Scam Likely

The most common caller on my Android phone is Scam Likely. I am sure that most of you are in a similar situation.

Last week we were driving and two calls came into The Gotham Gal’s phone which was bluetoothed into our car and she declined both. I asked her why she did that. She said they were likely robo calls. I told her that they looked to be legit numbers to me. Later on she found out that both calls were from people she knew, but for some reason those names were not showing up on the car dash and so she declined the calls.

That led to a discussion of why spam filtering for email has gotten so good and robocall filtering for phone calls is still not great. I brought up the great work the email industry has done over the last twenty years with email signing protocols like DKIM and SPF, and the email industry’s adoption of DMARC protocol which operationalizes DKIM and SPF. We decided that the telephony industry needs similar solutions.

Well, it turns out that the telephony industry is working on them.

Jeff Lawson, founder and CEO of Twilio, a company that was a USV portfolio company and which The Gotham Gal and I are still large shareholders in, is writing a series of blog posts about how the telephony industry can fix the robo call problem.

In Jeff’s first post in the series, he explains that the telephony industry is developing their own versions of DKIM and SPF and DMARC:

Some very smart people have been working on new ways of cryptographically signing calls – a digital signature – proving ownership of a phone number before the call is initiated. One example of this is a new protocol called STIR/SHAKEN, which the communications ecosystem is working on now. Before any authentication method can be impactful at scale, it needs to be adopted by a broad swath of the ecosystem. Twilio is fully committed to efforts to authenticate calls so the identity of callers can be proven, and it looks like STIR/SHAKEN is a good candidate to do just that.

In Jeff’s next post, he will address the role that identity (of the caller and the recipient) and reputation will play in solving the robo call epidemic. I look forward to reading it.

If you want to make sure to get Jeff’s posts, you can follow him on Twitter, like I do.

#mobile

Comments (Archived):

  1. bogorad

    Nearly 100% of spam calls to both my lines (212 and 646) come from the numbers that have ABC(“area code”) and DEF the same as the called number. So when I see someone calling from 212-359-xxxx or 646-827-xxxx, I know it’s 100% spam. But the spammers will improve their tactics, no doubt.

    1. jason wright

      They will need to improve because their ‘tactic’ is just hacking everyone off. What does that achieve? DUMBOTS

      1. bogorad

        I wouldn’t call someone who’s making real money ‘dumb’. Dishonest, maybe. Certainly inconveniencing our lives.

        1. jason wright

          So the making of money is the measure of ‘smart’?It’s dumb because it’s such a scattergun approach. the conversion rate must be low.

    2. bogorad

      One more thing I remembered – there’s a simple hack, just start your voicemail greeting with the standard 3-tone ‘line disconnected’ sound (just the sound, you don’t need the message itself). Telemarketers use robots, and these robots understand the sound and dump your number from the call-list.https://www.thisisarecordin

  2. Noah Rosenblatt

    timely discussion..this issue on my android phone with 646 area code is getting worse by the week. Yesterday alone I got a few of them. I’ve noticed my behavior changing similar to Gotham, letting unexpected calls go to VM and checking later on to see the content/importance. Since the calls vary, the block function is not that useful to control the issue. Glad to see its being worked on

  3. William Mougayar

    Sometimes I answer these calls just to tell them to take my number off their calling list. It helps to reduce the number of such calls.

    1. Patrick

      All the ones I get are recorded messages, either Anne about health insurance, or someone speaking Chinese about something else.Who do you actually ask to take you off their calling list?

      1. sigmaalgebra

        In the US there is a Do Not Call registry run by the US Federal Trade Commission (FTC). Consider https://complaints.donotcal…Supposedly after 31 days won’t get so many spam calls.

        1. Patrick

          I’ve been on that for years. I’m not in a position to know if it actually helps vs what I would get if I was not on the list, but it certainly hasn’t kept me from getting several calls a day.

      2. William Mougayar

        Once I get the real person, i just say – please take this number off your calling list. The automated message is for leaving a voice mail, but it often reverts to a human if you answer.

