Rafael Abdrakhmanov | iStock | Getty Images
From fake Social Security calls to crooks pretending to be Apple or Amazon, anyone with a cell phone or landline is no stranger to robocalls.
For decades, robocalls have graced phones and voicemails across the country. These scams affected more than 59 million people between June 2020 and 2021, causing a total of $ 29.8 billion in damage, according to the phone number recognition app Truecaller. Some caller bots want to sell legal products like car warranties or a new roof through illegal means, while others will steal your social security number or credit card.
In an effort to reduce this long-standing problem, the Federal Communications Commission requires voice service providers to implement Caller ID authentication standards through a set of industry regulations known as the name of STIR / SHAKEN. The FCC has demanded that large carriers such as AT&T, Verizon and T-Mobile implement the standards by June 30, although smaller carriers, with fewer than 100,000 customers, have an extension.
At the same time, voice service providers must submit a plan highlighting their robocall mitigation efforts in the recently launched database. If the plan is not in the database by September 28, operators will have to stop accepting calls from these providers.
STIR / SHAKEN is a great start to ending this ever-growing robocall issue, and while the updates slow down crooks, experts say they won’t go away.
“It’s a Whac-A-Mole game,” said Paul Schmidt, a computer scientist at the University of Southern California Institute of Computing. “Callers will find other ways to do what they want to do.”
What is to stir / shake?
STIR / SHAKEN refers to the set of industry rules that require voice service providers to certify that calls people receive are from a displayed number.
Validation is the framework used to determine the validity of the caller. It acts like a virtual signature that shows how secure a provider is that a caller is authorized to use a specific phone number. This is divided into three levels based on how much information providers have about the caller, with the lowest level meaning the provider can check where the call is coming from, but not caller ID.
Scott White, director of the cybersecurity program at George Washington University and Cyber Academy, said STIR / SHAKEN is pressuring national carriers to improve their protected technology, create database and potentially push illegal home burglars out of the country.
While this makes it harder to cheat or use bogus caller ID information to cheat on you, it’s not foolproof. The technology verifies that the original number is the same as what is visible to the consumer, but crooks can spoof the number upfront. The system does not work on landlines.
When signing an appeal, some vendors use the highest degree of non-due diligence verification, said Josh Burku, vice president of policy and advocacy at USTelcom, a trade group representing telecommunications companies. If the industry finds evidence of this, the supplier may lose their ability to sign or certify.
“The industry hates these calls,” Burku said. “We want to protect our customers, we are doing everything we can and the impact is really starting to be felt.”
Fighting the Evolution of Automated Calls
While STIR / SHAKEN can help break the house, the FCC has little overseas jurisdiction where many calls come from. The agency can work with international partners to catch the crooks, but some countries will not cooperate. Automated calls generate billions of dollars in profit every year, and many people have found ways to use artificial intelligence or data to create targeted scam lists.
Some foreign crooks will buy a block of numbers to call and disappear. White said domestic crooks could use the recent changes as an opportunity to move their operations overseas, where there is less oversight. Gateway operators serve as the primary form of entry into the United States for overseas calls, but many operate outside the United States
White said the biggest problem is robocalls are moving faster than the law.
Next steps to end robocalls
Automated calls are decreasing. Americans received nearly 4.1 billion automated calls in August, down 4.4% from July, down 4.8% from June, according to data from YouMail, a maker of automated call blocking software.
YouMail is one of the many third-party companies such as Truecaller, RoboKiller, and Hiya that provide anti-spam software. YouMail CEO Alex Quilisi said the company can match audio to find repeat offenders, but only if they leave voicemail messages.
Large telecom companies offer their own automated call blocking applications to customers with features such as caller ID, personalized block list, and number change. Some of these features require customers to pay additional fees depending on their plan and provider.
A spokesperson for Verizon said the company recently launched a social media campaign with a tech influencer to help consumers spot robocalls. He said efforts to reduce robocalls resulted in 500 million fewer calls per month. An AT&T spokesperson said the company tagged 1 billion automated calls per month. A spokesperson said T-Mobile confirms more than 300 million calls every week.
USTelecom Vice President Bercu is working with suppliers and the government to trace suspicious calls to ward off scammers. Another step is to get other countries to join STIR / Shaken, said Eric Berger, a computer science research professor at Georgetown University.
Despite concerns about its effectiveness, STIR / SHAKEN is not a wasteful law, White said. This process can help businesses and governments better analyze and collect information to use for the next attack.
“People complained and the government responded,” he said. “This is what you want to see in a democracy.”