Almost Half of US Cellphone Calls Will Be Scams By Next Year, Says Report

According to a new report from First Orion, nearly half of the mobile phone calls received in the U.S. next year will be scams. "The percentage of scam calls in U.S. mobile traffic increased from 3.7 percent last year to 29.2 percent this year, and it's predicted to rise to 44.6 percent in 2019, First Orion said in a press release Wednesday," reports CNET. From the report: The most popular method scammers use to try to get people to pick up the phone is called "neighborhood spoofing," where they disguise their numbers with a local prefix so people presume the calls are safe to pick up, First Onion said. Third-party call blocking apps may help protect consumers from known scam numbers, but they can't tell if a scammer hijacks someone's number and uses it for scam calls. "Scammers relentlessly inundate mobile phones with increasingly convincing and scary calls," said Gavin Macomber, senior vice president of marketing at First Orion, in an email statement. "Solving a problem of this magnitude requires a comprehensive, in-network carrier solution that dives deeper than third-party applications ever could by detecting and eliminating unwanted and malicious calls before they reach your phone."

Easy to fix

[OrangeTide]

But carriers don't feel like doing it.

Re:Easy to fix

[iggymanz]

indeed, they'd rather knowingly sell blocks of numbers to the same Indian scammers they sold another block a month before.

Yes, India. India is the major source of this problem. I'm in favor of cutting trade and business with them until they clean up their act.

Re:Easy to fix

[omnichad]

They don't have to buy blocks of numbers. Just spoof caller ID. It's illegal to do with numbers you don't own, but they're not bothered by that.

Re:Easy to fix

[ShanghaiBill]

How ?

Calling party pays.

This is the way most of the world does it. Spam calls are mostly an American phenomenon.

Other countries have the "one ring scam", where the caller rings once and then hangs up, hoping a foolish person will be curious and call back. But most people do NOT call back, and the call can be traced since you have to disclose your real call back number. Also, phones in some countries have a feature where the second ring is the first audible ring.

Another reform would be to restrict spoofing. You should only be allowed to spoof if you own both numbers. This is another "American problem".

Re: Easy to fix

[AntronArgaiv]

Extremely easy.
1. Set default ringtone to a single "ding" (as used to announce an SMS or email arrival)
2. Set ringtone for everyone in your contacts list to "old telephone"
3. When phone "dings", check number, answer if it looks like one you were expecting, otherwise easy to ignore
4. Folks in your contacts list will cause phone to ring normally.

Re:Easy to fix

[Solandri]

Nope. For cell phones, most of the world uses the "both parties pay" model (the receiver pays for the convenience of getting a call via mobile). Under this model, because the recipient is paying for the spam call, they have a financial justification to complain to their carrier and require them to block the spam calls, and a legal right to sue the spammer for costing them money. The U.S. used to have this model before most cell phone plans went to an unlimited minutes model.

Calling party pays (and unlimited minutes) frees the spammer from any liability for spamming. They're paying for everything, the recipient pays nothing. So the recipient has no legal nor financial recourse to request a reduction in spam. This is why your mailbox is full of junk mail. Because the junk mail senders are paying for everything, and in fact are subsidizing first class postage.

Another reform would be to restrict spoofing. You should only be allowed to spoof if you own both numbers. This is another "American problem".

Spoofing numbers you don't own (as part of spam or a scam) is already illegal. The problem is (1) there's no way for the recipient to figure out who the actual caller from a spoofed number is, so they don't know who to sue or even complain about. And (2) as with junk mail, the spammers make up a significant fraction of phone company revenue, so the phone companies don't want to fix Caller ID to make it impossible to spoof a number they don't own.

With regards to (2), the phone companies are protected by their Common Carrier status, so it's probably going to take a change to phone protocols to prevent spoofing. e.g. Change how VoIP-to-VoIP calls are made so they also send a datagram encrypted with a private key owned by the caller. The receiving VoIP device looks up the Caller ID number in a public database to find that number's public key, and uses that key to decrypt the datagram. If the decryption fails, then it knows the caller doesn't have the proper private key for that Caller ID number, meaning the number has been spoofed, and drops the call. If the decryption is successful, then it knows the Caller ID info is accurate and allows the call to ring through.

Re:Easy to fix

[Jaime2]

Even easier - carriers shouldn't accept a call from outside their network if the caller id is for a number that's inside the network. That would stop 95% of the spam calls I get.

