Robocall scammers and toll-free pumping fraudsters are a costly problem: Their phony calls created a $9.5 billion headache for businesses and consumers in 2017 alone. Like many cybercriminals, these digital crooks are agile and creative in their tactics, and their campaigns are becoming increasingly pervasive and relentless. Justice can be served to phone fraudsters, but it will take a precise application of technology and expertise to silence malicious calls.
Here’s a quick look at a few common fraudulent call tactics and what businesses can do to help sideline the unscrupulous parties behind these campaigns.
Robocalls: Damaging Trust and Reputations
More than 4.1 billion robocalls were placed in the United States in June 2018 — that translates to about 12.7 calls per person affected. Many robocalls are legitimate, of course — medical appointment reminders and political campaign calls that consumers have opted to receive are just two examples. But many robocalls today are fraudulent, and some even go the extra mile by spoofing legitimate phone numbers, including local numbers. Robocalls top the list of consumer complaints to the Federal Communications Commission (FCC), and these scams are ruining customer sentiment around receiving phone calls from businesses.
Robocall scams can bruise a company’s brand reputation and put the business in the unenviable position of having to do some serious cleanup. Case in point is TripAdvisor: Its independent internal investigators uncovered a massive robocall scam when they were looking into a wave of bad reviews from customers accusing the travel company of ripping them off.
Fraudster Adrian Abramovich and his companies Marketing Strategy Leaders and Marketing Leaders allegedly placed 100 million illegal robocalls in just three months, enticing customers with pre-recorded messages touting vacation packages from Marriott, TripAdvisor, and others. When unlucky customers pressed “1” on their phones, they were connected with call centers in Mexico that offered deceptive vacation packages — or ones that didn’t exist at all.
Of course, Marriott and TripAdvisor were not behind the phony vacation packages. But TripAdvisor’s investigation resulted in the largest action ever taken by the FCC when it slapped Abramovich and his companies with a $120 million fine. But the millions of fraudulent calls caused untold damage to all of the companies involved.
Toll-Free Pumping: From Pennies to Big Payouts
Toll-free numbers have long been the trusted bridge that keeps communication lines between businesses and customers open, personal, and powerful. Unfortunately, scammers are abusing these numbers more frequently and thus, starting to burn that bridge. It is estimated that more than 10 percent of all toll-free calls today are toll-free pumping fraud.
So, what exactly is toll-free pumping? One party generates a volume of calls, usually using a robo-dialer, to a toll-free number with the intent of generating revenue from a toll-free subscriber or a call provider along the call path. Toll-free call pumping takes advantage of loopholes in telecom infrastructure, which make it all too easy for independent infrastructure providers with nefarious intentions to get paid for handing off toll-free calls to other networks. Regulations intended to promote competition in the industry require carriers to route calls from other carriers — even if they suspect that a carrier is responsible for, or complicit in, executing call fraud.
Scammers may make only fractions of pennies at a time through toll-free pumping campaigns, but those tiny payments can eventually add up to a big payday. Toll-free call pumping hurts businesses’ bottom lines because they have to pay for these calls, or their call centers are inundated with worthless calls. (If you want to learn more about this phone fraud technique, and how Invoca helped to solve a toll-free call pumping “mystery,” check out this Reply All podcast, “The Case of the Phantom Caller.”)
Malicious robocalls and toll-free pumping are just a couple of flavors of phone fraud, and cyber-baddies are always cooking up new scams and ways to avoid detection.
Businesses Have More Support Than They Might Think
So, what can businesses do to reduce their exposure to the risk of fraudulent calls while helping their customers and other consumers to do the same? They need to take a proactive approach to the problem and devote the appropriate resources to combatting it. That includes investing in leading-edge technologies that can help them identify and contain robocall scams and toll-free pumping campaigns quickly.
Telecoms can do little to help at this point, unfortunately, so waiting for them to fix the problem is unrealistic. As explained earlier, these companies are hamstrung both by outdated infrastructure and regulatory red tape. In fact, regulations prevent them from listening to and analyzing potentially fraudulent calls, making it even more difficult for the industry to track and stop scammers. But there are technology companies and other entities working to provide solutions that can help businesses gain the upper hand on call fraud by making it more difficult for bad actors to operate in the shadows and profit from their campaigns.
Invoca has call fraud protection technology in place that scans every call for behavioral and tonal fingerprints of robocalls. Tonal fingerprints include tones like fax, modem, busy signals, or recorded messages. Behavioral fingerprints include whether the call is coming from a blocked number, or that the phone number dialed is in-session. Calls matching any fingerprints are then
blocked immediately or challenged with a keypress prompt that only a human would respond to. Calls that are blocked or fail the challenge are not connected, not shown in reporting, and are billed. From the (legitimate) caller’s perspective, the experience feels completely normal. With this technology, Invoca is able to prevent 99 percent of fraudulent calls from ever reaching our customers.
We also work closely with major telecom carriers and federal agencies like the FCC and the FBI to help detect and combat call fraud. And, of course, we maintain blacklists of numbers we know are originating from fraudulent sources.
The Internet Engineering Task Force’s Secure Telephone Identity Revisited (STIR) initiative also holds promise in helping to reduce the flood of fraudulent calls across the network over time. STIR is a call-certifying protocol that allows an originating phone carrier to confirm that a caller has the right to use a number. The carrier can also create a digital fingerprint for the call. The process is intended to give receiving carriers confidence that a call they are routing is legitimate.
Another positive development in the battle against call fraud is the growing use of voice assistants like Amazon Alexa and Google Home. Amazon and Google are not carriers; they simply provide technologies that serve as channels for voice communication. These companies are not burdened by the infrastructure and regulations that currently prevent telecoms from effectively mitigating call fraud. Even better, technology for fighting fraud can be built into these new solutions, instead of being applied to address the issue of fraud after the fact.
So, for these and other reasons (including the FCC’s current push to “stop the scourge of illegal robocalls”), the future looks bright for reducing malicious actors’ ability to launch and maintain profitable robocall scams and toll-free pumping campaigns. By investing in the right technology and working closely with partners committed to understanding this issue and taking down fraudsters, businesses can shift from being mere victims of this nefarious activity to standing squarely on the front lines in helping to stop it.