Robocalling for Dollars – a phish by another name

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

Robocalling for Dollars – a phish by another name

Published: March 28, 2017 | By: rcubed | Views: 1268
save

robocalling and phishingThe number of robocalls blasted out to American phones during each month in 2016 is estimated to have been 2.4 billion. That number would be high just for a single year, but when it occurs on a monthly basis, then things become insane. And this isn’t a recent development. The practice of robocalling has been around for a while, mainly on landlines, but has now spread to cellular networks. You would think that the government would have stepped in long ago to put a halt to this form of abuse, but better late than never, the FCC took action to address this plague just last Thursday (3/23/2017). The commission voted to approve a proposed rule that would make things easier for phone companies to block robocalls.

Spoofing ftw

Robocalling is actually a corollary to the practice of phishing which I examined in last Thursday’s post, so this should be a timely follow up on that topic. The practice that is being specifically addressed by the FCC ruling, and the one that makes robocalling so effective, is what is known as “spoofing,” which consists of changing the number displayed in Caller ID to one different from the caller’s actual phone number. All sorts of mischief are possible via spoofing. The most common is making the call appear to originate from a government agency such as the IRS in order to scam payments from a caller thinking they owe money to Uncle Sam and are at risk of facing fines and even imprisonment.

Spoofing can also be used to make the call appear to come from a U.S. area code to conceal the fact that the call is originating outside the country. Many robocalls now are from scammers operating outside the U.S. and unfortunately, most often beyond the reach of American law enforcement agencies. Spoofing also allows robocallers to evade detection by the national Do Not Call registry, which despite its good intentions, has proven to be amazingly underwhelming in its effectiveness to not only block robocalls but also unwanted telemarketing calls in general.

Technology advances have made things worse

Instead of cutting down on robocalls and other unwanted calls, digital technologies such as ISDN PRI and VoIP have made spoofing much easier. The same technology used by VoIP services such as Google Voice and Skype to assign made up numbers to digital calls makes spoofing a breeze. During the days of analog copper wires, phone scammers like the early warez folks pioneering phishing on AOL, required a certain degree of technical savvy. Spoofing was accomplished using devices known as “orange boxes.” Today, as with quickly rolling out a massive phishing campaign, phone scammers can lease spoofing services from companies such as SpoofCard.com. Robocallers simply pay a small fee, enter the number they wish to call along with the number they want to appear in Call ID (spoofed number) and away they go. SpoofCard.com is adamant about not condoning illegal activity and claim they will provide user info to law enforcement if subpoenaed. How law-abiding of them.

Handy tips for cell phone users

What can you as a citizen and phone user do apart from the radical action of stopping all phone service and smashing your cell phone? Many people, myself included, cancelled landline service and went the cell phone-only route in order to save money as well as reduce telemarketing calls. The cost savings have proved real, but the robocalls keep coming and seem to be on the rise. A cottage industry in call blocking services has sprung up both for landline users along with call-blocking apps for cell phones.

For cell phones, you can set up call blocking rules based on what is provided in the phone’s OS settings. My personal policy is to not answer calls from numbers not in my contacts list, letting them go straight to voice mail. It’s still an interruption and annoyance and sometimes you need to take a chance to answer calls from unknown numbers if you’re expecting a call from a doctor’s office or other business. It then becomes a roll of the dice. You can also do your part as a concerned citizen and file a complaint when receiving a robocall using the FCC’s handy complaint form.

A silver lining to a solution?

A rare silver lining appears to exist in this mess. The FCC in partnership with several major technology, cable companies, and telecoms formed a “Robocall Strike Force” in 2016 to address the problem. Tech and telecom giants such as Apple, Google, Microsoft, Verizon, and AT&T are key members. It’s always a promising sign when private industry participates in such initiatives and takes over the heavy lifting from the government. The group is working on strategies with the FCC’s blessing to block calls from spoofed numbers from unassigned and inactive phone numbers. The rationale is that no one should be making calls from such numbers in the first place. Makes sense, no?

Time will tell if the efforts of the strike force and the new FCC ruling will have much impact on the problem of robocalling. But the fact remains that it’s a problem that is out of control and is the number one complaint the FCC receives each month from consumers. The problem is similar to where spam was during the early 2000’s. A problem out of control that required both technology and regulation approaches to tame. In the words of former FCC chairman, James Wheeler, it’s a challenge that will truly require a team effort on the part of the government, carriers, device makers, OS developers, and network designers. The people have spoken, and enough, is enough.

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
1 Comment
  1. This is becoming a big problem and we can all do our part for Online safety by sharing the info and our experiences with this annoyance through the proper channels that are available. We should address this ongoing issue now before it becomes a even more dangerous threat to individuals and their employers.

    Remember you don’t have to be employed in the IT Security field to become a proactive security member for the our society and to help protect our infrastructure of corporations that make up the information technology’s vast landscape. Just because of the simple fact of the necessity of these corporations and how they are vital to our countries infrastructure & economy.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel