Phone spampocalypse: fighting back in the age of unwanted calls
Credit to Author: Jovi Umawing| Date: Thu, 27 Sep 2018 18:58:27 +0000
When Nigel Guest, then president of the Council of Neighborhood Associations (CNA), sent an email with the subject line, “test,” and the small letter “x” in its message body, the city of Berkeley, CA, went into a frenzy. You see, Mr. Guest thought he sent it only to himself, but he actually posted that terse email by accident to thousands of registered voters in the area. And thus, what is now known to locals as the Berkeley Spampocalypse was born.
Some were understandably annoyed, angry—even threatening—while others took it with grace. Those in the latter group were able to organize a potluck picnic they called “CNA Survivor Picnic” that weekend at Ohlone Park. 70 residents turned up, had a blast, and capped off the event by handing Mr. Guest a can of Spam as a thank-you gift.
Granted, not many spam stories have a happily ever after. In fact, many of us know that a positive outcome like typically doesn’t happen at all. When it comes to spam, faces flush red, pupils dilate, and people force a smile behind gritted teeth.
Bulk unwanted email spam was once the bane of society before the technology of filtering was introduced. Although email spam can still cost someone else’s productivity, we can genuinely say that at this point in time, we have, at least, come to manage bulk email spam.
Sadly, we can’t say the same about phone spam.
Spampocalypse reborn
Users have found themselves at war with a constantly burgeoning trend of unwanted calls that plagues smartphones, traditional landlines, and VoIP devices. And while there are tools to help consumers address robocalls, scam calls, and spoofed calls, contrary to popular opinion, US telecommunications companies have the technology to protect customers themselves—they just haven’t done it yet.
To this day, some of these companies are still hemming and hawing about aggressively block robocalls, putting technology on the back burner. Another roadblock to the adoption of new blocking technologies is the existence of legacy phone systems that may not be up to the task. As a result, addressing the robocall problem is left mostly in the hands of consumers.
But the spam problem isn’t going to go away on its own. According to a report from First Orion, a company that provides call blocking, by 2019 almost half of cellphone calls in the US will be scams. We’re also seeing a new and emerging trend of non-English speaking robocallers targeting immigrant communities. Thankfully, lawmakers have taken note of the rising tide of phone spam and decided to do something about it.
The long arm of the law
Many might feel that the fight is like David (stone and slingshot in hand) versus 10 Goliaths in chariots, but what users must realize is that they are not alone.
Read: Stop telephoning me-eh-eh-eh-eh: robocalls explained
Regulators and lawmakers have long recognized that consumers cannot solve this seemingly impossible problem. After all, they are just as affected by the deluge of unwanted calls as the average Joe, and have similarly witnessed the consistent surge of phone spam over the last few years. Thus, several new legislation and rules have been passed and/or introduced to help address robocalls and other illegal calls. They include:
DNO list
In the fourth quarter of 2017, the FCC approved rules that authorize voice service providers—mobile phone carriers, landline carriers, and VoIP carriers—to instantly block telephone numbers in a “Do-Not-Originate” (DNO) list. A DNO is a set of phone numbers that do not or cannot make outgoing calls. The nature of calls received from numbers that belong in the DNO are always fraudulent, and instantly blocking them can curb unwanted calls. While those in the telecommunications profession agreed that a DNO list would help, they also believed that scammers would eventually find a way around it.
RAY BAUM’S Act
Officially designated as H.R. 4986, the Repack Airwaves Yielding Better Access for Users of Modern Services, or RAY BAUM’S Act, gives power to the Federal Communications Commission (FCC) to strengthen the US’s critical telecommunications services and increase the deployment of 5G. RAY BAUM’S Act, which was passed in March 2018, is also meant to “advance proposals that would help the FCC and law enforcement protect consumers from fraudulent telephone calls, and to educate Americans about their options to stop these illegal calls.”
Florida Call-Blocking Act
Bill number CS/HB 1267, or the Florida Call-Blocking Act, gives power to telecommunications service providers to block calls from bogus numbers, spoofed numbers, and numbers that impersonate local numbers. It also authorizes telecoms to stop blocking certain calls, such as emergency calls.
