Ringing in Our Fears 2023

More than 5,000 phone companies still haven't installed robocall defense equipment. Tens of millions of consumers lost money to scam calls last year, with a median loss of $1,400. We look at what's being done to fight robocalls and robotexts, and what's next.

Take Action

READ THE FULL REPORT

If you’re still getting unwanted robocalls, you can blame some of the more than 5,000 phone providers that aren’t protecting us from spoofed and scam robocalls. And most of them were supposed to as of two weeks ago.

The robocall-fighting law took effect two years ago, on June 30, 2021, with deadlines for compliance staggered depending on the type and size of company. The last major deadline was last month – on June 30, 2023 – for cell and internet-based phone companies to install spoofed robocall defense standards.

For months, the Federal Communications Commission (FCC) has warned holdouts: Virtually all companies that didn’t have an extension would be expected to comply by June 30.

Yet as of two weeks ago, an appallingly low percentage of companies tell the FCC their equipment is up to date. In fact, fewer than 40% of phone companies have completely installed the anti-robocall technology, a new analysis of FCC data by U.S. PIRG Education Fund shows.

It breaks down this way: 

  • There were 8,336 total phone providers in the FCC robocall mitigate database as of July 1, 2023. 
  • 2,745 completed STIR/SHAKEN, the robocall-fighting technology mandated by the federal law. 
  • 5,591 have not completed STIR/SHAKEN.

Digging deeper, of the 8,336 phone providers:

  • 1,195 are “intermediate” providers that carry or route calls but don’t actually originate or deliver calls. They have an extension until Dec. 31, 2023, although some are already compliant. 
  • An additional 238 companies are U.S.-based “gateway” providers that receive calls directly from foreign providers. They were supposed to comply by June 30, 2023, but some may have an extension, the FCC said.

Among the remaining 6,903, all which originate or deliver calls, our analysis shows:

  • 2,646, or 38%, have completed STIR/SHAKEN.
  • 1,770, or 26%, have partially adopted STIR/SHAKEN.
  • 2,480, or 36%, have not installed any STIR/SHAKEN systems.
  • 7 responded N/A, indicating they hadn’t adopted STIR/SHAKEN. 
PIRG EdFund | TPIN

Phone calls and texts are generally illegal if they’re:

  • Prerecorded telemarketing calls to a cell or home phone without written consent.
  • Autodialed calls or texts to your cell phone without your verbal or written consent.
  • Prerecorded calls to your cell phone without your verbal or written permission.
  • Calls aimed at deceiving or defrauding you.
  • A telemarketing call, even from a live person, if you’re on the Do Not Call list.
    Note: You always retain the right to revoke permission you give to a company at any time.

It’s not like phone companies haven’t known this was coming for a long time. The possibility of a nationwide mandate emerged in 2016, the FCC announced plans for rules in 2017 and the bipartisan law was passed in 2019 before taking effect in 2021.

There is good news: While our phones are still ringing with unwanted calls more often than we’d like, scam and telemarketing calls have declined significantly in the last two years. And the bad calls should continue to decline as more companies block illegal calls. 

Of course we’re all familiar with the consequence of fewer robocalls: a dramatic increase in scam robotexts, which can be more dangerous and weren’t initially targeted by regulators.

Most concerning, though: The amount of money lost to scam calls has exploded, from $9 billion a year in 2018 to $40 billion a year in 2022, according to TrueCaller Insights, which compiles an annual spam and scam call report.

Put in terms that are more meaningful: Consumers who were defrauded through a phone call lost a median of $1,400 in 2022, according to the Federal Trade Commission.

EFFECT OF THE LAW AND WHAT IT MEANS

Few laws in recent years have passed with as much support as the anti-robocalls law – the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED) of 2019. The vote was 97-1 in the Senate and 417-3 in the House.

The crackdown that started in 2021 required “voice providers” to install technology that can verify whether a call is actually coming from the number on the Caller ID and detect other telltale signs of a spoofed or scam call.

Most companies were expected to comply by June 30, 2021, but smaller companies and others that connect calls were given later deadlines.

The law requires companies to install the technology on all of their networks that route calls through the internet or cable, or tell the FCC what it’s doing to reduce scam robocalls.

Read more about the law

Small providers (with fewer than 100,000 subscriber lines) were supposed to comply by June 30, 2022 if their calls were transmitted through another provider.

