[Reading Time - 3 minutes 22 seconds]
The volume of spam or unsolicited email, continues to remain high. Although estimates vary widely, a conservative estimate is that about half of all email sent today is spam. And with a total of 281.1 billion emails sent daily, that means that each day some 140 billion emails are spam. Spam is both annoying and dangerous. It interferes with our productivity when it bypasses email spam filters so we have to deal with messages about healthcare and dating (the two most common types of spam today). Spam can also be dangerous when it carries malware attachments or is part of a phishing scheme to trick us into surrendering our private information to attackers.
A close cousin to spam is unsolicited phone calls generated by so-called robocallers. Although these telephone calls obviously cannot have a malicious attachment like a spam message, they can be part of a "voice phishing" or vishing scheme. And are these calls ever annoying! Yet robocalls continue because it is such a cheap and scalable model.
Defenses against robocalls are very weak. There is a federal "Do Not Call" registry in which individuals can have their numbers added to a database that telephone solicitors are supposed to check and then not call anyone on the registry. And there is a fine of up to $40,000 that can be assessed per violation. In September 2018 the Federal Communications Commission (FCC) issued $120 million in fines against two robocallers. But everyone knows that unethical telephone robocallers never check the list and call anyway. What's more, it is now considered dangerous to answer a robocall and remind them that you are on the Do Not Call registry or demand to be removed from the robocaller's list. Why? Because the robocallers then know that your phone number is legitimate, and they will make even more robocalls to your number--and even sell your number to other robocallers as a real phone number with a real person who answers.
And now robocallers have unleashed a new weapon: "neighbor spoofing." Suppose that your phone number is (123)456-7890. Robocallers now spoof both the area code (123) and number prefix (456) so that Caller ID shows the number as (123)456-xxxx that looks like the call is coming from a neighbor who is local. Many users will be more tempted to answer the call (and then hear the solicitation or have that number tagged as a real phone number with a real person who answers). In some instances, consumers have even reported that their own phone number has appeared on their Caller ID! One person reported that they answered the call and was told that it was from the telephone company and the person needed to provide personal information to verify their account because the user's telephone information had been stolen!
The issue has become so serious that earlier this week (Oct 10 2018) 35 state attorneys general petitioned the FCC to let telephone carriers get more aggressive in blocking robocalls. In 2017 the FCC authorized telephone voice service providers to block more types of calls in which the Caller ID has been spoofed or in which the number on the Caller ID is invalid. But the robocallers have found ways around these new rules.
What can be done about robocalls?
There is a technology solution available. STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that can prevent robocallers from making illegally spoofed calls. STIR and SHAKEN use digital certificates to ensure the calling number is valid. Each telephone service provider obtains their digital certificate from a certificate authority (CA) that enables the called party to verify that the calling number is real and has not been spoofed. And the attorneys general asked the FCC to "encourage" all telecommunications providers to implement these protocols. But there has been pushback from the telephone carriers about false positives or blocking legitimate calls. And those companies who make legitimate telephone solicitation calls likewise have raised alarm over this.
But as for right now, is there anything that users can do?
The answer is yes.
For too long the solution about stopping robocallers has been focused on blacklisting, which is identifying and blocking the telephone numbers from which a call originates. With robocallers using neighbor spoofing this has shown that trying to come up with a list of phone numbers to block is futile.
So, let's instead turn to whitelisting, or using a list of pre-approved phone numbers that only your phone will answer. And both Apple iOS and Google Android devices already can do this (or you can download an app to do it). You can set up your smartphone so that only a call received from a telephone number that is already in your contact list will cause your smartphone to ring; all other calls are blocked. Thus, you can use your contact list as your pre-approved whitelist of who can cause your phone to ring.
For Google Android select Settings | Sound | Do not disturb | Priority only allows | Calls - From contacts only. You can also filter it even more by selecting Calls - From starred contacts only. For Apple iOS select Settings - Do Not Disturb | Toggle Manual ON (green slider) to enable Do Not Disturb (DND) | Allow Calls From | All Contacts.
Stopping robocalls with whitelisting is not perfect; what would be better is an option that diverts any non-whitelisted calls to voicemail. But if you are overwhelmed by robocallers this might be a solution for you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.