scams and fraud – a burdensome setback.
There are four main types of robocalls to consider:
- Extortion Calls: an imposter claims to be from some entity of authority
- Fraudulent Calls : get rich quick schemes or false cures to prey on hope or desperation
- Scam Calls: car warranties or all expenses paid vacations, for example
- Legitimate Calls: voice is still the most effective means of reaching the general population, so school districts, pharmacies, hospitals, hotels, and banks all use auto-dialers.
This final category, while necessary, makes filtering critical. Leading caller ID and robocall mitigation applications allow these business and government entities to register their business profile to ensure accurate caller ID and other rich call data, like logos, appear when they call a consumer.
Business and government entities can also provide lists of do not originate numbers to leading anti-robocall applications. Some commercial and government entities have large blocks of numbers which are attached to their identity, but only allow out-dialing to consumers from a select, much smaller set. This works well to filter out imposters.
Thus far, every step has been for network operators or businesses. So what does this mean for consumers? Here are three ways you can keep yourself safe from bad actors:
- Understand that fraudsters are here to stay despite FTC initiatives; their approach is just evolving. Maintain vigilance and recognize that when a call, text or voicemail sounds too good to be true, it is. Help out your friends and family who are more vulnerable by educating them on the types of robocalls described above.
- Join the Federal Trade Commission’s National Do Not Call Registry. Registration is free and never expires. After 31 days, you can report unwanted calls here. You can also submit complaints to the Federal Communications Commission, which will use reports both for enforcement and to establish new policy.
- Download a Reputable caller ID and Anti-robocall application through Apple's App Store for iOS devices and Google Play for Android devices. Each carrier has a different basic offering, but to filter a bigger universe of international criminals on any device or service, look for an app that has an established user base, high ratings, multi-lingual support, and a track record of success.
In perhaps the most nefarious piece of social engineering, consumers must also dodge the apps posing as caller ID/spam blockers which in fact resell your data to call centers, advertisers, and others. Some apps even played both sides, enabling bad behavior while claiming to prevent it. Make sure your mobile app is provided by a developer that promises individual privacy by design.
Fraud isn’t new, but there are new tools to fight it. Governments, private entities, and individuals all have a role to play in protecting the most vulnerable among us, so do your part.
(Clayton W. LiaBraaten is a senior adviser at Truecaller)