Bob Sopko used to get about 20 illegal robocalls a week. You’re probably familiar with the ones that filled his voicemail box: Your car warranty is about to expire. You owe back taxes to the IRS. You can reduce your credit card interest rate. The types of scam calls go on and on.
A couple of months ago, Sopko’s phone stopped ringing so much. He gets only about five calls a week now. “They have dropped significantly for us,” said Sopko, a university entrepreneurship program director who lives near Cleveland.
Then there’s Cheryl Carstens of Sioux Falls, S.D. She gets up to 25 illegal robocalls a day. Her callers also seem concerned about her expiring car warranty, for a Toyota she’s never owned.
What’s the difference between Sopko and Carstens? Sopko’s phone company has completely adopted new caller ID technology that’s aimed at reducing illegal robocalls. Carstens’ phone company has not.
Across the country, 2021 is supposed to be the year when we can start answering our phones again without bristling over the likelihood that the call is an effort to rip us off, steal personal information or sell us something we’d never want. (Heck, you’re not even supposed to be getting these calls anyway if you’re on the Do Not Call Registry.)
Cellphone and landline companies were required under federal law to implement new robocall-fighting technology by June 30. That was nearly three months ago. Some smaller companies and providers whose lines don’t run through internet/cable lines have extensions for now.
But research by PIRG Education Fund shows that among 49 of the largest phone companies nationwide (those that can serve 1 million or more), only 16 have reported to the Federal Communications Commission (FCC) that they have completely implemented anti-robocall technology.
An additional 18 have partially implemented the technology, according to the FCC. The remaining 15 companies have told the FCC they haven’t adopted the industry standard technology at all, but they’re using their own methods to reduce robocalls, or they have not reported their status to the FCC’s database, as required by law.
Partial implementation often means it hasn’t been adopted on the non-digital/non-internet/non-cable parts of their network.
- Overall, among 3,063 providers that reported their status to the FCC as of Sept. 3 and didn’t claim an exemption from submitting information:
- Only 17 percent (536 companies) said they’d completely implemented anti-robocall technology.
- 27 percent (817 companies) had partially implemented the technology.
- And 56 percent (1,710 companies) said they were not using the industry standard technology but rather are using their own methods to manage robocalls.
What does this mean? It means the industry isn’t doing nearly as much as hoped to fight the crime that for years has caused so much heartache and aggravation among consumers nationwide.
Illegal robocalls lead to $10 billion a year in fraud, according to the Federal Trade Commission (FTC). The calls cost consumers an additional $3 billion a year in wasted time, according to the FCC, when you consider all of that time spent answering unwanted calls, blocking calls, reporting the calls to authorities and generally getting distracted.
Despite that, scam calls nationwide dropped by 29 percent from June to August, according to YouMail, a leading robocall filtering company. This is encouraging news.
Among our other findings about 20 of the largest cell phone companies and Voice over Internet Protocol (VoIP) phone companies:
- Only 13 of the 20 companies told PIRG Education Fund they block some known scam calls/ spoof calls by default, which they’ve been permitted to do by the FCC since 2019.
- Only eight of the 20 say they provide on-screen warnings that a call may be a scam, as allowed by the FCC.
- Only eight of the 20 say they routinely allow customers to block calls that have no caller ID, a service the FCC permits.
- Only four of the 20 say they routinely show on-screen check marks next to the caller’s name or other verifications to customers that calls are coming from the number that’s actually on the caller ID. They’re allowed to do this as well. In fact, it’s one of the keys of this whole effort to combat robocalls: To give consumers assurance that it’s likely OK to answer these calls, even if we don’t recognize the number.
Robocall-filtering software companies say scam calls have dropped notably this summer but have by no means disappeared. However, consumers could start seeing greater compliance with the law starting Sept. 28, when providers nationwide will be required to block calls from companies that haven’t at least reported to the FCC what they’re doing to fight these nasty invasions in our lives.
At the same time, we’re seeing new threats from robotexts not covered by the law and more targeted scam calls thanks to data breaches.
Not all robocalls are illegal or even bad
Robocalls generally refer to phone calls made with help from a computer that does the dialing, either using numbers in a database or just dialing numbers at random. We sign up for some helpful robocalls: Our prescription is in at the pharmacy. Our kid’s school is closed.
Phone calls are generally illegal if:
- It’s a telemarketing call with a recorded message, unless the caller has written permission from you allowing the company to call you.
