The Fight Against the Fake Call: The Rise of Spoofing and Robocalls

Your phone starts to vibrate. You don’t recognize the number, but it’s from your area code, so you decide to answer. On the other end of the line, an automated voice claims they are with the IRS, a credit card company, or a local utility company—usually looking to settle or balance “your account.” Does this situation sound familiar? For many Americans, this is a frequent, even daily, occurrence.

Consumers have long been hounded by telemarketers and automated callers, but the proliferation of spoofing technologies has caused a massive spike in the number of scam phone calls. Spoofing occurs when the caller “alter[s] or manipulate[s]” Caller ID information so that the name or telephone number displayed to the called party does not match that of the actual subscriber or the actual originating number. Today, spoofing occurs commonly, a rising trend known as robocalling.

Scope of the Issue

So just how big of a problem is robocalling in the United States? YouMail, a robocall blocking service, estimated that about 47.8 billion robocalls were placed nationwide in 2018, up more than 17 billion from 2017. In February 2019 alone, YouMail identified 4.9 billion calls placed for the month averaging out to 174.9 million calls per day, 7.3 million calls per hour, 2,000 calls per second, and 14.9 calls per person in the United States.

It should be noted that “robocall” is catchall term and includes automated calls used for legitimate purposes, such as the announcement of school closings or reminders to patients about medical appointments. Still, Alex Quilici, the chief executive of YouMail, has estimated that as many as 60 percent of the calls are either scams or unwanted telemarketing offers. For many, these calls are simply an annoyance; for others, however, they are much more costly. In 2017, “consumers reported losing a total of $905 million to fraud,” up $63 million from the year before, the Federal Trade Commission said in a statement.

Challenges Faced

Like phishing scams, robocalls have gotten more sophisticated over time. One tactic used by robocallers is known as “neighborhood spoofing,” in which callers use local numbers—often from the recipients’ own area code—“in the hope that recipients will be more likely to pick up.” New York Attorney General Eric Schneiderman highlighted and warned against one scheme that specifically targeted individuals with Chinese last names. Callers, speaking Mandarin, posed as Chinese embassy officials urgently requesting personal or financial information in order to resolve troubles with the Chinese consulate or purported legal problems.

Neighborhood spoofing is possible because of Voice over Internet Protocol (VoIP) providers, which allow scammers to make calls over the Internet. In addition to allowing users to make millions of calls daily, at little cost, many VoIP providers do not keep accurate records of all calls made across their networks, making it difficult to trace scammers. Even when numbers are discovered and blocked by enforcement officials, robocallers find new phone numbers to hide behind—efforts to stamp out scammers has been “likened to a game of Whac-a-Mole.”

The Federal Communications Commission’s (FCC) efforts to combat robocall scams have focused largely on domestic violators. The FCC fined Adrian Abramovich, a Florida man who placed nearly 100 million automated phone calls advertising fraudulent timeshares and vacations, $120 million for his extensive robocalling scheme. However, this focus on domestic violators highlights a major challenge faced by the FCC, service providers, and lawmakers in protecting against and preventing these scams: many robocallers are operating in foreign countries. The RAY BAUM’S Act, passed by Congress and signed into law in 2018, expanded “the prohibition against knowingly transmitting misleading or inaccurate caller identification information to apply to: 1) persons outside the United States if the recipient is within the United States, and 2) text messages.” However, in practice, the Commission may also need cooperation from foreign governments to deal with foreign actors.

The FCC also faces enforcement issues with respect to violations of the Telephone Consumer Protection Act (TCPA), the federal statute enacted in 1991 designed to safeguard consumer privacy. The statute of limitations for TCPA violations is only one year, which is often not enough time to complete investigations for complex robocall cases.

Proposed Legislation

In addition to the TCPA, Congress has passed a series of federal robocall laws—enforced by the FCC and FTC—including the Truth in Caller ID Act and Telemarketer Consumer Fraud Abuse and Prevention Act. However, recognizing the rising number of robocalls and enforcement challenges, lawmakers have proposed a series of measures to curb the number of spoofed calls and increase the penalties against perpetrators.

In 2018, both the Senate and the House introduced versions of the Repeated Objectionable Bothering of Consumers on Phones (ROBOCOP) Act. The bill directs the FCC to require telecom companies to “offer consumers optional free robocall-blocking technology.” The technology would allow consumers receive certain legal robocalls—such as those from public safety entities—with their consent. The ROBOCOP Act also offers consumers legal recourse against telecom companies that violate the statute.

More recently, Senators John Thune and Edward Markey introduced the bi-partisan Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. The bill would “broaden the authority of the” FCC to assess civil penalties of up to $10,000 per illegal robocall violation and extend the current FCC statute of limitations to investigate TCPA violations from the current one year to three years.

FCC Chairman Ajit Pai has also sent letters to voice service providers calling on them to assist industry efforts to trace robocalls and “demand[ing] that the industry adopt robust call authentication systems” no later than 2019.

These efforts have, however, been met with some pushback. Businesses who frequently use robocalls, such as debt collectors and loan servicers, have opposed some enforcement measures. A debt collection group “successfully sued in federal court to throw out FCC rules broadening the liability of businesses accused of making robocalls.”

Comments are closed.