[jonathanmayer]

I worked on countering phone scams and robocalls at the Federal Communications Commission for over a year. This operation was a big win and an impressive international collaboration.

That said, the robocall problem is getting worse, not better. Robocall volume is at an all-time high: https://robocallindex.com/

In many respects, the problem of telephone spam today is similar to the problem of email spam in the early 2000s. Litigating against spammers had limited efficacy, so the community developed blacklists, better filtering, and stronger authentication (SPF, DKIM, and DMARC).

Until the major carriers get serious about similar steps, especially filtering and authentication (i.e. SHAKEN and STIR), these fraudulent calls won't stop. And, in the interim, vulnerable populations will continue to be disproportionately victimized.

[anonymous5133]

I think the problem has gotten so serious that the traditional voice-based phone system is pretty much unusable. I don't even bother to answer the phone. Instead I have a voice mail message that tells people to send a text message instead. I can't be the only one who does something like this or has some other system in place to not have to deal with robocalls/scam callers.

[r00fus]

Not sure what carrier you're using but T-Mobile in the US just released "scam block" ( I had "scam ID" turned on previously).

In addition to marking calls as scam, now they simply block them outright. Getting approximately 0 scam calls in the past 2 days.

[supertrope]

Job seekers and those with medically needy relatives are among those who cannot tolerate any false positive especially if calls are entirely rejected and cannot even leave a voicemail.

[nacs]

TMobile has 2 levels of it. One just labels the Caller ID for those suspected numbers as "Scam Likely". An additional feature (which OP is referring to) blocks the calls automatically.

[kurthr]

I hope it works... it's kinda terrifying that getting no scam calls for 2 days is significant!

I have a test/dev phone that I used for a project several years ago with an associated ph#. I forgot about it (don't think about the charges accrued 8^) for several years, but just charged it and turned it on.

It's a number that was never used or answered for 3 years and it gets several scam calls a day. They must be calling every valid number.

[bpicolo]

I didn't realize they had added the block feature too, nice! Just went and enabled that

[toddh]

Does this work for the sweepstakes type scams where they try to induce the elderly send money for a fabulous prize they supposedly won? Just curious in general how they ID a scam?

[supertrope]

The simplest and most powerful definition of "spam" is "whatever our users report as spam."

[toddh]

People don't mark calls as spam so I wonder how they do the training?

[chiefalchemist]

I believe Google recently released something similar for Android.

These calls are spam for phones. Certainly, there's an obvious pattern that can be identified and then neutralized.

[supertrope]

Email spam became tractable on the end user side with domain and IP address risk scoring. Caller IDs are so easily spoofable it's like open relay email servers of the past.

[chiefalchemist]

When they spoof are they using otherwise valid numbers? That is, if you returned the call you'd speak to someone's grandmother?

None the less, can't the phone providers detect the excessive outgoing traffic? And if it's a residential number can't that raise a red flag?

[daveFNbuck]

Do you have a link for that? I have an Android phone, but I received a call marked as spam yesterday. I'd love to be able to just block those.

[Fnoord]

I never get any robocalls. I do get robots when I initiate the call though (which is very annoying). Then again, we got privacy and telemarketing laws here.

[skate22]

No voicemail and no picking up for random numbers. Works well for me

[njarboe]

The world could have such a wider set of solutions to many problems on the internet if there were just a good system of micropayments. Any idea why the US government or some other government does not create such a system? If people not in my contact list were immediately sent to voicemail and charged 10 cents to leave me a message, spam would basically go away. Similar for email spam. One can dream.

[theandrewbailey]

> Any idea why the US government or some other government does not create such a system?

The US government isn't in the business of running the internet or phone or micropayment systems, and it's not interested.

[njarboe]

Its into supplying its citizens with a useful currency. Micropayments of dollars is just usefully currency online. Seems like microdollars would be a natural monopoly, ideal for the US government to produce.