- It’s a call aimed at deceiving or defrauding you.
- It’s a call from a legitimate company that you haven’t done business with and it’s calling you even if you’ve registered your number on the federal Do Not Call Registry.
- It’s the second group that have been the biggest problem for years as con-artists call and impersonate your bank, the IRS, the police, the Social Security Administration, Amazon or any other entity they think will get your attention and rattle you badly enough to cough up personal information or agree to wire money or run out to buy gift cards to pay some fabricated obligation.
These scammers rely on a practice called “spoofing.” Using computers, they set up automated dialing software. Then they decide what to display on the caller ID.
Sometimes they may decide to call thousands of numbers with a specific area code and prefix and set the caller ID with the same area code and prefix to make the call appear local — perhaps from a neighbor — to increase the chance you’ll answer.
Other times, they’ll rig the caller ID to appear as if the call is coming from a specific company or government office. Then the computers start calling, with the ability to make millions of calls in just a few minutes, with each call costing just a few pennies.
One victim can produce a payday of hundreds or thousands of dollars. “This is so lucrative for the people who are doing it,” Aaron Foss, founder of Nomorobo, one of the nation’s largest robocall-filtering software companies, said in an interview with PIRG. “If some of these calls didn’t work, nobody’s phone would be ringing.”
Important dates in the battle against robocalls
Sept. 1, 2009: The modern-day robocall became illegal. That’s when the FTC started prohibiting prerecorded telemarketing calls to any consumers who hadn’t agreed to the calls in writing. But you can only take action against those criminals that you can catch. As spoofed calls became more common, it became more difficult to track down those making calls, particularly considering many originate from overseas or a difficult-to-trace computer.
August 2016: more than 30 of the largest communications and technology companies, including AT&T, Apple, Comcast, Google and Verizon, agreed to work with the FCC to try to squash robocalls, particularly spoofed calls that tricked so many. The idea of caller ID verification standards came out of this group.
November 2017: the FCC approved a radical change in policy by allowing phone companies to block calls that claim to be from a number that couldn’t possibly exist. It could be because no phone number is possible with that combination of area code and prefix, or because the number belongs to a company or government office that doesn’t accept incoming calls to that number (called do-not-originate lines).
November 2018: the FCC asked phone companies to adopt caller ID verification by 2019. But it was a soft ask with no teeth.
June 2019: the FCC voted unanimously to allow phone companies to block some calls they believe are scam or spoof calls by default, as long as they give consumers the chance to opt back in.
August 2019: 12 of the largest phone companies reached agreements with the attorneys general in all 50 states to adopt anti-robocall practices and implement call-blocking and caller ID verification at no cost to their customers.
The big development of 2019: The FCC proposed new requirements for all voice providers — mobile, VoIP and old-fashioned landlines — that would require them to install new technology to detect and block scam robocalls. The technology allows a company originating a call to verify the call is actually coming from the number on the caller ID and “sign off” on it before allowing it on its network.
Dec. 30, 2019: Congress passed the TRACED Act, giving the FCC the authority to enforce the caller ID verification rules.
June 30, 2021: FCC’s deadline for phone companies to install the robocall-detecting technology. Some companies have extensions.
Sept. 28, 2021: FCC’s deadline for phone companies to report their robocall-blocking status or else their calls will be blocked by other companies.
Where we are
The FCC is done asking, prodding and urging. The telecommunications regulator has public sentiment on its side and, more importantly, the blessing of Congress to fight robocalls. Here’s the line in the sand: “Beginning Sept. 28, 2021, providers can only accept calls directly from a voice service provider if that provider’s filing appears in the Robocall Mitigation Database,” Paloma Perez, press secretary for FCC Acting Chairwoman Jessica Rosenworcel, told PIRG.
For those that haven’t adopted STIR/SHAKEN and are relying on their own robocall mitigation methods, the FCC isn’t giving points for effort. The methods must work, Perez said. “If we find that a robocall mitigation program is ineffective or that a provider still originates illegal robocalls, we may take enforcement action.
“Enforcement actions may include removing an unsatisfactory provider from the Robocall Mitigation Database — thereby requiring other providers to block their traffic,” Perez said.
As mentioned, the FCC could also require a provider to adopt stronger robocall-blocking standards, or pay a penalty, or force the company to convert its network to internet/ cable lines so it can install STIR/SHAKEN.