  4. DJL

    This is long overdue. The key to wide adoption is going to be reducing the switching costs to near zero. And there are probably regulatory issues for supporting older analog systems. Phone spoofing is just way too easy and can be used to flood 911 systems and other emergency lines – so its a real threat.My android SPAM filter seems to be pretty accurate – but I have no idea who developed it (a third party or Google?) It’s just there.

  5. Guy Lepage

    I’ve had engineering friends become victims of the SIM swap scam [Wiki Link]. It’s a nasty one. Telephony hacks are a big problem.The SIM swap hack is a scary one because more and more apps are starting to force users to use 2FA via text message.. Once the hacker has your phone number.. Doors open wide and you and your company are now extremely vulnerable.Apps like Google Authenticator help solve this but so many apps out there 2FA via text message.I don’t think Twilio could do anything about this because the hack happens on the service provider’s end. But it would be great to solve this issue as well.

    1. Salt Shaker

      Call your telco and register as a “do not port” number. Preempts this occurrence, assuming the system works. There may be workarounds but there is some degree of comfort in knowing your telco preemptively has instructions to block your number from porting.

      1. Guy Lepage

        For sure. But only the .1% will know about this. I’m more worried about others than myself. The 99.9% that don’t even know this hack/scam exists.

        1. Richard

          I spoke to several T-Mobile insiders .. Tmobile was complicit in porting. (I suspect that they metric of new accounts was more important than the safety of existing accounts) until late last year. Employees on the take could could port your number using nothing more than an account number.

    2. bogorad

      It’s is a well-known problem, but no one wants to fix it. The proponents’ reasoning – SMS is the most ubiquitous method of two-way communication. The so-called SMS integrators are deeply in bed with telcos and peddle it as an acceptable solution.There are just two companies who could put an end to the dominance of SMS – WhatsApp and WeChat. All they’d have to do is to open their APIs to commercial services.Sadly, WhatsApp has been snatched by Facebook and WeChat is just too big to care about additional SMS revenue.

  6. Kirsten Lambertsen

    In the meantime, there’s this https://jollyrogertelephone… It’s worth listening to some of the samples to get a laugh.

    1. Pointsandfigures

      I like the Seinfeld where he asks the caller what his home phone is so he can call him in the middle of something and disturb him https://youtu.be/QRh1CMC3OVw

      1. Kirsten Lambertsen

        There’s a Seinfeld episode for everything 😀

        1. JaredMermey

          Not my original thought but worth sharing: If you imagine the characters had cell phones, then probably all of the plot lines get ruined.- Their reservation would have been kept- They’d find their car in the garage- Kramer would get home from 1st and 1stAnd so on…

          1. Kirsten Lambertsen

            I think about that all the time with TV shows and movies that are pre-cell phone. Drama requires problems and cell phones solve so many problems (albeit creating quite a few).

        2. Pointsandfigures

          Ha. On a show about nothing!

          1. Kirsten Lambertsen

            Yes!

          2. sigmaalgebra

            There’s a LOT to have shows about, but not so much in shows for vicarious escapist fantasy emotional experience entertainment (VEFEEE)!

  7. Mark Gavagan

    A simple and fast audio CAPTCHA would probably help (e.g., “Press 9 when you hear the sound a cow makes” followed by various sound clips), or perhaps a “pre-verified caller” PIN code (i.e., I know and trust person XYZ, so the phone number I share includes the PIN code, which bypasses any other verification when they call my number).

  8. Praveen Hatti

    Writing from India..Truecaller app has been quite effective in blocking such calls using user generated feedback on the caller. In India, telecallers keep using different mobile numbers(sometimes personal numbers) so using an authentication framework + user feedback can be a great solution.

