Sign up to our newsletter
Some years ago I came across the story – I can’t say whether it’s true – of a decommissioned server that, at the time it was powered down for good, still had a task left unfinished after something like seven years. This was due to its being constantly deprioritized as other jobs demanded the server’s attention.
It sometimes seems to me that email is a little like that. When I left one job a few years ago, I was still clearing my email backlog weeks after I’d officially left the organization. A few days ago, while catching up with my ESET email (now down to no unread messages, though I don’t suppose that will last) I found a message reminding me to write something about automated tech-support scam calls. Happily, this one was only about seven months old, rather than seven years, so it isn’t yet totally irrelevant: the robocall problem isn’t likely to disappear any time soon. I can’t say what percentage of nuisance/scam robocalls are related to tech support scams, but most of what I’m going to say relates to robocalls in general, not just the support scam variety.
“In July 2015, Aaron Foss reckoned that 35% of all phone calls were automated”In fact, I’ve never received any examples of this particular brand of automated nuisance call myself, but my understanding is that they often follow a classic pattern. It’s one that will be familiar to you if you’ve encountered the cold call scams that we’ve been hearing about for years, and the pop-up support scam messages I’ve discussed here several times before. They take the form of a warning that your system is infected (and apparently has been sending out SOS messages) and an invitation to speak to a support person (in this case by pressing a key rather than by following a URL or dialling a phone number). However, most of the stories I’ve heard focus on the dialogue with the live scammer rather than on the format of the robocall, so there may well be variations of which I’m not aware.
However, robocalls are certainly very common. Aaron Foss apparently reckoned early in 2015 that 20% of all phone calls are automated and that the volume is increasing. In July 2015 his estimate was 35%, so I guess that’s a self-fulfilling prophecy. Consumer Reports told us in 2015 that ‘Every month more than 150,000 consumers complain to the Federal Trade Commission and Federal Communications Commission.’ Not all those automated calls are technically scams, however annoying you and I might find them, but many of them certainly are.
Among the other types of scam known to be delivered by robocalling in the UK are scams relating to mis-sold PPI (Payment Protection Insurance), mis-sold pensions, and debt management. Last year, the FTC shut down one offender in the US. The UK’s Information Commissioner’s Office recently fined lead generation company Prodial Ltd £350,000 (the largest fine it has imposed to date) for making more than 46 million automated nuisance calls related to PPI. However, since Prodial went into liquidation late in 2015, it seems unlikely that the fine will be recovered. Still, it’s encouraging that some agencies oriented towards consumer protection do have some impact on offenders.
Robocalling is also commonly associated with IRS scams, home improvement scams, and home security scams, but practically any phone scams such as accident compensation scams, may also be delivered through automated calls. After all, all you need is the ‘right’ message to persuade the victim to call you back.
Unfortunately, it’s possible to make cheap and easy phone calls from anywhere using Internet technology. (So why are my phone bills so high? I don’t even have teenage children anymore.) What’s more, it’s all too easy to display a fake caller ID, so despite the demands from enraged victims to step up action against the scammers, there is no way to guarantee you’ll never receive another nuisance/scam call.
While subscribing to a service like the US National Do Not Call Registry (or the UK’s Telephone Preference Service) does indeed reduce the risk of nuisance calls from legitimate organizations, it has less impact on callers whose intentions are clearly not legitimate, and who are taking pains not to be identified. In general, they simply don’t care about such lists. In fact, the TPS doesn’t actually apply to automated calls, although – according to EC legislation – you shouldn’t receive such calls unless you’ve already given permission. But it’s obvious from the size of the problem that many companies don’t care about that either. With an attack surface the size of the internet, it would be naïve to expect problems like these to be solved by legislation alone. On the other hand, challenging suspicious callers when they ignore such registries may help (dis-)establish their bona fides: indeed, as the FTC asserts on a page offering advice about the National Do Not Call Registry, just the fact that you’ve received a call despite being registered increases the likelihood that it’s a scam call.
Be aware, though, that some types of unsolicited call are permitted by these services: surveys, for example (which is why sales calls often start off trying to sound as much as possible like a survey). Other exceptions to the ‘no call’ rule may vary from country to country, but can include purely informational calls, calls from charitable institutions, and so on.
Sometimes a phone company can block calls from known ‘bad’ numbers, and some models of telephone may include blocking functionality. However, there are an awful lot of numbers that are misused for sales/spam/scam calls, and it’s easy to change or spoof a caller ID. (Spoofing is a term used in this context when the caller ID appears to indicate a genuine and trustworthy caller.)
“The good news is there is a wide range of call-blocking apps available for smartphones”The sheer volume of misused phone numbers is not well addressed, in general, by providers of telephony service and hardware. That, in part, accounts for the disgruntled tone of some debates on consumer protection sites and forums. Once the scamming community has your phone number, you may receive calls from lots of numbers, but the average service provider will offer blocking for only a few. (And a fee is often charged for this service.)
It may be possible to block calls from withheld or international numbers, which does cut down radically on the number of spam/scam calls received, but for some of us that would mean losing some legitimate calls, too.
The good news is that there is a wide range of call-blocking apps available for smart phones (or blocking may be part of the service). Unfortunately, I’m not in a position to recommend specific programs (or hardware for landlines, come to that).
In 2013 Aaron Foss and Serdar Danis were each awarded $25,000 by the FTC for ‘intercepting and filtering out illegal prerecorded calls using technology to “blacklist” robocaller phone numbers and “whitelist” numbers associated with acceptable incoming calls.’ Foss’s Nomorobo service (which at the time of writing claims to have blocked 68,848,688 robocalls) sounds quite successful for people using VoIP carriers that support Simultaneous Ringing. However, I’m not in a position to try it out. For many of us, the options are more restricted.
Unfortunately, RoboCop isn’t answering my calls.
Still, if you’re not in a position to do much to reduce the number of scam robocalls you receive, you can at least follow some guidelines to protect yourself against following up on an automated call and thereby falling for a scam.
For people in the US, the FTC has a resources page that specifically deals with robocalls. The organization also suggests that you don’t interact with an ‘illegal’ robocall in any way: just hang up. It says:
“Don’t press buttons to be taken off the call list or to talk to a live person. Doing so will probably lead to more unwanted calls. Instead, hang up and file a complaint with the FTC.”
You can also submit a complaint to the Federal Communications Commission.
The Information Commissioner’s Office in the UK has information on marketing calls, including automated calls, here, with links to other relevant pages.
Image: Cath Vectorielle / Shutterstock.com
Author David Harley, ESET