[nojvek]

Yeah I do the same. I only pick up phones if it’s from a contact I know. 99% it’s my wife. Most of my friends use some form of text messages.

Most people leave a voicemail. Thanks to technology, the voice mails get transcribed and I can quickly decide whether I should return the call.

I also see “Spam Likely” for a whole range of numbers. Not sure if it’s Apple or T-mobile but I sure do appreaciate the heads up.

[mdhen]

I have do not disturb turned on always, but my contacts are exempt, so for people I know it will ring. If I get a call from a non contact they can leave a voicemail. But most of the time it's a robocall. Not having to deal with my phone ringing all the time has been a big improvement.

[nacs]

"Scam Likely" is a T-Mobile thing. I get it also. It can be toggled from the Tmobile website.

[duxup]

My wife gets a call every day about how she is being sued..... every day a new nasty VM.

I'm talking to random scammers more now because I'm looking for a job and I feel like I have to answer the phone even if I don't recognize the number. Man it is annoying.

[voodooranger]

The workaround I used for this was Google Voice. I put the Google Voice number on my resume and in settings told it to use my own GV number as the caller id. If I saw a call coming from the GV number I knew it was a response to my resume. For some reason my GV number doesn’t attract scammers.

[nasredin]

Pro tip for you: you can "port" out your number to your cellular provider.

Zero spam for me for a long time. Yes, zero!

Also see the T Mobile spam service. There's two you have to turn on IIRC.

YouMail for voicemail is good too.

[duxup]

Thank you!

[Sangermaine]

I have a GV number as my work number on my cards, site, etc. and I still get spam through it, though admittedly less than through my personal number.

[duxup]

That is a great tip, thanks!

[sureaboutthis]

How about the FCC get serious about the problem and force the telcos to stop it. Obviously, as you say, they have no interest in doing it themselves.

[viraptor]

Pretty much this. With the current tech stack in telcos, the only way anything can change is if they're put in a "you're responsible for this call, unless you can point to who sent this call" situation. While the receiving / forwarding party can't validate the originating number, they can always point at the telco that sent the call in. Repeat until you find a company / person to fine.

[supertrope]

Just like airlines get fined for carrying passengers who violate immigration policy. Thus they are effectively deputized to enforce the rules.

That would root out domestic telcos who enable bad behavior. What happens when the origin telco is in another jurisdiction?

[bluGill]

Then it has an international caller id. Most people get so few international calls that they will quickly figure out that it can't be real. If it had a locale caller id it is obviously spoofed because otherwise the call wouldn't have come in from the foreign telco.

Once someone does this, legitimate telephone companies elsewhere will become interested as well, and may "play nice" so long as local laws allow it.

[viraptor]

> If it had a locale caller id it is obviously spoofed because otherwise the call wouldn't have come in from the foreign telco.

That is not correct. You can send legitimate calls with spoofed caller id between different countries. Many providers will let you do that. (as in, you can assign a caller id from country A to a call originating from country B to A)

[bluGill]

I'm saying that those become automatically illegitimate and Country A should reject them. The only exception is IF the telco in country B agrees to assume legal responsibility in country A.

[viraptor]

It costs a lot more internationally, so I'm not sure how much of a problem it really is. While many people would hate this, the same rule could be applied with "if you're forwarding international connections, you're responsible". Bad interconnects would probably drop immediately with a moderate amount of chaos, while legit foreign partners are found who can filter traffic on their end.

[supertrope]

My service provider offers <$0.01/min. calls to many countries.

I have a hunch that no telco wants to entirely block a foreign telco because they would lose money and because of the ensuing chaos.

Robocall friendly service providers intentionally mix robocalls with legitimate traffic to avoid terms of service enforcement. e.g. Robocalls are laundered by splitting across n carriers so spam (identified by bad ASR/ACD stats) stays below each carrier's threshold. https://news.ycombinator.com/item?id=12339739

[raarts]

Since you have expertise, maybe you can explain why this seems to happen in the US only, while SS7 (which many commenters mention as the culprit) is used all over the world.

I live in Europe, but do not receive robocalls at all (zero), while when I enter the US, and put in my US SIM, I immediately start getting multiple per day.

[netsharc]

Maybe there's no market in Europe. Only the UK speaks English, and in the UK it seems not many have to do tax returns (from http://taxaid.org.uk/guides/taxpayers/tax-returns/im-not-sur...):

> Most taxpayers in the UK are taxed at source and so do not need to complete a Self Assessment Tax Return. ‘Taxed at source’ means that the money you receive has already had tax taken off, such as the wages you get from your employer when paid under the Pay As You Earn (PAYE) system, or UK bank interest taxed at source.

[martinald]

They definitely do happen in the UK.

Later versions of Android really help with the 'spam call' filtering, though I've noticed that callers tend to just recycle through nonsense caller IDs and/or unknown numbers (which is really annoying if you have clients phoning you from unknown numbers).

At one point I was getting 10+ a day, which seems to have calmed down now. Everything from tax scams, to PPI, to car accidents.

[daveFNbuck]

How do you filter spam calls in Android? I keep getting calls where my screen turns red and it warns that the call is spam. I'd love to stop having my phone ring and stop getting all the voicemails.

[martinald]

Phone app -> top right three vertical dots -> settings -> filter spam calls

[daveFNbuck]

Thanks! That has really been bugging me for a long time.

[raarts]

Just to make it clear: Not only do I get IRS robocalls in the US but all kind of scams.

Also: 96% of the Dutch speak English, and the Scandinavian countries aren't far behind.

[viraptor]

There's a difference between speaking English and expecting a local call to be in English. Sure they could have the conversion, but trying to do a tax scam on a Dutch person in English has ~0% chance of succeeding.

[raarts]

Tax ok, but I think many would fall for a crypto, or investment scam.

[skykooler]

As I understand it, in Europe to register for a phone number you have to give some identifying info to the telecom so they know who the number is registered with. In the US, however, you can get phone numbers anonymously.

[raarts]

I'm from the telecom industry myself, and it's real easy to spoof callerid here as well. Also anonymous burner phones do exist here as well.

So I don't think this is the reason.

[nojvek]

I’m sure you’ll find more “get rich quickly even if it’s dirty” kinda people here. We literally worship our millionaires and billionaires.

I’m probably going to get downvotes but this is what I’ve experienced in the US, at-least in the hyper growth Silicon Valley.

[supertrope]

Get rich quick and clawing over others to get to the top is also relatively prevalent in poorer countries, those with great wealth/income inequality, and societies undergoing rapid economic transformation.

It's part legal enforcement and part culture. There are dishonest individuals in every country.

[alberts00]

There are countries in EU where that is not the case. I do not think this is an EU policy.

[tpxl]

Afaik they are mostly illegal, at least where I live.

[dragonwriter]

They are illegal in the US and often originate abroad, anyway, so legality under the law of the target country (or the source country, as most are illegal where they originate, too) doesn't seem to be a controlling factor.

[supertrope]

Fraud and wire fraud are illegal in most countries. The limiting factor is effectiveness of enforcement and probability of being caught.

[thunfischbrot]

You mean that they do not happen in the EU as they are illegal there? They are illegal in the US as well.

[soundwave106]

Although no law will prevents all scams, some European governments do have much stricter laws on when you can "cold call" period. In Germany, for instance, thanks to legislation passed a decade ago, I believe the customer needs to grant explicit permission in order for a business to be able to cold call, and no telemarketer can impersonate your phone number -- https://www.thelocal.de/20090804/21021.

It would be interesting to see if there is a correlation with these sorts of laws, and the prevalence of phone scams.

[tremon]

The EU regulators still have teeth.

[majos]

What's keeping major carriers from getting serious about these steps already?

