What You Need To Know About Phone and Texting Scams

Phone scams have become a permanent, endemic part of the telecommunications landscape over the last few decades. Robocalls and text scams have bloomed alongside them with the advent and spread of mobile phone technology and VoIP systems. 

In 2017, the FCC estimated that consumers in the US received an average of 2.4 billion robocalls per month, and only skyrocketed from there, to a global estimate of 106.9 billion calls in 2019. 

During the pandemic, preventative measures began to show results in reducing the flood of calls to consumers and businesses.. Robocall volume was down to 78.9 billion in 2021, and 70 billion in 2022.

Reducing the volume of phone, VoIP and texting fraud calls is an important step to beginning to rebuild consumer trust in taking phone calls. However, as volumes go down, that may also mean that the telecom scam landscape is also changing.

Phone scams: the essentials

Phone scams have been around for decades, and have only increased in volume and sophistication as telecom systems mature and evolve. The two primary categories of phone scams are direct phone scam calls, and robocalls.

Phone scam calls

Phone scams typically originate from centers in India, targeting consumers in the U.S., U.K. Australia and China using public records. They also attract incoming traffic by placing “technical assistance” advertisements on search engines, as well as websites with high traffic.

There are a variety of phone scams that the general public faces exposure to:

• Tech support scams: The classic “Windows support” call. The caller will claim to be a Microsoft technician, and that the target’s computer is infected. The goal is to steal personal information, credit card information, or to sell a “security package” to fix the problem, which is often malware designed to cause further damage.
• Charity: The caller will prey on empathetic targets to pledge to a cause using a credit card.
• Fake surveys: The caller will request that the target fill out a survey. The caller may focus on the target’s banking institution, promising promotions or gift cards in order to gain access to the target’s account number for a competitive comparison.
• Banks, FBI, national revenue (tax) agencies, other institutions: The caller will pose as a representative of an institution or agency in order to scare a target into not making rational decisions. These are usually accompanied by threats of arrest or fines. Targets tend to be immigrants less likely to be aware of how these agencies interact with the public.
• Family in need: The caller poses as a target’s family member (often a grandchild), claiming to be stranded or in jail and needing an immediate cash transfer. Targets tend to be the elderly in this case. In recent cases, callers are employing consumer data, social media, and artificial intelligence to build more convincing scenarios. 

One-ring scam: The caller uses a robocall device to call blocks of phone numbers, hanging up after one ring. Those who call back often connect to an expensive international call, or are subject to high-pressure sales tactics to subscribe to a service/provide credit card information.

Robocalls

Automation has permeated several industries over the last decade, and phone scams are no exception. To be considered a robocall, the call either autodials targets and connects to a live caller, or will contain a prerecorded message - sometimes with technology that can pick out specific words from a target’s speech. Robocalls can also be delivered in the form of texting scams.

While it’s popularly known that a huge proportion of these calls originate from China (targeting Chinese-speaking communities in other countries), plenty of robocalls originate from other countries; California and Florida were the sources of the greatest number of scams shut down in 2019.

Some of the robocall scams seen out in the wild include:

• Targeting Chinese students with immigration trouble
• Tech support (Apple) robocalls, preying on the incorrect assumption that Apple products are immune to the same security issues as PC products
• Social Security number scams, claiming that social media accounts or official benefits will be removed if a fictitious bill or ransom fee is not paid

Texting scams: a twist on an old formula

Texting scams tend to fall somewhere between phone scams, in several very similar forms, and email phishing (“smishing”) scams designed to hook users into revealing personal and financial information. In 2022, there was a documented shift in CRTC complaints showing that phishing efforts were moving away from email and towards SMS (text) messaging.

What is being done about phone scams?

In addition to personal security measures, there are a few government-led initiatives designed to combat the explosion of phone scam fraud in recent years.

Do Not Call lists

Several countries maintain national Do Not Call registries, including the US and Canada. If you have registered as a person who does not wish to receive sales calls, or other unsolicited phone traffic, businesses legally do not have the right to contact you. 

If a caller violates these rules and contacts you, you may file a complaint with the agency maintaining the list, at which point the caller may be hit with a hefty fine.

STIR/SHAKEN

In cooperation with the FCC, the telecom industry has developed a strategy for managing the deluge of robocalls impacting consumers and eroding trust. This strategy is a technology standard known as STIR/SHAKEN. Secure telephony identity revisited (STIR) and secure handling of asserted information using tokens (SHAKEN) acts to attach a unique certificate of authenticity to each phone, to be verified against an encrypted private key. 

In a very real sense, STIR/SHAKEN acts to treat every phone call the way a web platform treats a secure login portal, and will likely be replicated as a call-authentication technology in years to come.

The new phone scams: VoIP fraud

The increase in VoIP services replacing traditional phone systems has given rise to VoIP fraud. This type of fraud intersects with cybersecurity concerns, but has similar roots. A typical VoIP scam targets a user for their information, subscription, or access. In general, VoIP scams exploit weak security encryptions and software that hasn't been kept up to date.

VoIP scams tend to occur alongside criminal activities including, but not limited to: 

• Identity theft
• Subscription fraud
• Vulnerable system access

Some of the most popular VoIP scams work by accessing a PTSN network or VoIP network, and exploiting that network for ‘free’ usage.We list a few of the current scams below:

• Fake Call Transfer: a hacker accessed a VoIP PBX system to place expensive international calls.
• WANGIRI - The  “one (ring) and cut” scam. It targets mobile providers in specific countries using specific mobile providers. The spoofed call (typically a local number) is dropped after a few rings, which the receiver will not be able to answer, as the call will read as missed. FAS (False Answer Supervision) is initiated where an artificial billable call is documented regardless of whether or not the receiver called the user back.
• International Revenue Share Fraud (IRSF)-an attack where incoming calls to companies generating high volumes of calls and SMS messages to their customers, to divert funds in small amounts to themselves from termination charges received by the number range holder for the inbound traffic
• Spamming - sending mass unsolicited messages to a large number of people indiscriminately. 
• CLI Spoofing - Altering the Caller ID on the incoming call 

Revenue Sharing Plans - Hackers set up a premium-priced phone number under a phony business and breach a business’ voice network, placing many calls towards this premium number. This is ‌often done on the weekends when it takes longer for the activity to be noticed and cut off.

Protecting yourself from phone, texting and VoIP fraud

While government agencies and industry are working to beat back the tide of the phone scam ecosystem, consumers must also be aware when dealing with bad actors in this space.

In the case of robocalls, prevention is the best defense. Apps like RobotKiller are designed specifically to block this type of traffic on a mobile device. In lieu of that, it’s best to hang up immediately when you pick up on a robocall, and do not respond to yes/no questions; robocalls can use automated call management systems and voice recordings to identify targets and splice your voice into consenting to services.

In general, if the message sounds like it’s a scam, it probably is one. If that’s the case, avoid replying or responding at all. In fact, some auto-diallers have been known to hang up and move to the next call if the call registers as dead air for several seconds after picking up.

If the scams are coming in the form of text messages from a business, you should be able to reply STOP to opt out of further messages. Otherwise, your best bet is the block and report the messages you’re getting to the relevant authorities.

Getting Started with Textr Teams

Textr takes the security of its customer VoIP communications systems seriously. That’s why Textr has a Security Bounty program. The Security bounty incentivizes experts in the community to test their system for holes in cybersecurity and programming, so that they can be patched before they become the customer’s problem. Textr Team offers a variety of business communications services for small to medium-sized businesses.

Check out Textr Team today and get started learning more about how our system works. Textr Apps are available on Android, iOS, and web browsers.