AT&T Is Adding a Spam Filter For Phone Calls

An anonymous reader quotes a report from The Verge: Today, ATT introduced a new service for automated blocking of fraud or spam calls. Dubbed ATT Call Protect, the system identifies specific numbers believed to be sources of fraud, and will either deliver those calls with a warning or block them outright. Users can whitelist specific numbers, although temporary blocks require downloading a separate Call Protect app. The feature is only available on postpaid iOS and Android devices, and can be activated through the MyATT system. Phone companies have allowed for manual number blocking for years, and third-party apps like Whitepages and Privacystar use larger databases of untrustworthy numbers to preemptively block calls from the outside. But ATT's new system would build in those warnings at the network level, and give operators more comprehensive data when assembling suspected numbers. More broadly, marketing calls are subject to the national Do Not Call registry. Specific instances of fraud can still be reported through carriers or directly to police.

Great

[Mister+Transistor]

Except the spammy douchebags are just spoofing local numbers to fool people into picking them up. They seem to change them weekly or so.

Re:Great

[IMightB]

No kidding, almost every call I get that not already in my address book, but is in one of my local prefixes, is some dude from india, or someone trying to sell me a timshare

Re:Great

This.

They've even started with spoofing of the first six numbers to confuse individuals as well.

I swear my block list is considerably larger than my contact list...

Re:Great

[ShanghaiBill]

Except the spammy douchebags are just spoofing local numbers to fool people into picking them up.

The phone companies could easily detect and block that behavior, if they chose to do so.
The problem is that they have no incentive to care.
Hopefully, when AT&T starts blocking spam calls, the others will do the same to stay competitive.

Re:Great

[jellomizer]

If AT&T can tell that it is a spoofed caller ID, then they could automatically block the call. AT&T being AT&T who handles the call routings should be able to tell if the call (at least the phone bill for the call) is based on the given service area.

Re:Great

[BronsCon]

Timshare? Sounds like a San Francisco startup to me.

Re:Great

[Just+Some+Guy]

I use Hiya on my iPhone to tag fraud and spam calls. (Not affiliated in any way; I just like the app.) It regularly pushes updated lists of current bad callers to my phone, and iOS 10's CallKit API queries it every time I get a phone call. I can decide whether I want to accept or automatically reject labeled callers. Numbers in my phonebook are automatically whitelisted by the OS.

That's pretty much the perfect solution in my book. Hiya sends me the lists but it doesn't have any information about what the OS does with those lists. It can't tell who's calling me, for instance. It's entirely my decision how to handle callers.

Re:Great

I use Android 6.0 "priority only" mode. It blocks several spoofed local number calls each week, and my phone always rings when someone I know calls because I have it set to ring when anyone on my contact list calls me.

Settings > Sound & notification > Do not disturb

Automatic rules
* Every day / 12:00 AM to 11:59 PM / Priority only

Priority only allows
* Messages: None.
* Calls: From contacts only
* Repeat callers: If the same person calls a second time within a 15 minute period, allow it.

p.s. I only give out my Google Voice number to businesses, but the call-spammers dial my actual phone number even though it's on the national do not call registry.

Re:Great

[currently_awake]

Phone companies are the only ones able to detect spoofed caller ID. Even if the number is spoofed overseas they will know where the call entered their network, and the phone companies can work together to pass along that information. If the "local" call is coming from India then it's not local.

Re: Great

[rantrantrant]

The calls must be from Canada. Tim Hortons to be specific. If they offer you Timbits, just hang up, eh?

Re: Great

[BronsCon]

One thing I miss about Michigan... Michigan has Tim Hortons. When my buddy came to visit (before he moved down here) I made him bring me some Timbits. No joke, we almost got jumped by two Canadians on the way out of the airport.

Re:Great

[Ol+Olsoc]

Except the spammy douchebags are just spoofing local numbers to fool people into picking them up. They seem to change them weekly or so.

My method works better, If I don't know who it is, if it isn't in my address book I don't pick up the phone. Don't give a shit any more. The telephone system has been ruined, and is essentially worthless.

Re:Great

[LunaticTippy]

Sounds good. Glancing at their website I can't tell how they make money off this. Do you have any idea?

Re:Great

[stevel]

AT&T's Call Protect is "powered by HiYa".

Re:Great

Except the spammy douchebags are just spoofing local numbers to fool people into picking them up. They seem to change them weekly or so.

Not exactly.

Phone companies have allowed for manual number blocking for years

No, not really.

What the scammers do is spoof Caller ID information. That is also the ONLY blocking method phone carriers have provided. There's no way for subscribers to block the actual AN.
A lot of carriers have cracked down on Caller ID spoofing, so the scammers will rely on shady offshore phone companies which still allow it, and/or VOIP services which also still allow the subscriber to set their own Caller ID data. Any telco with a shred of legitimacy will have that ability disabled, and only allow 'spoofing' when it's something like a customer with multiple lines who wants them all to present the same Caller ID... and then they'll set the ID data up FOR the customer, not simply relay what the subscriber tells them to.

In short, this is another example of not really solving the root of the problem at all.

Re: Great

I've wondered myself but use them anyway. You don't share your contact list with them like you do with TrueCaller.

Re:Great

If AT&T can tell that it is a spoofed caller ID, then they could automatically block the call.

There are a lot of legitimate reasons why caller ID might not match the AN setting up the call. Unless the caller is actually an AT&T customer, there is not much they can do to determine if it's a legit spoof or not.
One example of legit spoofing is when you have two or more phone numbers, and only want to get Inbound calls on one specific number, or possibly have inbound calls go to an 800 number you own. You can have your telco spoof the caller ID on all your lines to deliver the same number. You'll see a lot of companies do this with the cell phones they give to their Field Technicians... they deliver a Caller ID which goes back to the central support center or Dispatcher.

But the way it's supposed to work is that the telco sets that up FOR the customer, after verifying the spoofed number is valid and legitimately owned by that same person or company. But a lot of lazy, inept, or just plain corrupt companies exist which allow customers to send the Caller ID themselves. Other companies can't normally tell what is legit and what is not. And more to the point, performing the verification is a manual process, there's really isn't any way to automate it, especially not at the time a call is being made.

Re:Great

[Just+Some+Guy]

I'm not clear on that, but it seems like they could make a nice business of selling "realtime crowd-sourced intelligence!" to enterprises.

Re: Great

[Just+Some+Guy]

Yeah, that killed TrueCaller for me. I'm not sure how Hiya's funded but I know it's not from my personal info because I haven't given them any.

Re: Great

[Morgon]

According to HiYa's Privacy Page, they do indeed pilfer your contact list.

Re: Great

I don't think you understand how the telephone system works...

Re:Great

Number portability has rendered your uninformed logic useless. I work in the industry. Most numbers can originate from pretty much any service area in the country.

Re:Great

Great, more people talking out of their ass. Your ass must hurt.

Re:Great

[jellomizer]

So you are blame for the crappy design in our telecom infrastructure?
In a system where we get billed for every call we make or get. To say that there is no way to validate the call origin seems like criminal negligence on the telecom side.

Re: Great

It's asks you to share, but doesn't penalize you if you say no.

Some providers are already doing this

[DarkFencer]

Some providers are already doing something similar, and have been for a while. Ooma has had this as part of their 'premier' service for years.

http://support.ooma.com/home/call-blocking-meta-article

This unfortunately doesn't help for all the spoofed callerIDs that are being used though - especially for pure fraud (not just simple telemarketing).

Re:Some providers are already doing this

[ganjadude]

time warner cable (now spectrum) also has this they are simply affiliated with www.nomorobo.com. I wonder if its the same backend

Re:Some providers are already doing this

[DarkFencer]

time warner cable (now spectrum) also has this they are simply affiliated with www.nomorobo.com. I wonder if its the same backend

According to Ooma's FAQ, they also use NoMoRobo.

Mafia tactics in use

Yeah right. They just want to get their share for incoming spam calls from both parties. First the phone owner pays for protection from spammers and spammers pay fot ATT that they get trough.

An anonymous reader quotes a report from The Verge

You mean an AT&T PR rep quotes from a press release they sent to the Verge and you post it for mad duckets.
you did get mad duckets, right?

Political calls

[DonaId+Trump]

Does anyone know if political calls are exempt? I'm asking for a friend.

Re:Political calls

[Ol+Olsoc]

Does anyone know if political calls are exempt? I'm asking for a friend.

Political calls are exempt, and are the moral equivalent of the Bob from India telling you your PC has an infection they can help you with. They don't get answered.

Not clever enough

[Kardos]

They should shadow-block them! If you block them it gives the spammers feedback that the number they're using is burned and they will cycle onward to more numbers. If you shadow-block them instead and hang up after a "typical" number of seconds it'll make it much harder for them to know if they've reached an actual person or are being spambinned.

Re:Not clever enough

[sims+2]

Telemarketers usually only let the phone ring about 3 x so that would be of limited effect Lenny or any other telecrapper implementation would work much better! https://www.reddit.com/r/itsle...