[jonathanmayer]

My experience was that the major carriers had little economic incentive to invest in improving telephone service, which they viewed as a legacy line of business. They were focused on selling data plans, building their networks, and entering new markets (especially online services and advertising).

[cma]

Spam calls are actually a cash cow. Uses your minutes and Verizon also makes money selling a subscription spam blocking service that would be worthless without the annoying calls:

https://www.theverge.com/2017/6/30/15906800/verizon-anti-spa...

[jjeaff]

What percentage of US cell plans aren't unlimited minutes these days? I'm thinking it has to be a tiny amount.

Seems like they would like to unclog their Network not to mention their servers have to handle and store all the voicemails.

[Scoundreller]

The receiving provider usually gets paid to terminate the call.

It may only be a fraction of a cent per minute, but these are the same telecoms that will gladly send you a bill every month because you owe them 1 cent.

[supertrope]

In the past, cellular network operators earned revenue based off minutes sold. That's why voicemail has very verbose instructions that are read to you every single time. It's a way of inflating average call duration and thus revenue.

These days with unmetered calling, the receiving telco still makes some money off incoming calls through termination charges.

[lotyrin]

If they truly aren't interested in it, that'd be great, they could just stop, open up to become dumb data pipes and create a market of competitive third-party service for the telephony part.

[dredmorbius]

Are the telcos trying to kill the system outright then?

[imron]

They indirectly make money from the fraud, so incentives are not aligned for them to stop it.

[supertrope]

And there are insufficient dis-incentives. There are no competitors who offer a superior spam filtering solution and market it.

If carriers became financially liable for robocalls by a government mandated date, e.g. 2020, they would find a solution. Even if was as simple as not getting paid to carry spam traffic (as opposed to an EU level % of global revenue fine).

[SOLAR_FIELDS]

Another trivial solution would be to offer some sort of voice CAPTCHA for phones - get asked question and provide answer in order to connect. Someone on here posted awhile back that they implemented their own and said it completely eliminated robocalls.

[walrus01]

I have done this. I have my own VoIP system. One of my DIDs picks up and is a recording of me saying "I'm screening my calls for telemarketers and scams. enter code 5300 any time to be connected to $myname". If 5300 is entered, it dials out to the DID for my cellphone and transfers the call. No code, or no action, call goes nowhere.

You can fairly easily make the code whatever you want or make it a multi step process.

[swandog46]

Did you find a way to do this that didn't require paying per-minute to (e.g.) Twilio for the call forwarding back to your cell phone?

[SOLAR_FIELDS]

If I remember correctly from the conversation I mentioned above: this is only implementable yourself with a VOIP solution and not an actual phone line?

[supertrope]

DTMF based challenge is probably easier. Even requiring callers to dial 1 to ring through is enough to keep robocall campaigns from ringing your physical phone.

I've been thinking about issuing my friends and family priority access PINs. If they save it to their contact entry for me after the number, I can entirely gate access. e.g. "5558675309,9876" Especially if combined with a time condition e.g. 11 p.m. to 6 a.m.

[DINKDINK]

SS7 is so broken that there's little telco could do even if they put effort into it.

[walrus01]

Fixing ss7 at this point would be like polishing the brass doorknobs on the Titanic.

[eftychis]

This is a good analogy unfortunately. SMS is the worst culprit there from my standpoint, given companies use it to send short term credentials (yes they do...) or for 2fa.

[utefan001]

I either disagree or am ignorant about SS7. See my other post on this page. Interested to read others thoughts about implementing a "opt-in, call back only or GTFO system".

[walrus01]

If I have full control of a DID, implementing callback isn't hard. That would be a bandaid type solution built on top of the existing phone network, however. Fixing ss7 at a systemic level so that all call routing in and outbound is verifiable, CID spoofing is impossible, is what is nigh impossible.

[supertrope]

Are there any proposed replacements? Even SIP has vulnerabilities, foot gun features, and fundamental design problems like use of MD5 digest, NAT intolerance, and vendor and device specific bugs.

