There is a good the reason why you are still afraid to answer your phone when an unknown number appears.
For years, the telecommunications industry has been trying to curb robo calls, the frustrating and potentially dangerous spam calls that try to trick anyone who takes the phone. But even after significant milestones in defense – including the introduction of two telecommunications protocols that cryptographically authenticate the source of calls – you’re likely to still get spammy calls driving you insane. Despite the setbacks, researchers say they have seen real progress in reducing spam calls in the United States, and there is potential for even more improvements.
At the RSA conference in San Francisco last week, Josh Bercu of the industry association USTelecom and Gary Warner, intelligence director at the security firm DarkTower, presented results on progress that crushes robocalls and the illegal call centers they come from, which are predominantly located in India. And they dug into the frustrating reality that the problem is far from solved.
“I do not think it’s going well at all!” Warner tells WIRED. “And people understandably wonder why providers don’t just block spam calls. But if you’re AT&T or Verizon or T-Mobile or anyone, it’s not your responsibility to decide what conversations people may have. I do not think people want to be in the state of surveillance where airlines are able to decide what is an acceptable conversation for Americans to have. “
This does not mean that operators have not stepped up their blocking when they see enough evidence that a call has a suspicious origin. But USTelecom’s Bercu notes that it’s a sensitive issue that each telephone company handles differently to decide how brave one should be by blocking.
“As providers have become more aggressive in blocking or tagging suspicious calls, they have taken a greater risk that they will block incorrectly or incorrectly tag a legitimate call,” he says. ‘Maybe it was really a call from the bank or the pharmacy. “There is a fine balance that providers have to make, and some are more aggressive than others.”
Bercu also adds that different providers are working with different analytics services to identify suspicious call activity. This can create situations where, as trends in robocalling techniques evolve, and spammers use different strategies to reject calls around on international networks, some analytics services may be better at capturing certain behaviors than others.
Bercu is also the CEO of Industry Traceback Group, a neutral unit under USTelecom designated by the Federal Communications Commission to promote intelligence sharing to track the source of illegal robocalls and promote cooperation between operators. The idea is to look at how robocalls circumvent existing technical defenses, identify networks where these protections are not fully implemented, and work with providers to adopt stronger security measures.
Ultimately, DarkTowers Warner says that as with other digital criminal industries such as email spam, corporate email compromise and even ransomware, the key to curbing robocalling is to make it harder for scammers to operate at all levels of their business. This means that it makes it harder for them to direct their calls, but also harder to recruit call agents and buy leads – curated collections that claim to contain the phone numbers of targets such as the elderly or people with medical problems.