Keep them on the line waste their time!

Re: Not clever enough

[rantrantrant]

Can't they come up with an AI answer it that automatically answers spam calls and keeps the spammers on the line as long as possible. That could possibly make spamming unprofitable.

Re: Not clever enough

[rantrantrant]

Damn autocorrect: AI answerbot

Re: Not clever enough

[sims+2]

That was the intent of the telecrapper.
Lenny is the only currently working telecrapper I am aware of.

Re: Not clever enough

[itsownreward]

I prefer Lenny, but there's also the Jolly Roger Telephone Company.

Glad I don't have AT&T

[clonehappy]

Seems like it's rife for abuse. The "numbers" used by spammers are just spoofed local phone numbers, and heaven help you if you have one of the numbers they spoof, you won't be able to call anyone.

Plus, I'm sure this will be used to block communications from subversi^W terrorists and everyone else they deem unworthy of being able to communicate.

Sounds Great

Or they could just stop charging people to not be listed...

marketing calls are subject to the national Do ...

"Do Not Call Registry" is a joke. I have all my numbers on it and I still get tons of calls...

Landlines?

[sims+2]

So how do I enable this on a landline?

Or ATT still operating under their policy of !@#$ landline users?

Re:Landlines?

[Mister+Transistor]

Pretty much, yeah. You can BUY 10 (yeah, 10) number blocks for like 5 bucks a month. Fuck them. I'm going to Magic Jack. I also got a call blocker from Amazon (Sentry II). Best $50 I ever spent in my life!

Re:Landlines?

[sims+2]

I bought a jf teck caller id with phone ring controller a couple years ago.

It was chosen because it was the only one I could find that was able to handle whitelist only at the time.

There is a phone on both sides of the device so I can turn the ringer off and still get important calls.

Re:Landlines?

[ShanghaiBill]

Or ATT still operating under their policy of !@#$ landline users?

Landliners generally can't switch providers, so why should they care?
Why do you have landline?
If you only have it for emergencies, then set the volume to zero, and only use it for outgoing calls.

Re:Landlines?

[sims+2]

Business requirement and it makes fax use easy.

Re:Landlines?

[ShanghaiBill]

Business requirement and it makes fax use easy.

Oh right, I remember learning about faxes in history class.

Re:Landlines?

[apoc.famine]

You've never dealt with state government or anyone who handles confidential information then, eh?
 
I send/receive at least one fax per month, even at the tail end of 2016. Why? Because explaining how to do secure file transfers to secretaries is something that either a) you're not paid enough to do, or b) you're paid way too much to do. There is no single solution that everyone can use. Every online solution requires a different piece of software, different account, different licensing. Far easier to tell them, "stick this bit of confidential paper into the copier, press fox [sic], type in this number, and hit go".
 
Confidential info goes into copier, copier makes noise, confidential info pops out in copier at secure location. Secretary there picks it up and files it.
 
Faxes still exist because they are simple and the one semi-secure file transfer format that is ubiquitous. Any organization can buy a copier with fax capabilities, and use it to exchange info with any other organization.

Playing both sides

The art of being a middleman.

It's not in AT&T's best interest

[unfortunateson]

It's not in AT&T's best interest to limit phone spam, because they're customers.
Who would be best able to detect and prevent boiler-room callers? The phone companies.

I'm worried that If I ever meet "Heather from Card Member Services" I may not be responsible for my actions.

Re:It's not in AT&T's best interest

Cause "Heather" would be a 6' 10" 310 lb UFC fighter that would kick your ass?

Just activated it...

[bobthesungeek76036]

we'll see...

Hmmm

[c]

I wonder how much AT&T will charge telemarketers to get around the spam filter?

Or does everyone think AT&T is adding this feature to help customers?

stupid ATT

ATT allows for spoofing of phone numbers. Fuck ATT. Don't do business with them.

It's Hiya, and I don't like its lack of privacy

[Khopesh]

This is merely a rebranded version of Hiya, which still requires surrendering your entire contact list and conversation metadata to a third party without any masking.

Then again, even if each phone number was stored as a PBKDF2 hash, since there are only 3-4 billion legal phone numbers in the NANPA numbering system (given 370 area codes). I estimate this would take under 45 minutes on a quad-GPU system (divide by the number of nodes in your cluster). I suppose this is a decent hurdle, but not quite good enough to make me happy. Maybe the solution would be to also include the victim's area code's primary state in the hash (which would then require 12-36 hours to break), but then you'd have limited utility when dealing with interstate regions like the DC Metro area or the Tri-State Area.