The crackdown that started in 2021 required “voice providers” to install technology that can verify whether a call is actually coming from the number on the Caller ID and detect other telltale signs of a spoofed or scam call. Most companies were expected to comply by June 30, 2021, but smaller companies and others that connect calls were given later deadlines.

The law requires companies to install the technology on all of their networks that route calls through the internet or cable, or tell the FCC what it’s doing to reduce scam robocalls.

Small providers with their own equipment to originate calls were required to comply by June 30, 2023, along with gateway providers, which handle calls from overseas. Intermediate providers that transmit calls but don’t originate or deliver them have until December 31, 2023.

In 2021, only 536 companies were fully compliant; now that number is up to 2,646 companies. In 2021, 817 had installed the technology on part of their networks; now that’s up to 1,770.

Companies that don’t comply are supposed to get hit with significant consequences, including fines and possibly being blocked from offering phone service. That hasn’t happened much yet, however.

In November, the FCC for the first time essentially shut down a company, Global UC, for non-compliance. The move prohibits other phone companies from routing any of Global UC’s phone traffic. The FCC has warned other phone companies and has sanctioned several large operations accused of being responsible for billions of scam calls.

PIRG EdFund | TPIN
PIRG EdFund | TPIN

ROBOCALLS HAVE DECLINED BUT NOT ENOUGH

The volume of robocalls that are clearly scams dropped nearly in half in the first year after the law took effect, from 2.1 billion a month in 2021 to 1.1 billion in 2022, according to YouMail, one of the largest robocall-blocking companies in the United States that the FCC itself cites.

And as of last month, scam calls dropped to 800 million per month, YouMail said.

But many calls that are categorized as telemarketing calls are actually scam calls, YouMail says, and the number of telemarketing calls has nearly doubled in the last two years, from 700 million a month or 1.33 billion a month.

Now, YouMail combines scam calls and telemarketing calls as ones we don’t want and are usually illegal, either for being deceptive or violating consumer consent laws.

Adding the two categories together, unwanted calls have dropped from 2.8 billion a month in June 2021 to 2 billion last month. That’s a significant decline but is still way too many.

Read more about the volume of robocalls

The FCC-required technology helps phone companies determine whether the call should be blocked or flagged as a spoofed, scam or spam call, and for calls that go through, helps consumers decide whether to answer them. But the technology only works if it’s installed. And the entire system really only works well if every link in the phone chain is using the same technology.

Remember that more than 60% of companies aren’t using the technology across all of their system. One would expect that unwanted calls will continue to decline as more providers start using the technology.

The flip side is that some companies may not want to comply. Companies make money from routing phone calls, even if they’re a middleman with no actual individual or business customers. They might get a penny or two per call that uses their equipment. Upgrading that equipment would cost money.

Comments submitted last year to the FCC by the non-profit National Consumer Law Center (NCLC) and the Electronic Privacy Information Center (EPIC) made an important point:

“While the Commission has undertaken several efforts to mitigate scam robocalls over the last 20 years, none address the root problem: it is more profitable to transmit illegal robocalls than to mitigate them effectively.”

The consequences to us: Irritation. A waste of time. A distraction when we’re in the middle of something. And in way too many cases, fraud or money lost. The FCC has estimated that lost productivity alone totals some $3 billion a year. The actual monetary losses have skyrocketed the last few years to nearly $40 billion a year.

PIRG EdFund | TPIN

THE THREAT FROM ROBOTEXTS GROWS

While unwanted robocalls have declined, scam and spam texts have exploded, from 1 billion a month in 2021, to 12 billion a month in 2022 to 14 billion a month last month, according to Robokiller, which offers robocall- and robotext-blocking technology. This humongous increase was not unexpected because robotexts – for reasons that escape understanding – were not included in the robocalls law passed more than three years ago, or anything soon after.

“These robotexts are making a mess of our phones. They are reducing trust in a powerful way to communicate.”
— FCC Chairwoman Jessica Rosenworcel.

Just this spring, the FCC approved new rules requiring mobile wireless carriers to block texts originating from invalid, unallocated, or unused numbers. Texts from these numbers are most likely to be illegal, the FCC says.

