July 14, 2016 By Erin O'Loughlin 4 min read

It’s summer 2016: Do you know if your phone number is protected? If you’re like many Americans, perhaps most these days, your answer is “I’m not sure.” If you’re receiving robocalls, or automated phone calls made from internet-provided numbers, then you’re not alone.

According to the Federal Trade Commission (FTC), robocalls are on the rise, with consumers on pace to register over 3 million complaints in 2016. One reason for this growth is due to voice-over-internet protocol (VoIP) phones, which make it cheap and easy for scammers to make illegal calls from anywhere in the world to numbers that are bought, pulled from public records or guessed.

History of Telemarketing Legislation

Prior to the Do Not Call Registry that was established under former President George W. Bush, the Telephone Consumer Protection Act of 1991 (TCPA) was passed under his father, then President George H.W. Bush. This act amended the Communications Act of 1934 and restricted telephone solicitations and the use of automated telephone equipment. When Congress passed the TCPA, no national registry was mandatory; however, it was suggested that a national database be created. At the time, the Federal Communications Commission (FCC) required each company to maintain its own do-not-call registry.

In 2003, former President George W. Bush set up the National Do Not Call Registry to allow consumers the ability to block potentially harassing telemarketing phone calls. This was set up under the FTC — not the FCC, which was the agency entrusted with the TCPA. It was so well received that over 750,000 numbers were registered on the first day.

Political calls, surveys and charities have been exempt from this registry, along with messages that are purely informational. These informational messages can consist of a delayed school opening or canceled flight. Prerecorded messages from a business contacting you to collect a debt are also permitted, but the business that does the calling is not allowed to promote the sale of any goods or services.

When the registry was established, VoIP numbers were not as readily available as they are now. The government had tackled only the first part of the problem: the telemarketers inside the U.S. With the advent of VoIP, individuals and companies can now set up their shops anywhere outside of the U.S. — just out of reach of regulatory authority.

The FTC’s Fight Against Robocalls

FTC data revealed consumers lose $350 million annually by falling for telemarketing scams.

According to the FTC, the agency has “stopped billions of robocalls that offer everything from fraudulent credit card services and so-called auto warranty protection to home security systems and grant procurement programs.” As of late 2015, it had also brought over 100 lawsuits to more than 600 companies and individuals responsible for those illegal robocalls and other violations. While the FTC has been feverishly working to stop these telemarketers as they pop up, technology has allowed the actors to flourish.

Not only is the FTC working to take these fraudsters down, but it also held a competition to look toward the future. In 2015, a competition called “Robocalls: Humanity Strikes Back” was held. It awarded $25,000 in cash to anyone who could present technology to stop robocalls. The winners, announced in August 2015, were Ethan Garr and Bryan Moyles, who created a solution called RoboKiller. It relies on universally available call forwarding that works on both landline and mobile phones and uses audio-fingerprint technology to identify robocalls.

Private Sector Fight

Several companies have been made aware that their brands have been fraudulently used by these telemarketers. In 2015, Marriott International was forced to inform customers about these robocalls and affirm that the hotel chain was not involved in any way. In another example, the Citizens Telephone Cooperative, located in Floyd, Virginia, went so far as to issue a warning on its website about the rise of robocalls and what to do if customers receive one. Microsoft also issued a warning to “avoid tech support phone scams.”

Cybercriminals don’t just robocall. Sometimes these calls get routed to a live person, who then tricks the consumer into believing they are indeed an employee of a given company. The fraudster could fool you into installing malicious software that could capture sensitive personal data such as online banking information and passwords.

Considering we live in a digital age where we look to the internet for virtually everything — from finding a relationship to having groceries delivered and ordering a car pickup — it does not appear that these robocalls will be diminishing anytime soon.

What Should You Do?

According to the FTC, you should hang up the phone or not answer any number you do not recognize. Do not press 1 to speak to a live operator and do not press any other number in an effort to get your number off the list. Pressing a number will likely alert criminals to the fact that there is a live person on the other end of the line and your number could potentially be placed on a hot list, resulting in more robocalls.

Report your experience to the FTC online or by calling 1-888-382-1222. This can help the agency prevent fraud scams in the future.

You may also want to verify that your number is on the Do Not Call Registry. A verification option is available on the site and can give you feedback about the month and year you initially submitted your number to the National Do Not Call Registry.

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today