It’s time to hang up on spoofers
Federal authorities say it’s an open-and-shut case. They say they caught an Arizona company “spoofing” phone numbers to make millions of telemarketing calls that falsely appeared on caller ID screens to be from local residents.
The Federal Communications Commission is so sure of its joint investigation with the Federal Trade Commission that it announced a proposed $37.5million fine in the case.
“This is the commission’s first major enforcement action against a company that apparently commandeered consumers’ phone numbers,” the FCC declared.
I don’t doubt that authorities have uncovered something. But when I tracked down the various players in the drama, I came away with more questions than answers.
The company in question, Tucson-based Affordable Enterprises, “made more than 2.3 million maliciously spoofed telemarketing calls to Arizonans during a 14-month span starting in 2016 to sell home improvement and remodeling services,” according to the FCC.
It said the company “apparently manipulated the caller ID information so that many calls appeared to come from consumers who were unconnected to the operation. Calls also appeared to come from unassigned phone numbers and numbers assigned to prepaid ‘burner’ phones.”
“In each case, the caller ID was spoofed and consumers were unable to identify from the caller ID that the call was from Affordable Enterprises.”
A particularly insidious aspect of spoofing is that call recipients often dial the number on their screen to complain. That means they’re calling some unsuspecting nearby resident — the one who had their number spoofed — rather than the actual telemarketer.
One woman told the FCC she received about half a dozen calls a day from
cheesed-off people who thought she was responsible for violating the do-notcall list. It was actually Affordable Enterprises making the telemarketing calls, the FCC said.
Yet when I reached Affordable Enterprises’ coowner, Jessika Cabrera, she professed total surprise at being the target of an FCC investigation and a massive fine. She said she hadn’t even been notified by the commission.
“I didn’t do anything wrong,” Cabrera told me. “I don’t see how this is even possible.”
She pointed a finger at an Arizona company called JB Comm, which her firm hired to provide the automated dialing system for Affordable Enterprises’ telemarketing.
“They’re the ones you should be looking at,” Cabrera said.
I reached Bruce Manning, co-owner of JB Comm, who immediately pointed a finger back at Cabrera.
“She’s telling you a fib,” he insisted. “All we did was provide the system for outbound dialing. All the numbers called were from her. This is on them, not me.”
I took that back to Cabrera.
“Not true,” she said. “I purchased the phone numbers from him.” Back to Manning. “She did not buy them from me, I guarantee it,” he said. “She bought them from a broker.”
Nothing like a multimillion-dollar fine to send telemarketers scurrying for cover.
Amid all this fingerpointing, the FCC dug in its heels.
Will Wiquist, a spokesman for the commission, said the proposed $37.5million fine “follows a strong investigation by Enforcement Bureau staff.”
He said the investigation was based in part on a whistleblower tip from a former Affordable Enterprises employee, as well as company phone records, “which were then crossreferenced against the complaints submitted by consumers to the FCC and FTC.”
I can’t say how all this will play out. But I can certainly speak to the huge problem of spoofing — and the need for the telecom industry to play a more active role in safeguarding customers.
Cracking down on robocalls is one thing. Many people use filtering services such as NoMoRobo to try to prevent robocalls from getting through. Trouble is, robocallers just switch lines as soon as they see a line has been filtered.
Putting a halt to spoofing is far trickier, requiring phone-service providers to be proactive at the network level.
“There are definitely things they could be doing,” said Marc Bartholomew, chief executive of the Sherman Oaks cybersecurity firm Integritechs. “However, they generally don’t seem interested in doing them.”
A big reason for that: money.
“It’s a matter of making small changes on a massive scale,” Bartholomew told me. “That’s expensive.”
Estimates vary, but we’re almost certainly talking about each service provider spending millions of dollars. And since there are about 4,000 phone service providers nationwide, that’s some serious coin.
I asked the FCC what could be done. Wiquist steered me toward an initiative called SHAKEN/STIR.
Yes, it’s a geeky James Bond reference, which I’ve written about before. It’s also a clunky acronym for an automated system that would make sure all calls are from the numbers that appear on caller ID screens.
The way it works is a digital “token” is issued at the outset of a call, and that token is verified when the call reaches its intended recipient.
If the tokens match, the call receives a thumbs-up and the recipient knows the call is legit.
A spoofed call wouldn’t pass muster and would receive a thumbs-down from SHAKEN/STIR, and the recipient would know not to bother answering.
The technology apparently is ready for prime time. However, as Bartholomew noted, it’s pricey.
I reached out to major phone companies to gauge their interest in taking action against spoofed calls.
An AT&T spokesman said the company is “working to implement a new industry standard which will help eliminate the use of illegitimate spoofed numbers from telephone systems.”
He was talking about SHAKEN/STIR, but “working to implement” isn’t exactly a call to arms.
At least AT&T is acknowledging the issue, though.
Most of the responses I received were along the lines of what a Frontier Communications spokesman told me when he said “strong enforcement against illegal robocallers is critical, and Frontier is actively engaged with industry efforts and the FCC to combat this growing problem.” Go team! If the telecom industry can’t handle this on its own, lawmakers should require timely implementation of SHAKEN/STIR.
Otherwise, robocallers and spoofers will continue making our phone lives miserable.
Except for the occasional time someone gets busted.
Whoever that may be.