The FCC seeks to aggressively stem fraudulent robocalls with STIR and SHAKEN

SHAKEN-and-STIR-martini

If your recent experience is anything like mine, your phone has been pummeled by robocalls. For whatever reason, throughout the past year, I’ve been inundated with calls from across the U.S. regarding health insurance, car insurance, investment scams, mortgage refinance … you name it. On a mobile phone it’s easy to block these callers, but they change numbers so many times that it’s an endless game of whack-a-mole.

Fortunately, FCC chairman Ajit Pai recently made comments that indicate the powerful communication commission could take steps to, if not put an end to robocalls, dramatically reduce their number. Earlier this month, chairman Pai called upon the the phone industry to adopt a stronger call authentication system that could fight the illegal caller ID spoofing that makes such calls possible. Pai said he’d like to see the industry have the anti-spoofing technology in place sometime next year.

“Combating illegal robocalls is our top consumer priority at the FCC. That’s why we need call authentication to become a reality—it’s the best way to ensure that consumers can answer their phones with confidence. By this time next year, I expect that consumers will begin to see this on their phones,” said Pai in this statement.

Pai sees a way forward with a pair of frameworks known as STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs). Together, these frameworks promise to block illegal call spoofing.

Essentially, the system uses certificates to authenticate that the calling party is who it claims claim to be. The telecom security software provider TransNexus provides an overview of the frameworks.

There are a number of ways to spoof Caller ID, including using service providers or exploiting weaknesses in Voice over IP. Fundamentally, however, all of these systems work because those using the telecommunication network to place calls are poorly authenticated. STIR and SHAKEN would help to strengthen that weakness.

Earlier this year the Better Business Bureau highlighted a growing favorite of call spoofing scammers: neighbor spoofing. Neighbor spoofing is the practice of using what appear to be local numbers to entice people to answer the phone. Simply answering the phone could get you placed on active phone lists which would mean you’d be bound to get more calls.

The Better Business Bureau provided a number of guidelines that can help you to better fight spoofed calls:

  • Avoid answering calls from phone numbers you don’t recognize, even if they appear to be local. If it’s important, the caller will leave a message.
  • If your own phone number is used in a caller ID spoof call, you may receive calls and messages from people asking why you called them in the first place. This can lead to a lot of confusion between the two parties, but knowing your own number can be used by scammers may help explain the situation.
  • Be aware that phone numbers of local businesses, including doctor’s offices and/or insurance agents, may appear to be calling you. If you’re not certain whether the call is legitimate or a spoof, hang up and dial the known phone number for the contact to verify the communication, especially if personal and/or financial information is being requested.
  • There are call blocking apps that may help decrease the amount of spam calls, including those using a spoof caller ID. Your phone carrier may also provide a similar service or offer advice.
  • Make sure your phone number is on the National Do Not Call Registry. Though it is unlikely to prevent most phone scam calls, it will help to reduce calls received from legitimate telemarketers, which can be helpful in screening fraudulent calls.

While that’s all excellent advice, what most of us want is to make it a lot more difficult for fraudsters to spoof calls and reduce or eliminate these kinds of calls altogether. Hopefully industry implements SHAKEN/STIR quickly so that happens.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: