Robocalls, Spam & Harassing Callers
Robocalls, and the financial scams and malicious attacks enabled by such calls are surging. Learn what your organization can do to stop automated calls, spam and harassing callers.
Robocalls are at epidemic levels. Despite new initiatives by the Federal Communications Commission (FCC) and carriers, we don't yet see a measurable decline in automated call traffic post-pandemic.
Robocalls Decreased (Slightly) During the Pandemic
Americans experienced a significant drop in the amount of calls flooding their phones last Spring, helped by international call centers being shut down during the global pandemic and government efforts to stop Covid-19-related scams. At the time, YouMail reported the number of robocalls made to US phone numbers in April was the lowest in two years. That included both scam and legitimate calls, such as payment reminders from banks.
Americans Projected to Receive 54 Billion in 2021
After a year of relief, automated call are back up to pre-pandemic levels. Americans are still facing a scourge of almost 5 Billion autodialed calls a month, and nearly 30% of all U.S. calls are negative (nuisance, scam or fraud calls). In March 2021 they averaged just over 159 million calls per day and 1,844 calls per second. Americans received roughly 13.6 billion of the automated calls in the first quarter of 2021 on pace to reach over 54 billion total for the year. (source:
Over 60% are Scams
Not all autodialed calls are illegal -- but most of them are. In March, combined scam calls and telemarketing calls accounted for roughly 64% of the month's total volume, a significant increase over the more typical 60% level we have been seeing in past months. In addition, the total number of scam and telemarketing calls jumped to over 3.1 billion calls for the month, a very substantial number of likely unwanted and/or illegal calls.
Why Do Americans Receive So Many Automated Calls
Part of the answer is that the tools used to initiate such calls are cheaper and easier to use than ever before. Internet technology has helped fuel a record number of automated calls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable.
Another reason has to do with fundamental problems with caller ID, a phone system where anyone can operate as a carrier, the inability to detect bad callers, and a number of bad actors exploiting those flaws to drive billions of calls to American phones.
But the biggest reason that these continue to rise is that the perpetrators make money, and their approach to making money requires an every-increasing quantity of automated calls.
How it Works
First you have a company that wants to find buyers. They could be selling actual products like insurance policies or alarm systems, or they could be a scam operation looking for marks they can coerce into buying gift cards. The product doesn’t really matter, what matters is they’re willing to pay someone $6 or $7 per lead to send them people who may be interested in buying.
The company they contract to find those leads is the robocaller; typically overseas, what they do is call millions of phone numbers with a prerecorded message. Most hang up, but occasionally some listen, and those people are plugged through a phone tree until they’re determined to be a qualified lead, which is then sold to the original company.
The autodialer is able to place their calls through a gateway carrier, which is a telecommunications company willing to place those calls to American phones. The gateway carrier may not always know they’re laundering scam calls into the US telecom system, but they’re often targets of FTC enforcement. Once the call is on US soil, it passes through the patchwork of carriers to your phone: mobile, landline, business phone, or call-center.
The Real Danger
Beyond just quantity the real danger is the increasing sophistication of scammers as opposed to just the volume. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers.
Why it's Hard to Stop Malicious Calls
The nature of telephonic infrastructure itself makes it difficult to stop malicious calls in general. The phone network is designed to be open source, with a diffuse network that is designed to avoid outages. In such a system there can be almost an infinite number of pathways that travel from point A to point B, making surveillance and security very difficult problems to tackle.
Another reason is that calls often originate overseas, where the FTC lacks jurisdiction. The Do Not Call list doesn’t work for robocalls on your cell phone, it just prevents live telemarketers from calling you. Even if it did work, the robocallers are already flaunting the law, and there’s little reason they’d respect the registry. They’re able to thrive on the US phone system because of a fundamental flaw in the structure of the grid.
Another reason has to do with Caller ID. Caller ID, from its inception, was never verified. Caller ID was implemented the same way that a return address on an envelope was, where a person could put anything. As a result, caller ID is meaningless yet still relied on, which makes it easy for scammers to exploit.
The Supreme Court Just Made it Harder
The 1991 Telephone Consumer Protection Act (TCPA), directed at controlling nuisance telephone calls granted rulemaking authority to the Federal Trade Commission and the Federal Communications Commission. It allowed the agencies to put in place the Do Not Call rule in 2003 allowing people to opt out of receiving telemarketing calls.
The statute also bans the use of autodialers to make calls to cell phones or to send text messages without the prior express consent of the called party. Or at least it used to until April Fools’ Day 2021, when the Supreme Court gutted that provision ruling that a device is an autodialer only if it uses a random or sequential number generator to store or produce numbers to be called, thereby applying the statute’s autodialer provision to exactly zero real-world devices.
STIR / SHAKEN
One thing that might help with the problem is the Federal Communications Commission mandate, under a 2019 law, for carriers to implement a set of caller ID authentication protocols known as STIR/SHAKEN. Under STIR/SHAKEN, “calls traveling through interconnected phone networks would have their caller ID ‘signed’ as legitimate by originating carriers and validated by other carriers before reaching consumers,” the FCC touted. “Once implemented, it should greatly help the accuracy of caller ID information and should allow voice service providers to provide helpful information to their consumers and business customers about which calls to answer.”
On its own however STIR / SHAKEN will not be enough to end the scourge of robocalls. Though it will provide some necessary tools, it does have notable limitations:
- It does not provide a universal solution to Calling Line Identity (CLI) spoofing.
- Only operates in IP-based networks and, therefore, ignores the many users served by non-IP networks.
- Took a North American perspective and did not engage interested global parties.
- Does not indicate whether a call is legal/illegal or wanted / unwanted.
Enterprise Business is a Prime Target
Malicious automated calls don't just affect consumers. Enterprise business, healthcare organizations, emergency call centers, and government are all targets for various malicious scams or attacks that are enabled by fast, cheap, and easy robo-dialing techniques.
A telephony denial of service attack is one robodialer-enabled attack that frequently targets call centers. TDoS attacks are floods of automated calls intended to paralyze a voice network.
In Feb 2021 the FBI released a security advisory warning of telephony denial of service attacks carried out against first responders. TDoS attacks have also been seen as part of payday loan scams enacted against hospitals, and enterprise businesses.
How to Protect Your Enterprise Voice Network or Call Center
SecureLogix leads the voice network and contact center battle against robocalls with the Orchestra One™ cloud-based call authentication service. The Orchestra One service works by auto-analyzing device information and call meta-data in realtime before the call is connected to an agent or leaves the IVR. The Orchestra One service relies upon layers of ultra-fast filtering and processing for the most accurate authentication possible. Filters are fully configurable and customizable to meet the unique demands of each business. And each call is routed only through the filters necessary to assess that call - saving valuable time and money.
The Orchestra One call authentication service enables businesses to stop robocalls, voice spam and harassing calls in the most efficient and cost-effective manner, taking the burden off of contact center agents and saving businesses millions of dollars.