Read more about robotexts

“Scam artists have found that sending us messages about a package you never ordered or a payment that never went through along with a link to a shady website is a quick and easy way to get us to engage on our devices and fall prey to fraud,” Rosenworcel said.

For now, the robotext rules affect only 10- digit numbers and toll-free numbers, not short code messages.

More rules could be coming that would affect:

  • Texts from short code numbers.
  • Texts to numbers on the Do Not Call Registry.
  • Texts from marketers who didn’t get permission directly, but tried to piggyback on consent given to a partner. Our phone numbers could actually be getting provided by lead generators and data brokers, the FCC says.

Many experts believe scam texts are even more dangerous than scam calls for two key reasons:

First, while you can avoid answering a suspected scam call (and they usually don’t leave a message,) you cannot avoid seeing at least a preview of a text, even if you don’t open it (and you shouldn’t open suspicious texts.)

Second, it’s easier for a thief to trick you in a text, which is short, may offer fewer clues about whether it’s legit and may include a link to a website that can contain logos and language stolen from an organization’s real website.

No wonder, perhaps, that among all fraud reports filed with the FTC last year, more people lost money through scam texts than any other source. In 22% of all fraud reports, consumers said they were contacted by text.

Meanwhile 20% of fraud victims were contacted through scam calls, while 19% were contacted by email.

The median loss involving scam text messages was $1,000 in 2022, less than the $1,400 stemming from scam calls, the FTC said.

Overall, Americans lost $330 million to text message scams in 2022. That’s double from 2021.

The top five scam texts comprised more than 40% of randomly sampled texts last year, the FTC said. The top five:

  • Security alerts from thieves impersonating large banks.
  • Claims about free gifts or prizes, supposedly from a retailer or cell phone company.
  • Claims about package delivery problems from USPS, UPS or
  • Bogus job offers for tasks such as mystery shopping and car
  • Security alerts pretending to be from

The fake bank security messages often impersonate Chase, Bank of America, Citi and Wells Fargo, which are the four largest banks and have tens of millions of customers. Text messages claiming to be from any one of those are almost surely going to reach some people who actually are customers of those banks. That increases the odds of someone falling for the scam.

The sender’s text usually says that a large payment has been made from the account, and the person needs to call this number to stop it.

Of course, no payment has been made, but some people might understandably be alarmed and make a bad decision to call the number, rather than look up the true number for their bank. Those who believe the text and respond or call the number are then connected to a fake bank representative.

Next steps could involve the consumer sharing login information or two-factor authentication codes meant to be an extra security measure.

Scam texts such as these have increased 20- fold since 2019. Clearly, they work often enough to make them worthwhile for thieves. Even one or two victims a day could yield thousands of dollars, perhaps tens of thousands of dollars.

The FTC says texts such as these are designed to create “a sense of urgency” that something really bad will happen if they don’t respond, or something really good will happen if they do.

PIRG EdFund | TPIN

BLUER SKIES AHEAD?

While scam robocalls haven’t declined nearly as much as we’d like, it’s rational to think it could continue to get better. Here are three key reasons why:

  1. Two big holes in the system were gateway providers and small phone companies. As of two weeks ago, all of those are expected to comply with robocall-reducing technology. Gateway providers are “on-ramps for international call traffic,” according to the FCC. And they’re on-ramps for thieves.
  2. The attorneys general in 44 states plus Washington DC and Guam have partnered with the FCC to help the regulator and the states go after robocallers with more resources. The effort is already yielding big results.
  3. The FCC continues to refine its rules to try to squash even more unwanted robocalls. For example, the FCC in March announced new rules to require all providers, regardless whether they’ve installed STIR/SHAKEN, to take “reasonable steps to mitigate illegal robocall traffic” and detail what they’re doing in the FCC’s Robocall Mitigation Database. The FCC is also weighing new rules to stop so called “lead generators” from calling people on the Do Not Call Registry just because the individual gave consent to one of the company’s marketing partners.
Read more about what's next

On the first point, the holes in the system: Experts say a significant number of scam calls originate from overseas. There are more than 200 gateway providers in the FCC’s database.

In 2021, 65 percent of operators that allowed illegal robocalls were either based in foreign countries or were gateway providers, according to the Industry Traceback Group, the main industry group that traces robocalls to their origin.

