Rafael Abdrakhmanov | iStock | Getty Images
From fake social security calls to scammers posing as Apple or Amazon, anyone with a cell phone or landline is no stranger to robocalls.
Robocall scammers have been scamming phones and voicemails across the country for decades. Between June 2020 and 2021, these scams affected more than 59 million people, who lost a combined $ 29.8 billion, according to the Trucaller phone number identification app. Some robocallers try to illegally sell legal products like a car warranty or a new roof, while others steal your social security number or credit card.
To mitigate this long-standing problem, the Federal Communications Commission is requiring voice service providers to implement standards for authenticating caller IDs through a set of industry rules known as STIR / SHAKEN. The FCC required major wireless carriers like AT&T, Verizon and T-Mobile to implement the standards by June 30, although smaller wireless carriers with fewer than 100,000 customers have an extension.
At the same time, voice service providers must submit a plan highlighting their robocall defense efforts in a recently launched database. As of September 28, if the plan is not in the database, carriers will no longer need to take calls from these providers.
STIR / SHAKEN is a good start to ending this ever-evolving problem of robocalls, and while the updates will slow scammers down, experts say they won’t go away.
“It’s a Whac-A-Mole game,” said Paul Schmitt, a research computer scientist at the University of Southern California’s Information Sciences Institute. “Robocallers will find other ways of doing what they want to do.”
What is STIRRING / SHAKING?
STIR / SHAKEN refers to a set of industry rules that require language providers to authenticate that the call is from the number displayed.
The attestation is the framework for establishing the legitimacy of the caller. It acts as a virtual signature that shows how certain a provider is that a caller is allowed to use a particular phone number. It’s divided into three levels based on how much information the providers know about the caller, with the lowest level meaning the provider can check where the call came from but not the caller ID.
STIR / SHAKEN is putting pressure on domestic airlines to improve their proprietary technology, build a database, and likely drive illegal domestic robocalls out of the country, said Scott White, director of the cybersecurity program and cyber academy at George Washington University.
While it’s harder to forge you or use fake Caller ID information to scam you, it’s not foolproof. The technology will verify that the original number is being displayed to the consumer, but scammers can forge the number from the start. The system does not work in the fixed network.
When signing a call, some providers use the highest level of authentication without due diligence, said Josh Bercu, vice president of Policy and Advocacy at USTelecom, a trade group that represents telecommunications companies. If the industry receives evidence of this, the vendor could lose its ability to sign or certify.
“The industry hates these calls,” said Bercu. “We want to protect our subscribers, we’re doing everything we can and the effects are slowly starting to show.”
Fight against evolving robocalls
While STIR / SHAKEN can help crack down at home, the FCC has little jurisdiction overseas, where many calls come from. The agency can work with international partners to catch scammers, but some countries will not cooperate. Robocalls make billions in profits every year, and many have found ways to use artificial intelligence or data to create targeted lists of scams.
Some foreign scammers buy a number pad to make calls and go away. Domestic scammers could use the recent changes as an opportunity to relocate operations overseas where there is less oversight, White added. Gateway carriers serve as the primary form of entry into the US for international calls, but many operate outside of the US
The biggest problem is that robocalls are evolving faster than the legislation can keep up, White said.
Next steps to stop robocalls
Robocalls decrease. Americans received around 4.1 billion robocalls in August, 4.4% fewer than in July, which is down 4.8% from June, according to data from YouMail, a company that develops robocall blocking software.
YouMail is one of several third party providers like Truecaller, RoboKiller, and Hiya that offer spam blocking software. YouMail CEO Alex Quilici said the company can match audio to find repeat offenders, but only if they leave a voicemail.
Large telecommunications companies offer customers their own Robocall blocking apps with features like caller ID identification, personal blacklists and a number change. Some of these features cost customers an additional fee, depending on the tariff and provider.
A Verizon spokesperson said the company recently launched a social media campaign with a tech influencer to help consumers spot robocalls. Efforts to curb robocalls have resulted in 500 million fewer calls per month, they added. An AT&T spokesman said the company was describing 1 billion robocalls per month. T-Mobile verified more than 300 million calls every weekday, a spokesman said.
USTelecom’s vice president, Bercu, works with both carriers and the government to trace suspicious calls to close fraudsters. Another step is to get other countries to sign up for STIR / SHAKEN, said Eric Burger, research professor of computer science at Georgetown University.
Despite concerns about its effectiveness, STIR / SHAKEN is not a worthless piece of legislation, White said. The process can help businesses and government agencies perform better analysis and gather information that can be used in the next attack.
“People complained and the government responded,” he said. “You want to see that in a democracy.”