[itcrowd]

Recently got a US phone number (at&t), and the literal minute the SIM was in my phone I started getting spam texts and calls. Nobody even had the number yet. I assume it's either a recycled number or randomly-generated from the spammers' side.

Anyway, I've had (still have) the same phone number for over 20 years in the EU and have never received a spam call/text. Zero. Nada.

To me, it is baffling how all Americans have put up with this annoyance for decades! Finally, it seems some concrete steps are being taken.

[LooseMarmoset]

Here's how it works in the U.S., and why it doesn't go away:

* A scumsucking business decides to hawk some scam. They start by creating an LLC (a limited liability company) devoted to telecommunications, ostensibly to resell telephone service sort of like an MVNO would. This LLC is based in the U.S. They buy a range of phone numbers associated with the LLC.

* The company then coordinates with an out-of-country call center, in places like the Bahamas, India, Pakistan, Mexico, etc. The call center receives and sends calls into the U.S. based on an assigned number from the LLC as a PBX (private branch exchange). As a PBX, these call centers can use a single ANI (automatic number identification) based on a US-based address (usually faked by the so-called telecommunications LLC), and the actual numbers behind it are hidden. PBX software allows you to override the number you see when your phone rings - that's why you get numbers on your phone completely unrelated to the actual call origin.

* The LLC may "sell" some numbers to legitimate businesses so they can claim it's just abuse of their systems.

* As people begin to complain about the scam calls, and the network operators that sell the numbers cut the offending numbers off the network (and this takes weeks at least) the LLC will simply cut off the old number, and issue a new number to the offshore call department.

* Eventually, the network operator will refuse to issue new numbers to the LLC, so the LLC will close up shop. However, the owners usually have a new telecommunications LLC ready to start the process all over again.

* The dirty secret here is that the major network operators (Verizon, ATT, etc) don't really care too much about these scam MVNOs/call centers, because they get paid, and paid well, and get to look like they're doing work to prevent scam calls while making money doing it. When these guys tell you "We can't see where the call is coming from" this is a straight-up lie, as any network operator call center employee can tell you.

[csharpminor]

Just a note: this is a great explanation of how it works for scam calls, but not SMS spam as mentioned in the article.

[JoBrad]

Isn’t this what STIR/SHAKEN was supposed to address?

[kjellsbells]

Yes, but. SS makes a cryptographically based attestation about the origin of a call. For a user A on, say AT&T mobile calling a user B on Verizon, this is straightforward: the AT&T server can make a strong "type A" assertion: they know A, they control the access network that A is on, everything is copacetic.

However there are other tiers of attestation that are less strong, and because telcos also do a screaming business in bulk transport of other people's calls, these calls still get connected. So for example user C in say, Telenor Pakistan calls user A on AT&T, but the call is carried across the world by some transit carrier, like Lumen or BICS. This happens all the time. Then all that ATT see is that BICS attest that they trust Telenor, but have no control over the source number C.

It gets real murky real fast. On top of all this there are yet more complex cases, like American Express buying a block of phone numbers from one phone company but actually being connected to the global phone network by another. Or wanting to have those domestic numbers route offshore but still appear as US numbers when they call you stateside.

Its a mess, and SS helps as best as it can, but I think the real solution requires a change in how telcos get paid, and route one another's traffic for money, and that is not changing anytime soon.

[smelendez]

This and the grandparent explanation are very helpful. Thank you both!

The frustrating thing is I would bet that the vast, vast majority of people in the US do not want anything except those “type A assertion” calls: calls from trusted users of trusted carriers. And I say this as someone who regularly communicates with friends and business associates overseas but essentially never through the traditional phone network.

It seems like that would also cover the situations some people often mention regarding emergencies, since a hospital, school, or random person on the street won’t be calling through some fly-by-night carrier.

I get some people and businesses have more complex needs, and I’m sure there are a million corner cases. But it feels like if you let people easily opt in to a sensible but restrictive plan, and allowlist trusted carriers in other countries, you’d solve a lot of this problem?

[kjellsbells]

> opt in to a sensible but restrictive plan, and allowlist trusted

The irony is that the end users have built this by themselves: ignore all calls unless they are from a known contact, at best, diverting the rest to voicemail. Basically each user builds a 1-deep network of trust. Sad that it had to come to this.

There's are argument that says this is all a side effect of a technological innovation: the rise of VoIP/SIP over TDM.