Some of the most egregious scam calls, such as those posing as the Internal Revenue Service or Social Security Administration, “almost always are coming from overseas,” according to USTelecom, the industry trade association for cell phone, internet, cable and voice services.

Robocall-filtering software companies say gateway providers have been the weakest link in the chain.

Another weak link has been small providers, which were originally exempted. Small providers have fewer than 100,000 customers. After the law took effect in 2021, illegal robocall rings flocked to smaller providers, according to the FCC and a letter signed by all 50 attorneys general. “These small phone companies are suspected of facilitating large numbers of illegal robocalls,” the FCC said in a release.

Compliance by small providers was moved up, with most being required to install Caller ID verification technology on the internet- based parts of their networks in 2022.

The rest of the small companies were required to comply as of two weeks ago.

A smaller piece is intermediate providers, which don’t originate or deliver calls, but route them along the way. They’ll be required to comply by Dec. 31, 2023. There are nearly 1,200 intermediate providers on file with the FCC, about 14% of all phone companies.

It will be interesting to see what effect these new mandates have on scam calls.

The second reason for optimism: the attorneys general in 44 states plus Washington DC and Guam have partnered with the FCC to help the regulator and the states go after robocallers with more

We can expect to see more cases like one in 2021 that led to the largest fine in FCC history. That involved working with eight state attorneys general. The FCC fined health insurance telemarketers $225 million for making about 1 billion calls, many illegally spoofed, in violation of the Truth in Caller ID Act. The states are also filing suit seeking damages and a permanent injunction against the telemarketer, the FCC said. The calls aimed to sell short-term, limited- duration health insurance plans and falsely claimed to offer plans from companies like Cigna and Blue Cross Blue Shield.

In 2022, Ohio Attorney General Dave Yost filed a lawsuit in U.S. District Court naming 22 defendants who are alleged to be part of an operation that made 8 billion illegal auto warranty robocalls since 2018. At the same time, the FCC issued cease and desist letters to eight phone companies and issued a notice to all U.S.-based voice providers to stop transmitting any calls from this operation. Violators could be put out of business by the FCC.

Last month, the FCC notified Avid Telecom LLC, also known as Michael D. Lansky, LLC d/b/a Avid Telecom, that it’s accused of originating apparently illegal robocall traffic and must take steps to stop these calls or else be blocked from other providers blocking all of Avid’s traffic.

The move followed a lawsuit filed in May by the attorneys general in 48 states and Washington DC and against Avid, accusing it of making more than 7.5 billion robocalls to people on the National Do Not Call Registry. In Arizona, where Avid is based, Arizona Attorney General Kris Mayes said about 197 million robocalls were made from December 2018 to January 2023. The attorneys general want a jury trial to force Avid to end the practice. In Ohio, one of the four lead states in the suit, Avid is accused of sending or trying to transmit about 24.5 million illegal calls, according to Ohio Attorney General Dave Yost. More than 90% of the calls lasted less than 15 seconds, which strongly suggests they were robocalls, Yost said. This was the first legal action by the Anti‑Robocall Multistate Litigation Task Force, which formed last year.

Finally, the last point: The FCC continues to refine its rules to try to squash even more unwanted For example, the FCC in March announced new rules to require all providers, regardless whether they’ve installed STIR/SHAKEN, to take “reasonable steps to mitigate illegal robocall traffic” and detail what they’re doing in the FCC’s Robocall Mitigation Database.

The FCC is also weighing new rules to stop so called “lead generators” from calling people on the Do Not Call Registry just because the individual gave consent to one of the company’s marketing partners.

Bottom line: Consent shouldn’t be able to be shared. The plan to stop lead generators and data brokers from abusing people’s phone numbers is supported by 28 attorneys general and of course a number of consumer advocates.

In some cases, telemarketers rely on consent submitted through a single webform.

Here’s the discouraging issue to realize: New laws don’t guarantee illegal practices will stop. People who like to defraud people, which is obviously illegal, often don’t care about breaking other laws.

RECOMMENDATIONS

Wouldn’t it be nice if we could go back to the good ol’ days, when we could tell who was calling based on the Caller ID, we didn’t have to worry about missing an important call if we didn’t answer and we weren’t getting bombarded with disruptive and potentially costly calls?

Progress is being made but the severe threats of scam robocalls and robotexts will continue until more is done. According to one study, one in four adults is the victim of a phone scam per year. A con artist needs only one or two victims a day to make it worth it.