If all of us are cheering at the prospect of fewer robocalls, there’s reason to temper our enthusiasm because there are two big threats on the horizon as robocallers pivot from their past strategies.
First, robotexts are on the rise. RoboKiller, another leading robocall filtering company, said we got 7.65 billion spam text messages in August. That’s up 8 percent, from 7.07 billion in June. Some of the most common scam texts this year: An unemployment claim has been filed in your name, or your unemployment benefits are stopping. Whether you’ve been collecting unemployment or not, the message would likely startle you and maybe make you curious enough to click on the link in the message. That would take you to a web site that would look just like your own state’s unemployment office website, Foss said.
“How can you tell the difference? You really can’t.” The server might be somewhere in Russia, or certainly controlled by someone focused on doing you harm, he said. Once you put in your Social Security number or other personal information, the thief is off to the races.
Another popular text scam right now: Anything involving Amazon, especially something involving delivery of your package. Anything to cause you to suspend your normal caution and click on a link in the text. These texts don’t usually lead you to phishing sites, Foss said.
“They’re usually trying to get you to buy something. They tell you, ‘You’ve won!’ Anything to get you to click through.” If you do click through, it may be an effort to sell you some product or sign you up for a subscription.
Perez at the FCC said the current caller ID authentication doesn’t include text messages. “However, industry standards groups are in the early stages of working on authentication for text messages,” she said.
“You kind of forgot about how you got there in the first place,” Foss said. “This just has to work once or twice a day.”
The second threat is more of what we’ve seen for a few years: Targeted scam calls, in which the caller knows your name, maybe your Social Security number and your date of birth, where you bank, who some of your relatives are and where they live. These are all the ammunition a con-artist needs to impersonate someone and convince you to provide more information such as bank account passwords or even to go buy untraceable gift cards to pay supposed tax bills or post bail for a grandson in trouble.
Much of this information has been compromised in data breaches over the last decade: A slew of retailers from Target to Home Depot, health insurance companies and even the Internal Revenue Service. Then there’s the infamous Equifax data breach of 2017 that exposed detailed, personal information for half of the adults in the United States. Identity thieves can fill in many of the gaps from information we provide willingly, often through social media: where we went to high school, what our hobbies are and all of the cities where we’ve lived before.
Alex Quilici, CEO of YouMail, told PIRG he predicts that robocalls may decrease over the next year, but the ones we get will be creepier, especially when it comes to health information.
Conclusion and recommendations
Dishonest people have been around since the beginning of time. Cons through one method or another have existed for all of our lives and will continue. We still get phishing emails and postcards about free dinners or prizes we’ve “won.” The cons just take different forms over time. Everyone needs to do more to protect themselves and others.
The FCC must follow through with its promise to monitor how effectively all providers are reducing/ blocking robocalls. If a given phone company’s system isn’t working, they’ll need to try something else or be forced to upgrade to internet/cable lines so they can implement the industry standard caller ID.
The FCC should move up the deadline for smaller providers and those with non-internet/cable lines to comply with STIR/SHAKEN. It’s currently June 2023. It should move up to June 2022 at the latest, as all 50 attorneys general have recommended.
In addition to implementing caller ID verification, phone companies should offer customers an array of optional free services to provide more protection, such as:
— Extra filters that send suspected scam calls to voicemail.
— On-screen warnings for suspicious calls or unverified numbers.
— Filters that block calls with no caller ID and white lists of numbers that can call through. This can be immensely helpful for children, the elderly and anyone with cognitive issues.
Consumers who want to reduce the number of illegal robocalls should ask their phone company whether there are additional services, as mentioned in the previous paragraph, that are available to protect them.
Consumers whose phone companies don’t provide all of the protections they want should shop around for a provider that better meets their needs.
Phone providers and the FCC need to quickly address the skyrocketing problem of robotexts.
Consumers whose landline providers don’t do a good enough job of filtering robocalls may consider buying a phone that doesn’t allow calls from unknown numbers to go through if the caller doesn’t announce her name. They’re available for $50 or less.
We must all do more to protect our friends and relatives, especially the most vulnerable. We should occasionally strike up conversations with loved ones about scams that are out there and make sure those we care about know they can talk to us if there’s ever a question about a call or text message they received.
We should never belittle people who fall for scams. We need to eliminate the stigma so people feel free to reach out for help.