Your phone got more protection from spam calls, but it’s not safe yet
If you haven't been warned recently that your car warranty has expired, that something has gone badly wrong with your Social Security account or that you are in big trouble with the Internal Revenue Service, then you must not have a phone.
Those are just a few of the most popular messages delivered by robocallers, who often hide behind spoofed numbers to fool you into answering. RoboKiller, a company that makes technology to identify bogus calls, estimated that Americans were deluged with more than 72 billion spam calls in 2021 — a 32% increase over 2020. Spammers rang Californians' phones more than 7 billion times, RoboKiller estimated.
On Thursday, the Federal Communications Commission took another step to identify and potentially block spam calls, closing one of the big loopholes in its enforcement efforts. The commission voted unanimously to extend its crackdown on caller ID spoofing — that is, callers who disguise the phone number they're using — to the gateways handling calls coming into the U.S. from other countries.
It's good news for people tired of getting calls from "Spam Likely." But that doesn't mean it's safe to pick up the phone every time it rings — at least not yet.
The international gateways targeted by Thursday's rule have seen a growing number of spam calls since the FCC started to attack spoofing in 2019 through technical standards known as STIR/SHAKEN. The standards, which major phone companies have been required to implement, verify caller ID information as it is transmitted from carrier to carrier along the call's route.
STIR/SHAKEN doesn't block spam calls by itself. Instead, it helps carriers identify calls with spoofed IDs, which they can use other technology to block. And in some cases, it can help identify calls that an international gateway must block or face having all of its traffic rejected by the U.S. carriers it connects to, a spokesman for the commission said in an email.
Adding the international gateways to STIR/SHAKEN is "the right move," said Chief Executive Jim Dalton of TransNexus, a company that helps carriers implement the standards. "Unless you have STIR and SHAKEN everywhere," Dalton explained, "it's worthless. It's like a bucket with a hole."
And to date, there have been a lot of holes. Unlike the days of the Ma Bell monopoly, when there were relatively few companies involved in the transmission of a phone call, the current system is like a brigade that passes a call from carrier to carrier to carrier, said Giulia Porter, vice president at RoboKiller. And not every company in that chain has been required to pass along the verified caller ID information.
So far, Dalton said, only about 25% of all calls reach their destinations with accurate caller ID info. Another gap in the STIR/SHAKEN chain is due to close at the end of June, when smaller carriers that have seen a large volume of spoofed calls will be required to implement the standards. But that will still leave a wide lane for spoofed calls, Dalton said, because STIR/SHAKEN applies only to networks that transmit calls via internet protocol, such as the ones operated by cable TV and wireless providers. "Legacy" networks that transmit calls the way they did before the internet revolutionized telephony aren't covered.
The FCC told the industry to figure out a way to stop spoofing on legacy networks, Dalton said, and it has done so. "The technology is here, and it works," he said. "But nobody's going to deploy it until there's a mandate."
By the way, the gaps in STIR/SHAKEN and the frequent use of spoofing by spammers explains why it doesn't seem to do anything when you tell your phone to block a spammer's number, Porter said. The number you're blocking probably isn't the one being used to call you.
Ending spoofed calls is just part of the solution. By the commission's estimate, more than half of spam calls come from numbers that aren't spoofed.