Facebook
Google
GitHub
Linkedin
The FCC just changed the Robo-call rules
- Thread starter MrAl
- Start date
They can "Red Flag" all the callers they want but the problem is they are using call spoofers to "Fake" who is sending the call. My local private land line company put a call blocker on our line for free. When you call you get a recorded message that the numbered call does not accept unsolicited calls and press 1 to continue the call. This stops 100% of the robocalls so far. There are upsides and downsides to it but we no longer get any unwanted calls on the landline. Cell phones are where we get most spam now.
We have the "press 1" feature, too. It certainly helps, but if the person does nothing, then it goes ahead and rings it through after 20 seconds. So we occasionally get robo calls where, when we pick the phone up, the robo caller is about 20 seconds into their spiel.
There are enough controls in place at this point that spoofing CID would be a rare case—an off-shore spoofing is non-existent. What is actually going on is purchasing real DIDs where the CNAM hasn't been reset yet.
They are just dialing blocks of numbers in the 909 area. They don’t know if they are actually local to you or not. The buy some DIDs in 909, and start dialing—one is yours, but geography doesn’t matter any longer. Even still, the vast majority of 909 numbers haven’t ported out to other places.
So in other words, they choose numbers that correspond with their DID, they only dial those numbers. There is no spoofing required, and they can’t get spoofed DID data past their origination service because it has to be a number registered to them. But they don’t need to spoof.
I don't know the degree to which I buy this. From the FCC's website:
"Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust."
Neighbor spoofing is spoofing the call recipient's area code and prefix. There are upwards of one million such combinations, so it seems a bit unlikely that they are going to buy DIDs in every such combination.
I know the FCC is trying to make it harder to spoof IDs, but there are legitimate uses for being able to use IDs other than the one the phone was registered to, such as resellers. Plus, international billing makes it almost impossible to trace back a call to a particular account of the sender -- phone providers in one country essentially pay a single aggregated bill to providers in another country.
The only way I can think of to get a handle on it, given the current billing landscape, would be to have some special key combination (star-something) that a recipient can use when they get a spam call. Those get tabulated and, if above a certain threshold, a nuisance surcharge is placed on the country from which the calls originated. If the surcharge gets high enough, the providers in those countries will become motivated to clamp down on the spammers operating out of their country.
Maybe.
But does that explain why the majority of the blocked junk call voice-mails I get are from a 909 prefix?
For example, below is a list of my recent blocked, junk voice-mails, which are all from a California prefix except for the valid one from World Vision:
"Troy Johnson" is also a 909 prefix.
I think I detect a pattern.
Last edited:
As I mentioned, it has both upsides as well as downsides. I own a piece of property in Aransas Pass TX that has been in the family for ~100 years now. We used to pay the property tax but I quit doing that many years ago because the small lot was in a very bad low-income residential neighborhood. I did receive an offer years ago that wanted to buy it for 5k but wanted me to take monthly payments in lieu of outright purchase. The area has been improved with a new widened major throughfare in front of the lot and for the last couple of years I've been getting weekly or monthly offers via cell phone messages and email from realtors. Without the internet and apparently the county records online I would have never received an offer. On the other hand, I am still getting 30k offers on a piece of lake front property that I have already sold in TN for 250k so it goes both ways.
Yes, it is very simple—you are receiving calls from DIDs n the 909 area because your number is in that area—it doesn’t matter where you are. You are not receiving as many calls from other areas because you don’t have the proper area code or exchange to be dialed by the DIDs operating in those blocks.Maybe.
But does that explain why the majority of the blocked junk call voice-mails I get are from a 909 prefix?
For example, below is a list of my recent blocked, junk voice-mails, which are all from a California prefix except for the valid one from World Vision:
"Troy Johnson" is also a 909 prefix.
I think I detect a pattern.
View attachment 309958
It’s not spoofing, it’s just a way to get a similar effect. The originating DIDs are real. I could buy a 909 DID for a dollar and call you right now, but I wouldn’t be anywhere near you, or I could be next door—and the only reason I would “know” your area code is because I am using the fact that I have a 909 DID to decide which numbers to dial.
I have several DIDs that are sequential and I can watch certain spam calls work their way through them. Over the course of an hour or so, even the non-sequential but same exchange numbers will be hit with the same calls. It is like junk mail more than email spam. Email spam is almost free while these calls cost fractional cents only if they are answered. Junk mail (paper) costs a little to send, but it is designed to return more than it costs to do.
Blind, dumb dialing is nothing clever and doesn’t require spoofing anything—but the low cost of trying every number in a block is more than made up for by the occasional success. And recall, no one is “doing“ this, it’s all programatic with referrals to a call center when there is a successful hit. And that call center can be anywhere.
Hi,
Yeah it is funny that the robo behind it does not seem to be very aware of an actual human presence.
My answering machine function on my land line answers the call with a short message, and because the robo thinks it is a human, it starts it's bs routine much too soon. When I listen to it later, I hear the message half way through.