[dmurray]

It seems like a failure of the free market. If instead it were prohibitively expensive to run a telecommunications provider, and no country would have more than two or three, the spam calls could be regulated away. Perhaps at the expense of other technological or financial innovation.

[MiddleEndian]

Is there a reason why I can't tell my phone company "Don't take any calls from anything less than Full Attestation"?

[_rs]

How does this work in Europe, where the above comment says this isn't an issue?

[kjellsbells]

I can only speculate, since Europe is a huge place with multiple telco regulatory regimes and lots of transnational telcos. For example:

- France has a version of STIR/SHAKEN - Germany's Deutsche Telekom has massive presence via local operating entities in poland, austria, czechia etc etc. So it might be that they can assert tighter knowledge of a caller across countries and carriers because its all really DT. - Similarly Orange/Hutchison in France, Austria, and IIRC north Africa.

Beyond that, i dont know.

[yurishimo]

Could it be due to pricing differences? I have only been in the EU for 6 months, but one thing I noticed when signing up for cell service, is that SMS and Calling is expensive when calling to a different country. For me to call someone in Germany from The Netherlands, it is €0.23/min.

At that rate, scamming someone on the phone from a different country is prohibitive. The other option would be to setup shop and purchase numbers from all EU nations, which is also prohibitively expensive and probably not as easy since LLC's aren't really a thing.

My guess is the large population of the US + the advantageous legal system for new companies is what makes this a unique issue for Americans.

[Fradow]

The above comment exagerates based on anecdota.

From what I gathered, it's a lot less of an issue compared to the US, but scam calls & SMS do happen.

My anecdota: I'm French, and receive scam calls from time to time. They are different from the ones you see in the US. Here it's mainly "CPF" scam calls, which is training credits every working person automatically get and they are trying to scam you into paying for a illegitimate training with those (don't ask me for more details, I've not researched it further).

In France, it tends to be less of an issue because the government is at least somewhat invested in fighting such scams, and because the language isn't as universally spoken as English (which is true for most of Europe). You can usually spot a foreigner speaking French miles away, and it's a red flag for any sane person when an incoming call has an accent.

[wil421]

I can guarantee you had a number that was reused. When I had a couple different sims for work phones over the years I received 0 spam on one with a new area code. Spammers will enumerate all digits on an area code.

The scams are different in Europe. I’ve had my debit card skimmed twice over the years in Europe and I check the card readers. One scammer took money out of a Philippines ATM. Europe also has a crazy amount of tourist scams I’ve never seen in the State. Fake fights in Rome to draw attention from pickpockets, taxis in Germany taking advantage of me, Gypsies with drugged babies and fake injuries, and various “official” helpers outside airports/train stations.

[testfoobar]

Tourist centers of London/Paris/Rome/Venice/etc. in the summer are becoming asymptotically closer to theme parks like Disneyland. Themed experiences, picture locations, vendors selling merchandise and junk food, families running through trying to "do everything."

At least with Disney the workers aren't trying to scam you.

[actionfromafar]

The scamming part is over when you pass the gates :-)

[ThePowerOfFuet]

Have you even looked at the prices of food and drink?!

[Talanes]

>Gypsies with drugged babies

Pretty sure I've seen a local version of that around SF, or at least I used to pre-COVID.

[azinman2]

I’m not sure what either comment refers to. Can you explain?

[Talanes]

There was a woman who would post up outside the Market St. Muni entrances with an unnaturally quiet baby and a sign saying she needed money for the baby. Same woman was there for multiple years, always with a baby around the same age.

[azinman2]

Different baby? Or fake baby?

[ReptileMan]

A beggar mother part of organized crime that hugs her baby that is heavily sedated.

[azinman2]

Is the con saying “oh look how sick my baby is?” Why do they sedate the baby?

[ReptileMan]

I guess for it to be docile. So it won't cry or make trouble.

[swalling]

I can assure you that your number was recycled.

In the last few years I got a new number from Verizon after moving from one state to another, in the hope that it would combat robocalls. Not only did I experience what you did, but received a number previously used by a plumber who apparently had trouble paying his car loan. I was getting frantic calls at all hours from people with plumbing problems, and from Honda threatening to repossess a car. Verizon and other carriers even admit to recycling numbers as soon as 6 months after they were last used. https://community.verizon.com/t5/Windows-Phone/How-Do-I-Chec....

[yurishimo]

Your story reminds me of a similar one. I got my first cell phone around 2008 as a teenager. The previous owner also had problems paying her bills and that is probably why she ditched the number.

