Threats

Robocalls

Learn what your organization can do to stop automated calls, spam and harassing callers. 

About Robocalls

The problem with Robocalls

Robocalls, and the financial scams and malicious attacks enabled by robocalls are surging beyond epidemic levels. Despite new initiatives by the Federal Communications Commission (FCC) and carriers, we don't yet see a measurable decline in automated call traffic post-pandemic.

Robocalls Decreased (Slightly) During the Pandemic

Americans experienced a significant drop in the amount of calls flooding their phones last Spring, helped by international call centers being shut down during the global pandemic and government efforts to stop Covid-19-related scams. At the time, YouMail reported the number of robocalls made to US phone numbers in April was the lowest in two years. That included both scam and legitimate calls, such as payment reminders from banks.

Americans Received 55 Billion Robocalls in 2023

Over the past two years, the Federal Communications Commission (FCC) has increased its efforts to prevent unwanted robocalls and robotexts. Despite these efforts, the incidence of unwanted spam calls and texts continues to rise; the United States experienced a total of 55 billion robocalls in 2023–a 10% increase from 2022. The robotext figures look even worse, with Americans receiving over 160 billion spam texts in 2023, including a whopping 19 billion in December alone.

Over 60% of Robocalls are Scams

Not all autodialed calls are illegal -- but most of them are. In March, combined scam calls and telemarketing calls accounted for roughly 64% of the month's total volume, a significant increase over the more typical 60% level we have been seeing in past months. In addition, the total number of scam and telemarketing calls jumped to over 3.1 billion calls for the month, a very substantial number of likely unwanted and/or illegal calls.

Why Do Americans Receive So Many Automated Calls?

Part of the answer is that the tools used to initiate such calls are cheaper and easier to use than ever before. Internet technology has helped fuel a record number of automated calls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable.

Another reason has to do with fundamental problems with caller ID, a phone system where anyone can operate as a carrier, the inability to detect bad callers, and a number of bad actors exploiting those flaws to drive billions of calls to American phones.

But the biggest reason that these continue to rise is that the perpetrators make money, and their approach to making money requires an every-increasing quantity of automated calls.

How it Works

First you have a company that wants to find buyers. They could be selling actual products like insurance policies or alarm systems, or they could be a scam operation looking for marks they can coerce into buying gift cards. The product doesn’t really matter, what matters is they’re willing to pay someone $6 or $7 per lead to send them people who may be interested in buying.

The company they contract to find those leads is the robocaller; typically overseas, what they do is call millions of phone numbers with a prerecorded message. Most hang up, but occasionally some listen, and those people are plugged through a phone tree until they’re determined to be a qualified lead, which is then sold to the original company.

The autodialer is able to place their calls through a gateway carrier, which is a telecommunications company willing to place those calls to American phones. The gateway carrier may not always know they’re laundering scam calls into the US telecom system, but they’re often targets of FTC enforcement. Once the call is on US soil, it passes through the patchwork of carriers to your phone: mobile, landline, business phone, or call center.

The Real Danger

Beyond just quantity the real danger is the increasing sophistication of scammers as opposed to just the volume. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers.

Why It is Hard to Stop Malicious Calls

The nature of telephonic infrastructure itself makes it difficult to stop malicious calls in general. The phone network is designed to be open source, with a diffuse network that is designed to avoid outages. In such a system there can be almost an infinite number of pathways that travel from point A to point B, making surveillance and security very difficult problems to tackle.

Another reason is that calls often originate overseas, where the FTC lacks jurisdiction. The Do Not Call list doesn’t work for robocalls on your cell phone, it just prevents live telemarketers from calling you. Even if it did work, the robocallers are already flaunting the law, and there’s little reason they’d respect the registry. They’re able to thrive on the US phone system because of a fundamental flaw in the structure of the grid.

Another reason has to do with Caller ID. Caller ID, from its inception, was never verified. Caller ID was implemented the same way that a return address on an envelope was, where a person could put anything. As a result, caller ID is meaningless yet still relied on, which makes it easy for scammers to exploit.

The Supreme Court Made it Harder

The 1991 Telephone Consumer Protection Act (TCPA), directed at controlling nuisance telephone calls granted rulemaking authority to the Federal Trade Commission and the Federal Communications Commission. It allowed the agencies to put in place the Do Not Call rule in 2003 allowing people to opt out of receiving telemarketing calls.

The statute also bans the use of autodialers to make calls to cell phones or to send text messages without the prior express consent of the called party. Or at least it used to until April Fools’ Day 2021, when the Supreme Court gutted that provision ruling that a device is an autodialer only if it uses a random or sequential number generator to store or produce numbers to be called, thereby applying the statute’s autodialer provision to exactly zero real-world devices.

STIR / SHAKEN

One thing that might help with the problem is the Federal Communications Commission mandate, under a 2019 law, for carriers to implement a set of caller ID authentication protocols known as STIR / SHAKEN. Under STIR / SHAKEN, “calls traveling through interconnected phone networks would have their caller ID ‘signed’ as legitimate by originating carriers and validated by other carriers before reaching consumers,” the FCC touted. “Once implemented, it should greatly help the accuracy of caller ID information and should allow voice service providers to provide helpful information to their consumers and business customers about which calls to answer.”

On its own however STIR / SHAKEN will not be enough to end the scourge of robocalls.

Enterprise Business is a Prime Target

Malicious automated calls don't just affect consumers. Enterprise business, healthcare organizations, emergency call centers, and government are all targets for various malicious scams or attacks that are enabled by fast, cheap, and easy robo-dialing techniques.

A telephony denial of service attack is one robodialer-enabled attack that frequently targets call centers. TDoS attacks are floods of automated calls intended to paralyze a voice network.

In Feb 2021 the FBI released a security advisory warning of telephony denial of service attacks carried out against first responders. TDoS attacks have also been seen as part of payday loan scams enacted against hospitals, and enterprise businesses.

Defeating Robocalls

SecureLogix leads the voice network and contact center battle against robocalls with the Orchestra OneSecureLogix leads the voice network and contact center battle against robocalls with the Orchestra One™ cloud-based call authentication service. The Orchestra One service works by auto-analyzing device information and call meta-data in realtime before the call is connected to an agent or leaves the IVR. The Orchestra One service relies upon layers of ultra-fast filtering and processing for the most accurate authentication possible. Filters are fully configurable and customizable to meet the unique demands of each business. And each call is routed only through the filters necessary to assess that call - saving valuable time and money.

The Orchestra One call authentication service enables businesses to stop robocalls, voice spam and harassing calls in the most efficient and cost-effective manner, taking the burden off of contact center agents and saving businesses millions of dollars. cloud-based call authentication service. The Orchestra One™ service works by auto-analyzing device information and call meta-data in realtime before the call is connected to an agent or leaves the IVR. The Orchestra One™ service relies upon layers of ultra-fast filtering and processing for the most accurate authentication possible. Filters are fully configurable and customizable to meet the unique demands of each business. And each call is routed only through the filters necessary to assess that call - saving valuable time and money.

The Orchestra One™ call authentication service enables businesses to stop robocalls, voice spam and harassing calls in the most efficient and cost-effective manner, taking the burden off of contact center agents and saving businesses millions of dollars.