ROBOCOP Act
The Repeated Objectionable Bothering Of Consumers On Phones, or ROBOCOP Act, if passed, will give more power to telecom customers to pick and choose the type of calls they want to receive and block. It will also give users the right to take legal action against telecoms that violate this act. Telecoms will also be required to verify the accuracy of caller IDs and offer free, optional robocall-blocking technology to their customers.
In an April 2018 blog post, Contact Center Compliance noted that the ROBOCOP Act may do harm to legitimate debt collectors and to those reliant on collection calls. As we all know, consumers aren’t particularly keen on receiving calls from debt collectors. The ROBOCOP Act would make it easy to simply block them and forget their troubles.
Mitigate, mitigate, mitigate
Since the publication of our last post on robocalls, additional technologies and strategies have resurfaced that some consumers use and swear by their success in blocking unwanted calls. The list below supplements the mitigation steps we have already provided:
Consider using a Google Voice number to screen and forward calls. Google Voice has been around for almost a decade, and users have found that using Google’s free phone number as their primary number instead of their real number has helped filter out unwanted calls. Unfortunately, Google Voice is only available in the US. Google advises that those outside the US can use Hangouts.
Use your phone’s “Do Not Disturb” feature. Doing so, in effect, will whitelist calls from your contacts and block everything else. You can do this on iOS by opening the Settings app, flipping on Do Not Disturb—don’t give it a schedule—and then tap “Allow Calls From” and pick “All Contacts.” On Android, you can do this by going to Settings > Sound > Do Not Disturb.
Note that while this is a blanket workaround, it might be wise to regularly add numbers you trust, such as those used by your child’s school, to your contact list to avoid missing any important calls from them. And remember: calls from potential employers, doctor’s offices, or anyone with a phone number that hasn’t been entered in your contacts list will not get through to you.
Android also has a built-in caller ID & spam feature that you may want to enable.
Consider using an external robocall-blocking device. Traditional landline and VoIP phone users may find these nifty gadgets helpful. If you’re wondering what these devices are, Consumer Reports already has a review out for specific products you can start off with, like CPR Call Blocker Protect (a device geared towards more vulnerable users like those who have Alzheimer’s), Nomorobo, Digitone Call Blocker Plus, HQTelecom.com Landline Call Blocker, and Sentry Dual Mode Call Blocker.
Think about purchasing a phone spam-blocking security app for your smartphone, such as Malwarebytes for iOS or Malwarebytes for Android, both of which will block spammy or malicious text messages as well.
Get ready for STIR and SHAKEN. STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) is a standard created and currently being tested by the Alliance for Telecommunications Industry Solutions (ATIS). The general idea of STIR/SHAKEN is borrowed from the textbook of modern cryptography. New York Magazine has illustrated what this would look like once implemented, and we have duplicated it below for your convenience:
Someone would place an outbound call. That call would contain a certificate verifying that the call is indeed coming from the number it claims to be coming from. The phone call is passed along to the incoming carrier (e.g., AT&T), which would then check the certificate’s public key against a heavily encrypted private key. A policy administrator, run by the telecom industry with oversight from the FCC, would be in charge of handing out certificates and making sure everything is on the level.
While the technology has yet to take off, some of the downsides of STIR/SHAKE are already identified. For one, STIR/SHAKE can only work in the US, and robocalling is a global problem. It may also take time for all US carriers to adapt to the new system, and if they do, it could cost them millions. As such, it’s likely that they would pass along the cost to existing customers. Lastly, malicious callers could get and use a verified number to call their targets, the same way phishers use HTTPS certificates to make their phishing sites more believable.
When the dust settles
More unwanted call tactics will spring up in the future, no doubt—experience has taught us to expect it. Thankfully, we see a lot more movement from regulators, law enforcement, and several telecoms and private companies to address the problem of unwanted calls.
It’s great to know we’re not entirely defenseless in this fight against phone spam. So, let’s make use of the tools available to us, take advantage of protection services offered by your phone provider, and continue to hold telecom companies accountable for preemptively blocking unwanted calls. Remember that the dust will settle eventually. And if we really think happy thoughts, maybe there’ll be a potluck picnic for survivors of unwanted calls, too.
Additional reading:
- Case study: 365 days of phone spam shows just how bad it’s getting
- Comcast or Capital One calling? It may be a robocall scam. Here are the top 10
The post Phone spampocalypse: fighting back in the age of unwanted calls appeared first on Malwarebytes Labs.