Robocallers Try New Tactics to Evade Crackdowns
Connecting state and local government leaders
Scofflaws innovate after every government attempt to block scam calls.
This story was originally posted by Stateline, an initiative of the Pew Charitable Trusts.
Like the Whac-A-Mole game at the carnival, every time state and federal law enforcement officials think they have smacked down scam robocalls, the unwanted calls pop up in a slightly different place with a slightly different face.
One new trick is for callers to send messages straight to voicemail. The scammers argue that because they don’t cause phones to ring, they aren’t really calling at all.
They also may buy or hijack lists of real phone numbers to trick spam-blocking software into letting the calls through. Law enforcement officials have asked phone carriers to make it harder for scammers to obtain real numbers, but those lists are legally for sale by third-party data providers, and ferreting out who is buying them is difficult.
Earlier this month, North Carolina Attorney General Josh Stein, a Democrat, and Florida Attorney General Ashley Moody, a Republican, led all 51 attorneys general, including the District of Columbia’s, in a letter calling on the Federal Communications Commission to reduce unwanted robocallers’ access to real phone numbers.
“Robocallers have too many arrows in their quiver,” Stein said in a Stateline interview. “We have to do everything in our power to make sure they can’t pretend to be legitimate callers and trick people into picking up the phone.”
Scammers’ motivation is “to steal from vulnerable people, and they are so successful at it that they have great incentives to come up with technological workarounds every time we try to block them,” Stein said.
Law enforcement officials make a distinction between legitimate automatic calls, such as reminders from your pharmacy or your kid’s school, and the scam calls to random numbers hoping to get the unsuspecting to buy unneeded goods or services or to give up personal information.
The Federal Trade Commission reported that in the third quarter of this year, it received 134,366 reports of phone call fraud, with nearly $165 million in reported money lost.
So far this year, the FCC has received about 152,000 informal consumer complaints about unwanted calls, spokesperson Paloma Perez wrote in an email.
YouMail, a private company that sells call-blocking software and tracks the estimated number of calls, reported 4.1 billion unwanted robocalls in October, up from 3.9 billion in September.
Those numbers translate to 132 million calls a day, 5.5 million an hour, 1,530 a second and, in perhaps the most affecting of all, an average of 12.6 calls per person with a phone in that month.
Alex Quilici, CEO of YouMail, said the number of fraudulent robocalls is down from its peak of nearly 5 billion in March. But he said that momentary lull came because of a labor shortage: Robocallers found it difficult to hire workers to answer when victims fell for the scams.
Quilici said only a few calls have to result in sales for the scammers to profit.
For example, he said, it costs about $1,000 for a robocaller to buy 3 million real numbers in Chicago. “If only half a percent answer, and only 30 people fall for the scam, you’ve more than paid for your $1,000. The economics are pretty much in the robocallers’ favor,” he said in a phone interview.
He said the temporary decline in the number of calls also is partly attributable to a federal program known by its acronym STIR/SHAKEN. The program, implemented by the FCC, identifies spoofed or fake numbers that mirror legitimate area codes and exchanges, with an eye toward giving regulators the tools to go after the spammers. The acronym stands for STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs).
FCC acting Chair Jessica Rosenworcel said in June that the largest voice service phone providers are using the STIR/SHAKEN caller ID standards. The technology, among other things, informs blocking tools of possible suspicious calls, she said in a news release announcing the technology’s broad implementation.
Smaller carriers handling fewer than 100,000 subscriber lines have until June 2023 to comply.
Stein and other attorneys general are urging the FCC to shorten that deadline; the FCC said in the news release that it is considering it.
Quilici and other experts say the smaller carriers are responsible for a disproportionate share of the robocalls.
Consumer affairs offices, state attorneys general and federal agencies say robocalls are the most reported complaint from consumers.
David Keltz, spokesperson for Indiana Attorney General Todd Rokita, a Republican who has made robocalls a priority, said a substantial portion of the robocalls coming into the United States from overseas are “fraudulent and criminal. Robocalls are one form of cybercrime.”
In Indiana alone, according to YouMail, there were 67.8 million robocalls placed in October, an average of 11 per person with a phone.
The new technique of companies sending robocalls directly to voicemail, without having the phone ring, means consumers must decide whether to listen to the message without knowing who left it. Robocallers argue that the Telephone Consumer Protection Act, passed by Congress in 1991, doesn’t apply to voicemail-only calls.
A couple of federal court cases have ruled that the voicemail-only calls are subject to the same restrictions as regular calls, most notably a requirement that customers must opt in to the calls for them to be legal.
The U.S. Senate campaign of former U.S. Sen. David Perdue, a Republican of Georgia who lost to Democrat Jon Ossoff in January, filed a petition with the FCC in July asking for political “direct to voicemail” calls to be ruled legal under the Telephone Consumer Protection Act.
His petition argues that the voicemail calls are not as intrusive as regular calls and “do not disrupt potential voters’ lives with ringtones that prompt the individual to pick up the phone; do not result in any charge for the individual’s receipt of the message; and can be listened to only if and when voters choose.
“Indeed, for political campaigns, the ability to efficiently reach voters in a nonintrusive way is a bipartisan issue that affects campaigns across the nation.”
Many consumers and attorneys general don’t see it that way. Stein led groups of attorneys general in asking the U.S. Supreme Court to uphold the Telephone Consumer Protection Act in two 2020 cases. The high court narrowed the scope of the law in the cases but left it in force.
Legitimate direct-to-voicemail companies say their clients use their own customer lists to generate the voicemails, instead of just spoofing numbers.
“We don’t provide the numbers, we provide the platform,” said Toufic Mobarak, president of MobileSphere, which runs Slybroadcast, a direct-to-voicemail provider. For example, he said, if a real estate company wants to let its clients know that a home just went up for sale in a specific neighborhood, Slybroadcast can provide the software, but the real estate agent has to come up with the client numbers.
Mobarak said calls that go straight to voicemail should be treated the same as any other robocall, rejecting the scammers’ argument that they are different and should not be subject to regulation under the Telephone Consumer Protection Act. Scammers, he said, “position [voicemail] as a loophole in TCPA. It’s not; it’s a phone call.”
Elaine S. Povich is a staff writer at Stateline.
NEXT STORY: How regulation could impact the open-source community