News

The State of Telecommunications Spam in the United States

2022-10-20
7 minute read
ss image
Anjana Uthayakumaran
Author
blog post banner

Spam calling and texting is a massive phenomenon in the United States, and the daily reality of Americans who are subject to 1 billion spam calls a week1. Americans reported losses totalling nearly $30 billion to phone scams in a 2021 annual report, which is over a $10 billion increase from 2020 2. While almost 1 in every 3 Americans have fallen victim to phone scams, 19% have been victimized on more than one occasion3.

The top five types of scams in the US

Scammers are rampant in the US and when unchecked, flourish on victims of various ages and backgrounds through a variety of detailed schemes. Here are five of the most common scams in the US, ranked by rate of occurrence.

  1. Prizes and free gifts scams make up 35.23% of total scams and costed the average American victim $795 USD in 20214. Here, scammers offer nonexistent prizes and free gifts in an effort to gain access to the victim's credit card or bank account.
  2. Merchandising scams make up 19.58% of total scams and costed the average American victim $500 USD in 20215. Criminals create classified ads or fake websites to sell a variety of items such as concert tickets, puppies, vehicles, or even rent out apartments.
  3. Spearfishing scams make up 17.49% of total scams and costed the average American victim $800 USD in 20216. Scammers use illegal caller ID spoofing, posing as a government agency or a reputable business without permission.
  4. Fake check scams make up 5.59% of total scams and costed the average American victim $2,000 in 20217. Victims are issued a check for an amount more than is owed to them and are requested to directly wire the excess funds back. Because checks can take days or even weeks to verify, it is only after the money is sent that victims learn the original check was fake.
  5. Friendship and romance scams make up 3.35% of scams and costed the average American victim $925 in 20218. Criminals create fake profiles on social media platforms and/or build virtual relationships with people. In some instances, they can take years to build trust before eventually soliciting money from their supposed friends and partners.

The technology behind telecommunication scams

Scams and frauds rely on a multitude of advanced technology to outsmart fraud prevention. Below are the five most prevalent advancements in technology that are leveraged in scams.

  1. Wangiri: Wangiri is a Japanese term directly translating to "one ring and cut" 9. Like the translation suggests, the victim's phone will only ring once, often at odd hours, when calls are less likely to be answered. When victims return the call, it will get rerouted to a premium-rate number overseas for which they will get charged by their telecom provider.
  2. Caller ID spoofing: CNAM, is the Caller NAMe, and CID, is the Caller ID or phone number that is displayed when receiving a call. While call centres may have permission to duplicate their clients' CNAM and/or CID, it is illegal to replicate and imitate a CID without permission. Spammers either utilize the numbers of reputable companies or individuals within the same area code of the victim to gain their trust.
  3. Short stopping: In this scheme, a hacker hijacks a call before it reaches its target destination by working with a rogue carrier on the call's path. The hacker then redirects the call to an international phone number, allowing hackers to surcharge their victims. Sometimes, the caller will hear a false ring tone or a doctored network message such as The person you have called cannot be reached. Please try again later. The hackers and rogue carriers share the revenue generated by these calls, which are either billed to the customer or another carrier in the routing flow.
  4. Call Stretching: This scam is run by fraudulent carriers to charge more money directly from legitimate carriers. A portion of live conversation is recorded from an active call, which is played to one caller after the other caller is dropped. The time it takes for the second caller to realize that the call has been disconnected and hangs up is time that the fraudulent carrier has successfully added to the duration of the call. Legitimate carriers measure pay out according to the duration of the call, so they end up paying more to the fraudulent carriers than they actually owe. While this may only add seconds, when conducted on a massive scale, this technology can generate significant revenue.
  5. PBX Hacking: One of the most common and significant types of telecom fraud is PBX Hacking. A PBX, Private Branch Exchange, is a private telephone network within an organization. It connects the business to an external network, allowing users to share outside lines while reducing the number of lines needed. When one hacks into a PBX, they can run up a big bill initiating international calls, resulting in unauthorized charges for the PBX/business owner.

What the US government is doing to fight fraud

The FCC Federal Communications Commission is overseeing the implementation and maintenance of STIR/SHAKEN, in efforts to deter illegal caller ID spoofing. STIR, Secure Telephony Identity Revisited, and SHAKEN, Signature-based Handling of Asserted information using toKENs work separately to authenticate caller information.

However, Americans are a far way from being fully protected from caller ID spoofing. The FCC has granted extensions up until June 2023 for carriers with fewer than 100,000 subscribers. Once STIR/SHAKEN is implemented, numbers can only be verified if the device is compatible, and both carriers of a call have adopted the guidelines. While STIR/SHAKEN provides guidelines for authentication, no third party management exists to monitor the CID validation process, leaving each carrier to implement their own standards. Additionally, a majority of CID spoofing occurs when an individual is hacked. Calls made with this stolen ID will still be validated by STIR/SHAKEN as it is unable to identify the caller behind the phone number.

How SIPSTACK fights fraud

Using the latest technology and machine learning, SIPSTACK's systems authenticate all activity in real time against variables that affect your security. When a carrier implements SIPSTACK's Risk Rating Score, they are able to customize a threshold for calls to pass through, based on their specific needs. At SIPSTACK, we take an active role in ensuring we are building a secure connected tomorrow. Contact us today to learn how you can protect yourself from spam.

References

1 https://www.cnet.com/tech/mobile/tired-of-spam-calls-every-day-heres-how-to-stop-them/
2 https://firstorion.com/2021-scam-call-trends/
3 https://www.cnet.com/tech/mobile/tired-of-spam-calls-every-day-heres-how-to-stop-them/
4, 5, 6, 7, 8 https://fraud.org/top-ten-scams-2021/
9 https://www.fcc.gov/call-authentication