[jimmydddd]

@jonathanmayer Any idea why the landline companies don't address this issue? Do they make money from spam calls? I signed up for the Nomo Robo service, that I believe won an FCC sponsored contest to provide a partial solution. And I think the landline providers actively faught against its use.

[deelowe]

I imagine a significant number of POTS lines are used by robocall/scammer operations, if not directly through third party VOIP services. Make not qualms about it, ATT still treats POTS as it's bread and butter. They will do whatever it takes to keep that cashflow coming in.

[walrus01]

The problem with fixing this is that, to extend your analogy, SS7 is like how SMTP worked in 1992 before anything like spf, dkim, dmarc, SSL/TLS. Adding extensions to it will break interoperability with the truly gargantuan installed base of old ss7 equipment around the world that nobody wants to pay to replace. It needs to be burnt to the ground and started over from first principles. But really, everything that we need can be implemented with pure VoIP.

I just don't answer my phone anymore unless I recognize the incoming number. And caller ID is trivially easy to spoof. Thankfully nobody spoofs any of the numbers of my top 50 contacts.

[Fjolsvith]

Last year, a spammer spoofed with my business phone number as their caller ID. Mid-day, I start getting phone calls from people yelling at me to stop calling them, stop harassing them. Every 2-3 minutes, someone new and angry. After about 3 hours I had figured out what had happened and got ahold of my carrier and had them change my phone number.

[utefan001]

I don't know enough about SS7 to understand if this is feasible, but it is clearly time for a call back based system. Millions of people signed up for the do not call registry. I am sure millions would sign up for a system where incoming calls trigger a call back. If your out bound call system doesn't support call back, don't worry because nobody wants to talk to anyone hiding behind the cloak of invisibility.

[walrus01]

Building a callback system doesn't fix ss7 and is a bandaid slapped on top.

[toss1]

This is getting way out of hand, and I don’t know anybody who hasn’t the same observation, and has already changed their behaviour to NOT answer the phone by default.

If the major carriers don't soon understand the magnitude of the telephone spam/scam problem and treat it seriously, They will soon be crippling their business. While this is been likened here to the email spam problem in 2000, back then, everyone in the computer industry took the spam problem much more seriously telephone industry does now. E.,g., Verizon gleefully offers a blacklist where you can block 20 numbers (nevermind that the spam calls typically have spoofed caller IDs) -- they think they’re good, and it’s utterly useless.

They really need to implement a true Source ID (regardless of the presented caller ID), and a way to instantly flag calls as spam then do targeted tracking and prosecution. If they fail to do this or implement another effective solution, I expect they will lose a century-old line of business to new habits that work around the established habits.

[cascom]

Did you all have a sense for the scope of the problem in terms of number participants and market share? Is the bulk of the calls from a few larger networks, or is the bulk of the market one man shows?

[Waterluvian]

So what am I doing that I've never once had a telemarketer call me, other than my car dealership or phone company. Canada can't be special. Is it because I use a cell phone for everything?

[Scoundreller]

Canadian here. The CRA has called me about their criminal warrants for my arrest many times. The Chinese consulate keeps telling me to call them back.

But these are all on my work-phone and government agencies don't pay taxes anyway.

My personal phone has been relatively safe for unknown reasons that I'm happy about.

[joecool1029]

Not canadian but used to travel there a lot and had a nice collection of prepaid sim cards. Every new prepaid line I registered got tons of calls from debt collectors, to telemarketers, to scammers.

So yeah it happens, though probably less blindly than US and more from information sharing.

[iamshs]

Numerous calls here. Lately SMSes have started too. Sometime back, even WhatsApp messages from Philippines, but that spam stopped pretty quickly.

[peterlk]

Does Google voice work for Canadian numbers?

[joecool1029]

I don’t believe you can register a canadian number. You can sign up and use it as a voicemail though I think.

If you are asking whether you can call and be called by canadians for free from american gvoice, the answer to that is yes.