  9. kirklove

    I think my wife is having an affair with a guy named, Scam Likely, he calls her so much 😉

    1. Pointsandfigures

      That’s my stage name

      1. Lawrence Brass

        Guess you call her Love, Kirk wouldn’t notice. 🙂

    2. JLM

      .Not approving, mind you. Just putting it out there to marinate your thoughts, but sometimes during March Madness it may be good for your wife to be distracted.Hook ’em Heels!JLMwww.themusingsofthebigredca…

  10. Dorian Benkoil

    @Fred, have you tried one of the paid services (don’t want to name one here, so as not to appear to endorse)? Also, like Gotham G, we cut the call we are apparently telling the robo-callers that the number is legit. (‘Course, I suppose getting a voicemail might do the same.)

  11. Peter Bloom

    My 89 year old father was scammed out of $2,000 over the phone. As a result, I went on a quest to “scam the scammers” and discovered this service.https://jollyrogertelephone…It has been a literal lifesaver. Full disclosure: It is working so well for my father that we decided to lend some non-profit support.The white and blacklists have improved over time and they are using IBM Watson to characterize every potential scammer call. It’s not perfect, but the results are hilarious and they have trapped over 1,000,000 minutes of scammer time with human voiced robots. The record robot conversation with a live scammer is 45 minutes!This is definitely not a replacement for STIR/SHAKEN, but that’s a ways off and this is the best tool I’ve found for the current scourge. It takes some time to build the filters, but it is well worth the effort and you can’t beat the price of a subscription ($0.99 / month).Here is an actual example of why it’s so satisfying to scam these predators:https://www.youtube.com/wat

    1. Richard

      What was the scam?

      1. Peter Bloom

        “You have a virus. Let us on your computer so we can clean it out to protect you”. They then got his Paypal credentials and cleaned out the account.

  12. Pointsandfigures

    So needed. I never answer my phone anymore. Sucks

  13. Richard

    Answering your phone when you don’t expect a call is like kids using hand sanitizer, it’s ego and fear driven. Skip both.If you do answer wait for the caller to say hello first, it’s your voice that kicks the call to a real person. Say nothing and the system will hand up.

  14. creative group

    CONTRIBUTORS:Question!Monetarily who are the recipients of robocalls? Follow the money!Captain Obvious!#UNEQUIVOCALLYUNAPOLOGETICALLYINDEPENDENT

  15. Teddy Goldstein

    Hi Fred, maybe you’ll like some of these calls I had with the telemarketers who called me. https://soundcloud.com/tedd

  16. kenberger

    I have to make a quick plug for Google (Pixel and Fi):The Pixel phones now have a call screening feature that works exactly as you’d expect, would be perfect to use in this situation.instead of answering or rejecting, you push “call screen”, it plays a quick message and lets you listen in and know whether a real person you want to speak with is speaking.Also, since I’ve switched to Google Fi, my spam calls have all but disappeared– whereas when I was previously using Google Voice, I got hounded all day. (Both using the same phone number.) I don’t know what tech solution Fi is using, but it really works.

  17. JamesHRH

    Wow, amazed that no one mentioned a company where a colleague is CEO – YouMail.https://www.youmail.com

  18. kenberger

    Love the Shaken (not) Stirred Twilio efforts. My development group has done lots of work in partnership with Twilio, so I can vouch.But also, key developments are making the whole issue better every day, regardless:1. The Pixel @fredwilson:disqus mentions has a call screen function. Choose to listen in on the call as caller leaves a message and choose to accept or not. Would have worked great in both calls Gotham Gal got, IF she had that feature.2. The Google Fi service I use as my mobile carrier, ever since I upgraded the same phone number from Google Voice, has mostly eradicated this formerly chronic problem. So Google is already using some powerful tech here.3. Biggest of all: most people nowadays don’t even use a phone number. They just do calls via various IM services. Here in Asia where I’ve living, that’s hugely the case today. Even my kid’s school here uses only IM and never phone. The local hospital does scheduling via IM, etc. Already today, tons of younger people don’t have and will never use a phone number, and this trend is increasing.(i’m probably posting this way too late to get any responses!)

  19. Anton Johansson

    Tried Truecaller?

  20. JamesHRH

    How good is it that @JLM:disqus gets spammed on a comment for a post about RoboCalls?