Giving Cold Callers the Cold Shoulder

[Updated footnote in line with information received from about coldcalling regulation in Spain.]

Yesterday I had a phone call. Well, several, of course, but this was yet another irritating cold call. If you've read some of my many blogs on the subject, you might think that it must have been yet another support desk scam, but it wasn't.

The first question I asked was "who do you represent": it turned out to be one of many companies in the UK that offers a service to people who feel they may have a claim against a mortgage lender or insurance provider. That's not really my field, so I find it harder to distinguish between legitimate and less legitimate businesses in that field, and I can't say that this wasn't a legitimate call. Except that, like many people in many countries I'm subscribed to a "do not call" register.  In fact, the European Union’s Data Privacy Directive 2002/58/EC requires members states to enact legislation to control cold-calling, using either an opt-in or an opt-out model: for example:

And in the US, there is the National Do Not Call Registry at, and an equivalent site for Australians is

Hence my second question: "Are you in the UK?" Unfortunately, the answer was no. And therein lies a problem that goes beyond support scams. The telephone network, like the Internet, isn't very good at recognizing national boundaries. Which is why I have a couple of rules of thumb when it comes to cold callers (apart from the fact that I don't expect UK companies to contact me at all, which doesn't mean it never happens). I don't talk to cold-callers who withhold caller ID*. And I won't do business with a company that uses offshore call-centres to avoid do-not-call registers.

*While Spanish telecom providers appear to be pretty relaxed about the extent to which businesses cold-call, at any rate on weekdays and Saturday mornings, there is at least an agreement between most of the major providers that callers are not allowed to withhold the number from which they call. And my colleague Josep Albors tells me that there is, in fact, a Spanish do-not-call list called Robinson's List, which seems to be well in accordance with the EC directive. See: Josep also tells me that the restriction on withholding caller-ID is working very successfully there.

And back in the US, the FCC is upping the penalties for those who spoof Caller ID for malicious purposes in accordance with the Truth in Caller ID Act (hat tip to Aryeh for that info). Not that these measures will impact on offshore scammers, but at least they make my rules of thumb just a little more effective.

ESET Senior Research Fellow

Author David Harley, ESET

  • Oliver Meier

    I live in Switzerland and also had this problem until I turned on the ‘Reject withheld numbers’ option on my mobile and also for my land line (this through the provider) It has worked fine for several years, the calls don’t even appear in the list.

    However, my mother lives in the UK and since a couple of weeks she can’t call me anymore. She’s with Talk Talk, and it seems that something has changed in the way they route international calls. They claim there’s nothing wrong at their end, but other family members who are still with BT have no problem.

    The point is, sometimes it’s not only the bad boys who are blocked…

Follow us

Copyright © 2017 ESET, All Rights Reserved.