Does this ring a bell? “Congratulations! You’ve been selected to receive a free cruise to the Bahamas! That’s right, the Bahamas!”
Or what about the nerve-wracking call from a credit card company: “Hello, this is a message from MasterCard. We regret to inform you that your debit card has been locked. To reactivate it, please press 1 now, and you will be transferred to our 24-hour security department.”
Health care calls are no joking matter, either: “Hello! Open enrollment has started for the new health insurance law, commonly referred to as Obamacare! The government is giving away billions of dollars to help consumers pay for their health insurance premiums!”
However you feel about sandy beaches and government-sponsored health care—never mind whether you actually are a MasterCard customer—the fact is that those calls and dozens like them are designed to manipulate you into paying them to resolve a faked problem or to secure an imagined reward.
An IRS report earlier this year said the Treasury Inspector General for Tax Administration has been made aware of more than 5,000 phone scam victims who’ve cumulatively paid more than $26.5 million since 2013.
Pindrop Security, a company that uses voice recognition and call analysis technology to create a “fingerprint” for phone calls and block scammers, reported this week that fraudulent calls are up 45 percent since 2013.
“With phone-printing technology, we can tell where the call is coming from,” says David Dewey, director of research at Pindrop. “As much as 50 percent of the [fraudulent] calls come from a few dozen sources.”
Fraudulent calls operated by computers, aka robocalls, and live people bear more than a passing resemblance to email spam. While spam itself still accounts for 86 percent of all email, technology developed over the past decade has prevented the vast majority of it from reaching consumers.
“We need a technological solution. Law enforcement can’t do it alone.” — Patty Hsue, staff attorney, Federal Trade Commission
Thanks to collaboration between the Federal Trade Commission, consumer advocacy groups, and private businesses, technology similar in principle and intent to email spam blocking is under development to reduce phone call spam too. Thus far, phone call-blocking systems haven’t proven as effective as their email-blocking counterparts.
“The number of complaints [about fraudulent calls] has been on the rise,” says Patty Hsue, an FTC staff attorney leading an agency group focused on developing robocall-blocking technology.
Before the implementation of a more consumer-protective FTC rule on fraudulent robocalls in September 2009 that prohibited most robocalls without written consent of the recipient, the agency had sought only punitive legal action against 38 corporate and individual defendants. Since 2009, that number has ballooned to 113 corporate defendants and 81 individuals.
And since 2012, when the FTC hosted a one-day summit focused on tackling robocall issues, the agency has continued to engage the private sector in its anti-robocall efforts by, among other things, hosting a developer’s challenge to build call-blocking technology (including honeypots) and engaging security researchers at the annual DefCon hacker conference.
“We need a technological solution. Law enforcement can’t do it alone,” Hsue says. “There are too many ways to hide, such as spoofed caller IDs or being based in another country” where the FTC doesn’t have jurisdiction.
Pindrop, which emerged in the aftermath of the FTC’s robocall summit, estimates that corporate call centers receiving spam phone calls lose an average of 65 cents per call in tied-up resources. Over the course of a year, productivity losses from dealing with these calls can cost a call center up to $27 million, it says.
“1 in 300 calls is a fraudulent insurance claim about a damaged iPhone. 1 in 12,000 calls is about life insurance,” Dewey says, noting those calls are not necessarily legitimate. You may not have an iPhone or life insurance, but those calls can ring your phone just the same. Just as Pindrop is using technology to track and block phone call spam, the bad guys are using low-cost Internet-powered phone networks to drive their scams.
Dewey says that in England, increased usage of credit card fraud-stymying EMV chip-and-PIN cards is contributing to fraudsters’ interest in conducting phone scams. The country’s rate of phone call spam is more than double the United States’, he says.
What you should do when you receive phone call spam
The FTC’s advice to consumers receiving fraudulent calls can be summed up in two words: Hang up.
“Our general advice to consumers is to hang up and start looking into call-blocking solutions,” Hsue says.
You can also put your phone number on the National Do Not Call registry, a list of phone numbers that telemarketers are not allowed to contact. They can face legal action, if they do so.
She advises that consumers do not engage with robocalls at all. They’re similar to email phishing attacks, she says, as they look for any indication that a live human has picked up the phone.
“Even if you press 2, you’re verifying that the number is a number with a live person,” she says. “Even if you’re saying don’t call me, you’re telling them the number is good.”
In other words, treat phone calls like email: Just like you ignore emails that look like they’re coming from suspicious addresses, you should screen your phone calls. Don’t pick up if you don’t know who it is.