I got calls for literally a decade until they figured out she wasn't going to answer on this number anymore. At first, I would hang up when I heard the robo-voice asking for her, but the calls didn't slow down and eventually stop until I waited on the line for a collections agent to pick up so I could politely tell them to pound sand and stop calling me. Even then it took another few years.

Funnily enough, I recently moved out of the US and ported my number to Google Voice in case I want to come back in the next few years. My phone hardly rings with spam calls now.

[Broken_Hippo]

Verizon and other carriers even admit to recycling numbers as soon as 6 months after they were last used

This has been standard for decades - it is a holdover from landlines. The companies only own a certain number of phone numbers. (Supposedly, when you change companies, 'ownership' of the number transfers to the new company). They've generally said that in more populous areas (or at least, areas with more phone numbers being actively used) that recycling numbers was the only way without changing the number format again.

I didn't think this was exactly a secret - but I could have learned this working for GTE/Verizon a couple of decades ago.

[vopi]

For me, it has a been a very recent thing. A couple years ago, I would have had a handful a year. Now it wouldn't surprise me if I had a couple a day.

[prox]

I stopped using phones all together since they are nothing but sources of stress, annoyance and frustration. Quality of life improved by a lot. People actually understand and my business is doing well.

[wil421]

Same for me. There was some kind of d-day a couple years ago where it really started to happen.

[foobiekr]

The US is targeted because it is large, generally wealthy (in the sense that a scammers will be willing to work for days to get an amount their victims will fall for), information about local communities is fully digitized and services (Walmart ir whatever) are fairly uniform, and - by far most importantly - culturally and linguistically dominant.

The scam calls mostly come out of the Philippines, India and Pakistan because they have high familiarity with US culture and millions of people with sufficient English fluency.

Almost none of the EU nations have more than two of these.

It is very easy to understand the problem if you pause and think about it for a short time.

[vsareto]

>To me, it is baffling how all Americans have put up with this annoyance for decades!

All is explained with a cursory glance at our political system

[thfuran]

Doesn't that just raise more questions? That's a whole lot more to put up with.

[zrobotics]

But what if the other team won?

That explains most of the problems we have, there are really only 2 choices and people are increasingly partisan about them. Although for this specific issue, both parties are equally shitty, but as a US voter I can't signal anything about my displeasure with their telco regulations since it's effectively a binary choice and telco regs are wayyyy down on the platform.

[t-3]

I never received any spam on my cell until the past few years - around the same time my state government made voter information available to political organizations to enable their begging. Now the cat's out of the bag and the info has doubtless been sold and shared with every scammer in the world.

[winternett]

Perhaps they could also mandate an update to the antiquated voice prompt voicemail systems that make deleting and managing voicemails so tedious and guy wrenching as well... T mobile voices literally adds a huge annoyance to the process of getting rid of scam voicemails with their ancient voicemail system...

"Before hearing your new important message, wait and listen to these 6 messages that are marked for automatic deletion" Ugh...

[_rs]

I'm surprised not more phones support visual voicemail. It looks like some carriers including T-Mobile may have an Android app to add this feature, though?

[winternett]

There is an additional cost for the service... I don't want to give them any more money for simple voice mail services. I already pay them $75 a month...

All they have to do is reconfigure the voice prompts honestly, but the keep the standard service difficult to encourage and force the extra money out of customers. :(

[nikau]

decent carriers just send you an audio message via RCS

[tastyfreeze]

Typically it is a series of numbers. It takes virtually zero time for a spam bot to send to a whole block of numbers whether they are active or not.

[Scoundreller]

Where in EU? Plenty of scam calls in France (as of a few years ago), but yeah, no spam texts.

[Symbiote]

As one example, my Danish and British numbers have had perhaps one scam call each in the last 5 years, and perhaps one scam SMS each year.

[Vespasian]

Same with me in Germany.

A handful of scam/spam calls over last few years and precisely 2 SMS.

My parents get some more calls on their landline (~2/month) but I suspect they actually "agreed" to have them from those companies. It went down considerably since the law changed a few years ago to not limit the scope and validity of phone only contracts.

At least in my bubble this is not unusual either. In fact the only people having problems are the few people who moved to the US.

[zikduruqe]

It's not random, you phone number is part of a NPA-NXX-XXXX.

NPA is a number plan area (area code) which is known.

NXX is N=2 to 9, X=0 to 9, is an office code.

XXXX is a station code, where X is 0 to 9.