ITsecurity
twitter facebook rss

Robocalls: Automating Nuisance Calls

Posted by on August 8, 2016.

Recently I received an email from Nikki Courtney of Radio KTRH, in Houston, requesting a radio interview on robocalls. Why me, I’m not sure, unless it was because of an article I wrote earlier this year for ESET. It’s academic really, as I live in entirely the wrong time zone, and was in any case out of office and out of reach of email at the time. As a result, her deadline was long past by the time I saw the email. I did forward some notes in case they were of use to her, but as she apparently didn’t use them and I didn’t hear back from her, I guess they weren’t… The article includes some responses from Maureen Mahoney of the Consumer’s Union that might be of interest.

Here are Nikki Courtney’s questions and my (edited) responses, in case you might find them useful.

1.)  Are robocalls on the increase and why?

Robocalls are certainly very common. In July 2015 Aaron Foss’s estimate was that 35% of all phone calls are automated. Consumer Reports told us in 2015 that ‘Every month more than 150,000 consumers complain to the Federal Trade Commission and Federal Communications Commission.’ Youmail’s Robocall index posts a monthly estimate of the number of robocalls placed for that month, among other data. Its estimate for July 2016 is 2.4 billion robocalls in that month alone. Which is apparently actually down by 6% from June.

2.)  Who is calling?

Not all automated calls are technically scams, but many of them certainly come from scammers. The Consumer’s Union states that an estimated $350m a year is lost to phone scammers. (It’s not clear how many of those scammers are using robocalls, though.) Last year, the FTC shut down one offender in the US.

Robocalling is commonly associated with IRS scams, home improvement scams, and home security scams, but just about any phone scam could be delivered through automated calls.

Among scams delivered by robocalling in the UK are scams relating to mis-sold PPI (Payment Protection Insurance), mis-sold pensions, and debt management. The UK’s Information Commissioner’s Office recently fined the now defunct lead generation company Prodial Ltd £350,000 (the largest fine it has imposed to date) for making more than 46 million automated nuisance calls relating to PPI.

3.)  How do they get our numbers?

They don’t necessarily need to get your number. In most cases that I’m aware of, robocalls aren’t targeted, so using autodialing software to try every number in a given numeric range isn’t difficult. And it can be done cheaply or for free using Voice over IP, so it doesn’t matter much to the caller if many of the calls don’t reach a likely sales prospect/mark.

4.)  How can someone stop robocalls?

Sometimes a phone company can block calls from known ‘bad’ numbers. However, the service is usually limited in the number of callers it blocks, and the service is normally for-fee. The Consumer’s Union is, however, promoting a campaign to persuade service providers to block robocalls more effectively. Some models of telephone can include blocking functionality, according to organizations such as Which and Consumer Reports, but in general, only a few numbers can be blocked. Not only is there a huge number of numbers associated with sales, spam and scam calls, but it’s also easy to change or spoof a caller ID. Once the scamming community has your phone number, you may receive calls from many more numbers. It is sometimes possible to block calls from withheld or international numbers, but that might mean losing legitimate calls as well as spam/scam calls.

There is also a wide range of call-blocking apps available for smartphones. I haven’t tried any out, and can’t make recommendations as regards specific software or hardware.

Aaron Foss and Serdar Danis were each awarded $25,000 in 2013 by the FTC for ‘intercepting and filtering out illegal prerecorded calls using technology to “blacklist” robocaller phone numbers and “whitelist” numbers associated with acceptable incoming calls.’ Foss’s Nomorobo service is claimed to be successful for people using VoIP carriers that support Simultaneous Ringing.

5.)  Is there a do not call list?

Indeed there is. Many countries provide such a service, and the European Union’s Data Privacy Directive 2002/58/EC requires members states to enact legislation to control cold-calling.

Subscribing to such a service reduces the risk of nuisance calls from legitimate organizations, but not (usually) from callers whose intentions are not legitimate, and who are hiding their identity. In general, they simply don’t care about such lists. The UK’s Telephone Preference Service doesn’t actually apply to automated calls. That said, if you’re in a country governed by EC legislation you shouldn’t receive such calls unless you’ve already given permission. But it would be naïve to expect problems like these to be solved by legislation alone.

The FTC suggests, quite rightly, that just the fact that you’ve received a call despite being registered increases the likelihood that it’s a scam call. However, some types of unsolicited call are normally permitted. The US service makes such exceptions for political calls, charitable calls, debt collection calls, informational calls, and telephone survey calls. The UK’s service also excepts surveys, which is why sales calls often start off trying to sound as much as possible like a survey). Other exceptions to the ‘no call’ rule may vary from country to country.

David “Don’t call me, maybe”* Harley

*Apologies to Carly Rae Jepsen


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,