Here are some of the strategies that could help reduce robocalls and robotexts:

  • The FCC needs to crack down more on phone providers that flout the law. Congress passed a law that said companies must install robocall- fighting technology on the digital and internet parts of their networks. There’s a ton of non-compliance – more than 60% of companies have not implemented the robocall defense standards. The FCC could block offenders from being allowed to transmit calls, basically putting them out of  business. Only in recent months has it actually done that. This needs to change.
  • The public and government officials need more information about the entities that are making and allowing illegal robocalls. The industry’s Traceback Group (ITG) tracks thousands of tracebacks each year to discover where illegal calls originate and who along the way allowed the calls on their lines. The information is kept mostly private and released on a limited basis to regulators.
    As recommended in June by U.S. Sen. Ben Ray Luján and 11 other senators, this information about who is allowing illegal robocalls should be released publicly to help consumers, victims and law enforcement hold offenders accountable. The FCC needs to make this happen. Bi-partisan legislation introduced in December 2021 by Sens. John Thune and Edward Markey and in the House in 2022 would protect the ITG and phone companies from liability if they share information about illegal calls. This bill or something like it needs to be adopted soon.
  • Most phone companies need to do more to protect their customers. Companies are allowed to block suspected scam or spoof calls from ever reaching consumers, as long as they give their customers a chance to opt back in. Companies are also allowed to label calls as possible scams or spam. And they’re allowed to display a checkmark or V next to a phone number, indicating the call is coming from the number displayed. This is happening more than a couple of years ago, but still, too few companies do these things for their customers.
  • More companies also should give customers the power to block suspicious calls or calls with no Caller ID if they want. Many companies don’t offer this or, if they do, they don’t make their customers aware of it.
  • The FCC is weighing new rules to stop so called “lead generators” from calling people on the Do Not Call Registry just because the individual gave consent to one of the company’s marketing partners.
    Bottom line: Consent shouldn’t be able to be shared. The plan to stop lead generators and data brokers from abusing people’s phone numbers is supported by 28 attorneys general in a letter sent just last month, and of course a number of consumer advocates. In some cases, telemarketers rely on consent submitted through a single webform.
  • The FCC continues to refine its rules to try to squash unwanted robocalls. For example, the FCC in March announced new rules to require all providers, regardless whether they’ve installed STIR/SHAKEN, to take “reasonable steps to mitigate illegal robocall traffic” and detail what they’re doing in the FCC’s Robocall Mitigation Database. The FCC must follow through with its promises to protect us.
  • The FCC needs to pass more rules to combat robotexts, requiring phone companies to block obviously illegal text messages. The FCC took baby steps this spring and has more proposed rules on the table. The rules passed require mobile wireless carriers to block texts originating from invalid, unallocated, or unused numbers. Texts from these numbers are most likely to be illegal, the FCC says. The rules affect only 10-digit numbers and toll-free numbers, not “short code” messages.
    Other rules proposed would affect short code numbers, texts to numbers on the Do Not Call Registry and texts from marketers who didn’t get permission directly but tried to piggyback on consent given to a partner. Our phone numbers could be getting provided by lead generators and data brokers, the FCC says.

But all of the laws in the world don’t guarantee illegal practices will stop. People who like to defraud people, which is obviously illegal, often don’t care about breaking other laws. So we all need to remain vigilant and do whatever we can to help educate our friends and loved ones about the dangers of illegal robocalls and robotexts.

Here’s a link to a downloadable PDF of our consumer guide
on 18 tips to protect yourself from robocalls, robotexts and scams.

Topics
Authors

Teresa Murray

Consumer Watchdog, U.S. PIRG Education Fund

Teresa directs the Consumer Watchdog office, which looks out for consumers’ health, safety and financial security. Previously, she worked as a journalist covering consumer issues and personal finance for two decades for Ohio’s largest daily newspaper. She received dozens of state and national journalism awards, including Best Columnist in Ohio, a National Headliner Award for coverage of the 2008-09 financial crisis, and a journalism public service award for exposing improper billing practices by Verizon that affected 15 million customers nationwide. Teresa and her husband live in Greater Cleveland and have two sons. She enjoys biking, house projects and music, and serves on her church missions team and stewardship board.