Also, since I have a time limit set on my call answering, if they talk too long the entire end of their message is cut off.
Near the end of their message, "Call us back at..." and then it ends
On a related note, I am getting an awful lot of junk mail too these days. Every day there is something else totally stupid. That's a big waste of paper because it all goes in the garbage. Where are the environmentalists when this happens so much.
At the end of a 2-month period, I end up with a full grocery bag of junk mail.
One time they even pretended to be the IRS with the return address. Who would not read that. Once opened, I find it's from some business that has absolutely nothing to do with the IRS. I would think that is illegal.
Hi,
That's a very good application of the universal Rule Of Gold:
"Money talks and BS walks"
They would be doing a lot of walking
ha ha.
Hi Ya'akov,
You seem to know a lot about the phone technology maybe you could come up with an idea. From a good idea a device could be made, possibly.
Hi,
I also wondered about what if you got a robo call from 123-456-7890 and blocked it, and then that number was disconnected and a legitimate entity got the number and tried to call you. The number would still be blocked. I can guess this would be a very, very rare occurrence though.
These robocallers aren’t counting on unlimited calling plans. The volume they do means they are paying for call origination in bulk. Call origination and termination are separate things. Origination is the ability to place calls and termination is the ability to receive them.
The way the tariffs work, it costs something to connect to the origination point that connects you to the general PSTN network so you can place calls. But, it doesn’t cost anything for a failed call. If the call connects, there is a cost of the connected time. The result is that a robocaller can place thousands of calls and pay almost nothing for the attempts, pay a little for an answered call that doesn’t succeed in finding a prospect for the scam (fractional cents), then pay more for calls that include routing back to some termination point which can be completely unrelated to the calling number (cents).
Trying to de-incentivize this behavior by changing the tariffs would have serious unintended consequences for ordinary users. The costs now borne by the providers (VoIP, mobile) would be passed on to the consumer. This could be a relatively large increase depending on how the robocallers are included in the calculation. Generally, I agree that making it cost something is an excellent idea—the tough part is making sure that the rest of us don’t end up paying that cost.
I think there are technical and regulatory approaches that can eliminate a lot of the problem. One thing would be blind monitoring of dialing behavior. Without recording anything about ordinary users, monitoring for excessively calling rates could flag possible problems and if the user isn’t a user who has shown a need for the high speed, sequential or random dialing and flapping of DIDs (I can’t think of any actual good reasons, but in case), then they are rate limited and investigated.
Rate limiting robocallers with an exponential backoff would greatly diminish the attractiveness of the activity and investigation showing misdeeds would shut them down.
Hello again,
I had forgotten to mention another trick that has been used on my land line.
They call, and the answering mechanism picks up, and that makes the line busy for about 30 seconds.
During those 30 seconds, they call a second time from a different number, and they get my phone company answering service and leave a message there too.
So I end up with two messages I have to erase.
I had forgotten to mention another trick that has been used on my land line.
They call, and the answering mechanism picks up, and that makes the line busy for about 30 seconds.
During those 30 seconds, they call a second time from a different number, and they get my phone company answering service and leave a message there too.
So I end up with two messages I have to erase.
Things are changing fast. I fear that is out of date. It used to be possible to tell your origination anything about what the CID should say but that shipped has sailed. Today, you have to prove you control the number you want to display—though it doesn’t have to be the one you are calling from.
With my VoIP provider, I can choose any number I have verified as mine as the CID for calls originated through them. But I can’t use anything from my end to choose a number not verified by them as under my control.
It is much, much easier for the robocallers to buy blocks of DIDs in various area codes and dial inside those area codes and/or exchanges than to attempt to bypass the CID verification controls. DIDs are cheap, easy to buy and discard, and available everywhere.
For several years I had a number in London (I am in the US) which was unfortunately close to a number for Kaspirsky anti-virus support for some academic institution. As a result I received calls every few days from clueless professors having computer troubles. When I explained I was in America, and had nothing to do with Kaspirsky, the were usually very apologetic in that British way.
But, when I originated a call from that number—to anywhere—I had a legitimate CID placing my number in London but to a person, that was interpreted as my location. Since it is so easy to do, mucking about with trying to spoof CID makes no sense at this point—though it used to be the easier, cheaper route it is no longer the case.
This problem needs to be addressed at the infrastructure level. There is little more useful from the user side than the already mentioned call interception and interaction idea that has already been mentioned several times.
I love having my own VoIP phone system. It is like being the phone company. I can decide how to route calls, and use automated attendant to control access, and to have as many phone numbers from as many places as I want.
Because the PSTN and phone stuff has been a nearly lifelong interest, I even have an 800 number (really, just because I can, since today long distance isn’t even a thing, and international calling is going that way. But, back in the day… So, an 800 number is a fun nostalgic thing).
Also, apparently, the Federal "Do Not Call" list and sanctions against illegal callers have been a complete bust. We also get a lot of paper junk bulk mailings and my email account is daily about half spam and scam mail. I highly recommend NEVER responding to any Facebook advertisements as most are scams.