Security and privacy often butt heads, but I think that the right design can facilitate the right balance. The same goes with security vs freedom (we all know the Ben Franklin quote, right? "Those who sacrifice liberty for security deserve neither"). None of these are opposites.

I'd feel a lot better if Hiya had a regular transparency report, but I can't find such a thing.

Whitelist. Not Blacklist.

[Mike+Van+Pelt]

The spoofing issue makes a blacklist almost as useless for phone spam as for email spam.

What I want instead is a whitelist. Everything goes to voicemail, without ringing my phone, not even once, unless it's on the whitelist.

If someone not on the whitelist wants to talk to me, they can darn well leave a message, or I will never know or care that they called.

People I call automatically go on the whitelist unless I say otherwise

And, just to mess with <redacted> robocallers, my voicemail message is "Hello?" (pause for response, repeat "Hello" a few times if there isn't a response) Then, when they pause, "This is an automated answering service. Do you have any other message for the people at this number?"

(Yeah, this means they'll show up in my voicemail rather than silently vanishing from my universe, but I want to screw up their business model of cheap robo-calling, and only bringing in an expensive agent when someone answers.)

OOOMA HAS IT!!!!

[Mike+Van+Pelt]

Ooma has "Contacts only" calling! I'm definitely going to have to check that out.

Re:Whitelist. Not Blacklist.

[silverkniveshotmail.]

That approach doesn't go over very well with a work phone.

App already broken

Server is offline, app won't run. Typical AT&T crap.

Meh

[buss_error]

For various reasons, I must maintain a POTS line. It rings incessantly with scammers, spammers, politicians (but I repeat myself), and bill collectors looking for someone I don't know but has the same last name.

Simple solution: A DTMF circuit and a PIN, and turn off the ringer. Someone calls in, gets a message "Please enter the extension you are calling", and if they don't enter the correct pin, it hangs up the call. If they enter the correct pin, then the Pi fires a buzzer and the answering machine. Whitelisted numbers go to the Answering machine direct. If I'm home, I'll pick up.

Lately, Rachel from Card Services and the NRA are calling my cell phone.

Yes, all numbers are on the DNC list. No, it just seems to focus their attention.

Re:Meh

I've been fairly successful with a freeware program call 'Phonetray" that's floating around in the intertubes. I dug up my boat-anchor 800Mhz PIII computer, equipped it with a Fax/Voice modem with Caller ID capability and hooked it up to my POTS line. I can block to a unique set of numbers or a masked pattern. I can customize the response (# of times the phone rings, custom answer, or just hang up). My ringers are off so I don't even know I had a call. Once I had it block a caller ID with a number of "5" - yeah, a single digit. I have it block non-existent area codes automatically and I can log all my calls to check for banks of numbers to block. I have a few hundred numbers on my block list, compared to 20 that my phone company offers me as a paid service. Yeah, right, great customer service there CenturyLink. Best is that I can look at the call logs and see which idiots continue to call me after I blocked them. If a spammer calls, consider it a gift if they are allowed even one ring.

Silence is golden, no thanks to my phone provider.

hashtag mobile phone root matters i think

"What I want instead is a whitelist."

What I want is real fucking ownership of my own god damned phone. A real working FOSS OS. So that whitelisting, and easy to use ditributed reputation weighted under full device owner control blacklisting, fully programmable voicemail menu systems, fully programmable 0-20+ ring before local device storage based voicemail system, no unneeded(=no) unencrypted data or metadata leakage to the phone company, or Google or Apple.

What I want is for the brutal tech overlords to die. Now.

And if anyone is bothered by the whole white/black terminology on this issue, I'm totally open to suggestions. passlist/blocklist I suppose.

Slit protect

Squeezes Bandit's slit BEFORE it can utter a curse word.

Translation

If you didn't pay at&t for the number you are spamming, at&t will filter yo spam shit.

at&t sold my numbers to spammers (BBB spammer admitted it) to which I received 5-10 spam calls per day. at&t only allowed me to block 19 numbers. Since moving my phone business elsewhere, I have unlimited number blocking at half the at&t expense for the same services. Bonus - received only 5 spam calls in the last 4 months.

at&t is criminal and should burn eternally.

Not for AT&T Business

[drgreening]

Doesn't work for business accounts, so no good for folks that put their mobiles under a business account (like many consultants).

Re:Meh - less expensive alterntiave

[buss_error]

I'm using a Raspberry Pi and some modified software located here:

https://murphy101blog.wordpres...