The calls look vaguely familiar, as if they could be coming from a neighbor’s phone. Sometimes they’re ominous warnings about your Social Security number. A friendly voice pretends to be concerned about the warranty on a car you don’t have.
Americans get millions of illegal robocalls every month, despite attempts by the telecommunications industry and government agencies to stop them.
The latest effort by the Federal Communications Commission — the government agency that regulates communications — to cut down on the calls uses a technology called Stir/Shaken, which went into effect on June 30. While it has nothing to do with James Bond and martinis, it is meant to add to the arsenal of defenses against “bad guys” who trick people.
Here’s how it works.
What is the FCC doing to stop scam calls?
In short, the FCC is trying to make sure that if you’re getting a call, the network on which it is being made is verifying the caller. Many unwelcome calls that fill your screen are scams that try to get money, or that manipulate the caller ID to appear as if a government agency or a neighbor is on the line, a disguise called spoofing.
The FCC’s first step was setting a June 30 deadline for what it calls “voice service providers” (you know them as phone companies) to register their efforts to reduce the scourge of scams in a public Robocall Mitigation Database. So far, more than 1,500 of them have, the FCC said.
Starting on Sept. 28, phone companies must refuse calls from providers that have not registered with the FCC.
At the center of the effort is Stir/Shaken, the technology that aims to verify calls as they move through networks to recipients. (The name Stir/Shaken is derived from Secure Telephone Identity Revisited and Signature-Based Handling of Asserted Information Using Tokens. You can see why they went with the nickname.)
“This is a good day for American consumers who — like all of us — are sick and tired of illegal spoofed robocalls,” Jessica Rosenworcel, the commission’s acting chairwoman, said in a June 30 statement.
But she warned there was “no silver bullet in the endless fight against scammers.”
How to recognize a scam
The industry has been trying to deter phone infiltrators for years. The nation’s largest providers, including T-Mobile, AT&T and Verizon, announced in 2019 that they had been experimenting with Stir/Shaken. Tools like block functions, or apps like Robokiller, have been created to address the problem.
But the calls kept coming.
The FCC hopes to get all providers, including smaller regional networks, on board. That would reduce spoofing by verifying calls as they pass through different networks, from the caller to the recipient.
While some robocalls are legal — such as recorded messages about school closings and political campaigns — most are not, according to industry estimates.
YouMail, a call-blocking company, estimates that 4.4 billion robocalls were placed to consumers in the United States in June, about 573 million of them auto warranty and health-related scams.
The scams often keep in step with seasons or events. On Friday, Katherine Fernández Rundle, the state attorney for Miami-Dade County, warned people about unsolicited calls from charities claiming to help the victims and families of Champlain Towers South, the condo building that partly collapsed in Surfside, Florida.
“Unfortunately, even in these most devastating moments, there are some individuals who may see the kindness and generosity of our community as a potential source of easy cash by running a charitable scam,” she said.
This year, there was a rise in vaccine-related scams. Health insurance scams appeared around enrollment periods, the FCC said. The FCC said it received the most complaints about auto warranty scams.
“Seeing a local number or the name of a government agency or local law enforcement may, unfortunately, encourage consumers to answer the call and to trust, or fear, the robocallers,” Will Wiquist, an FCC spokesman, said.
The new plan is not a silver bullet
Some businesses legitimately use caller ID to show their switchboard number or toll-free number, rather than a specific department or extension.
Scammers exploit that by creating a spoof ID that looks as if it is coming from a police station or another neighborhood source.
The Stir/Shaken technology targets that manipulation. The carrier uses it to create a digital signature that authenticates the number’s path from start to finish, said Jim McEachern, the principal technologist for Alliance for Telecommunications Industry Solutions, which focuses on industry problems.
“At the end they can say ‘Ah, this call is actually from this number,’” he said. “There is end-to-end verification, which gives you insight into the caller and how legitimate they are.”
“The key thing here is it was never intended to be a silver bullet,” he said, speaking of the FCC’s new push with Stir/Shaken. “It was intended to be a tool to help.”
Add tools to your arsenal
McEachern said if someone knocked on your door wearing a mask, you’d be unlikely to answer. If they show their face and identification you can still get scammed, “but you have a whole lot of information to work with,” he said.
Alex Quilici, the chief executive of YouMail, the call blocking company, said “bad guys” could create a scam behind authentic numbers that are conveyed to the consumer as verified.
“Stir/Shaken is supposed to stop calls from spoofed phone numbers,” he said. “It is a significant speed bump. But it is not a wall.”
The approach should be a layered defense. Unwanted calls from live telemarketers can be blocked by registering your phone number on the National Do Not Call Registry. Telemarketing robocalls have been illegal since Sept. 1, 2009.
Phone companies offer verification labeling on cellphones or indicate that it is a likely scam. Apps can block a scam call or dump it in voicemail.
It is also important to understand the policy of federal departments. One scam showed the IRS and its toll-free number as the caller ID, the FCC said. But the Internal Revenue Service does not initiate contact that way, or by email, texts or social media, or demand payment by threatening a police or immigration response.
You can report a scam call to the Federal Trade Commission, which will analyze it to identify trends used by illegal callers. If you have lost money to a scam, it should be reported to the Federal Trade Commission, the consumer protection agency. (Use ReportFraud.ftc.gov. )
McEachern said he never trusts a call, such as from a bank or credit card company, that he does not initiate. Instead, he might call back using the number on his card. Another red flag is if someone demands money or information using pressure. And if an offer sounds too good to be true, he said, it probably is.
Apps can be helpful, but like email scams and computer viruses, new phone scams will emerge. McEachern likened Stir/Shaken to putting security lights outside your house, only to find an intruder had ferreted out an alternative dark place.
“It is going to be a moving target,” he said.