Good

[AlanBDee]

I'm glad, it hope it gets worst. I'd say 90% of incoming phone calls I get are scams or telemarketing calls. The worst it gets the more likely the carriers will do something about it. Until then, I'll continue to set my blocking app automatically hang up if they're not in my contact list. I'd be even happier if i could send them to the Jolly Roger phone company with a simple button press.

All of 'em

[fyngyrz]

All of my cellphone calls are unsolicited and unwanted.

Because anyone who actually knows me knows I don't answer phone calls. My default ringtone is silence. I have actual make-a-noise ringtones for a couple of family members in case of emergency, but (thankfully) no one's tried to call me for an emergency in the last ten years or so. And the fam+friends know better than to make that thing ring for anything else; I'll just bite their head off. :)

AFAIC, The phone system's been outright ruined by spammers. And so far, unlike email, there's no phone call spam filter worth the name.

Text me or email me, otherwise, you go your way, I'll go mine.

It's not a phone — it's a pocket computer

Re:All of 'em

[Attila+Dimedici]

The spammers count on that sort of behavior by people who are not likely to fall for their scam. When their robocall gets no answer, it moves on to the next and costs them essentially nothing. When I get those calls I spend as much time as I can spare (usually when I am doing something else that does not require verbal interaction from me) keeping a human on the line as long as I can. That costs the spammers money. It doesn't really cost me anything because they are following a script that does not actually require me to pay attention to what they say and just provide an affirmative noise at the appropriate points, right up until they ask for a credit card, at which point I tell them "No". At which point they usually put on another person who goes through the script again. And if I finish whatever I am working on before they are done, I hang up.

Time for PKI in Caller ID and network connections

[StandardCell]

The remnants of AT&T's ancient SS7 are still infecting voice calls today. Back then, it made sense to not authenticate caller ID information because the threat model required physical access to phone company switches and a lot of equipment to implement. It wasn't feasible.

Now that VoIP and packet-switched networks have replaced circuit-switch voice band twisted pair landlines, we still lack a way to enable secure authentication to a trusted root of who is actually calling. The FCC is supposedly looking into solutions, but implementing PKI in the network can prevent these calls from ever getting to people. Many of these scams are on VoIP gateways that have default passwords.

Normally I'm against a lot of government involvement in people's lives, but this is one place where it's required. If Congress could pass the CALM act to end annoying loudness changes in broadcast TV, the passing of which had little economic consequence, then Congress can definitely get their act together and pass a law to do the same for authenticating phone calls using PKI and removing security holes. Inaction in this area already has a tremendous negative economic consequences, particularly for the elderly and other vulnerable individuals who are defrauded systematically and who are typically more reliant on phone services due to their ease of use and familiarity.

The real tell in all of this will be what the carriers do when this is enacted. I suspect there will be tremendous resistance spearheaded by the argument that it will require equipment replacement. I'm not sure that's the case given that the magic is in firmware, but more on the system engineering side. In that case, let them put a deadline down to get their act together. Where there's a will (and a law), there's a way.

Why? Because it works.

[dark.nebulae]

We all get these stupid calls. Indian-based Microsoft support proactively finding a problem on your computer and they have the solution. We heard you suffer from chronic pain, we have things that will help. You've been selected for a free trip to Disneyworld. There's a solution for your creditcard debt. Refinance your student loans to get a lock-in before DeVoss ends the program.

It is all bullshit. We know that.

So why do they keep coming?

Because they freaking work. You get one moron that only goes online once a week on their 56k dialup line at home to check the facebook, they're more than willing to whip out their credit card to take advantage of such a limited time, exclusive offer.

It's that one moron that ruins it for us all. The scammers then make money, the carriers make money, etc., so they are incentivized to call the rest of us looking for more idiots.

Fight Fire with Fire

I used to get a lot of calls from India. At first I just told them to fuck off but the calls kept coming. Then I tried spending time winding them up but that always seemed like a waste of my own time. The thing is, I spent more than a decade studying psychology so it eventually occurred to me to use that. The question was not how to tell them to fuck off but how to get them to decide to fuck off for themselves. India is heavily honour and family oriented. This is a rough transcript of the last call that I answered, now many years ago:
Me: Hello?
Scammer: This is John from Microsoft, you computer has a virus.
Me: Have you told your parents that your job is trying to steal money from people like them in another country?
Scammer: [5 seconds of silence] ... [strangled voice] ...no... [line disconnects]

The number of scam calls dropped hugely. I like to hope that at least one Indian decided to move on to an honest job instead.