October 1, 2018

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Matt Haughey is the creator of the community Weblog MetaFilter and a writer at Slack. Haughey banks at a small Portland credit union, and last week he got a call on his mobile phone from an 800-number that matched the number his credit union uses.

Actually, he got three calls from the same number in rapid succession. He ignored the first two, letting them both go to voicemail. But he picked up on the third call, thinking it must be something urgent and important. After all, his credit union had rarely ever called him.

Haughey said he was greeted by a female voice who explained that the credit union had blocked two phony-looking charges in Ohio made to his debit/ATM card. She proceeded to then read him the last four digits of the card that was currently in his wallet. It checked out.

Haughey told the lady that he would need a replacement card immediately because he was about to travel out of state to California. Without missing a beat, the caller said he could keep his card and that the credit union would simply block any future charges that weren’t made in either Oregon or California.

This struck Haughey as a bit off. Why would the bank say they were freezing his card but then say they could keep it open for his upcoming trip? It was the first time the voice inside his head spoke up and said, “Something isn’t right, Matt.” But, he figured, the customer service person at the credit union was trying to be helpful: She was doing him a favor, he reasoned.

The caller then read his entire home address to double check it was the correct destination to send a new card at the conclusion of his trip. Then the caller said she needed to verify his mother’s maiden name. The voice in his head spoke out in protest again, but then banks had asked for this in the past. He provided it.

Next she asked him to verify the three digit security code printed on the back of his card. Once more, the voice of caution in his brain was silenced: He’d given this code out previously in the few times he’d used his card to pay for something over the phone.

Then she asked him for his current card PIN, just so she could apply that same PIN to the new card being mailed out, she assured him. Ding, ding, ding went the alarm bells in his head. Haughey hesitated, then asked the lady to repeat the question. When she did, he gave her the PIN, and she assured him she’d make sure his existing PIN also served as the PIN for his new card.

Haughey said after hanging up he felt fairly certain the entire transaction was legitimate, although the part about her requesting the PIN kept nagging at him.

“I balked at challenging her because everything lined up,” he said in an interview with KrebsOnSecurity. “But when I hung up the phone and told a friend about it, he was like, ‘Oh man, you just got scammed, there’s no way that’s real.'”

Now more concerned, Haughey visited his credit union to make sure his travel arrangements were set. When he began telling the bank employee what had transpired, he could tell by the look on her face that his friend was right.

A review of his account showed that there were indeed two fraudulent charges on his account from earlier that day totaling $3,400, but neither charge was from Ohio. Rather, someone used a counterfeit copy of his debit card to spend more than $2,900 at a Kroger near Atlanta, and to withdraw almost $500 from an ATM in the same area. After the unauthorized charges, he had just $300 remaining in his account.

“People I’ve talked to about this say there’s no way they’d fall for that, but when someone from a trustworthy number calls, says they’re from your small town bank, and sounds incredibly professional, you’d fall for it, too,” Haughey said.

Fraudsters can use a variety of open-source and free tools to fake or “spoof” the number displayed as the caller ID, lending legitimacy to phone phishing schemes. Often, just sprinkling in a little foreknowledge of the target’s personal details — SSNs, dates of birth, addresses and other information that can be purchased for a nominal fee from any one of several underground sites that sell such data — adds enough detail to the call to make it seem legitimate.

A CLOSE CALL

Cabel Sasser is founder of a Mac and iOS software company called Panic Inc. Sasser said he almost got scammed recently after receiving a call that appeared to be the same number as the one displayed on the back of his Wells Fargo ATM card.

“I answered, and a Fraud Department agent said my ATM card has just been used at a Target in Minnesota, was I on vacation?” Sasser recalled in a tweet about the experience.

What Sasser didn’t mention in his tweet was that his corporate debit card had just been hit with two instances of fraud: Someone had charged $10,000 worth of metal air ducts to his card. When he disputed the charge, his bank sent a replacement card.

“I used the new card at maybe four places and immediately another fraud charge popped up for like $20,000 in custom bathtubs,” Sasser recalled in an interview with KrebsOnSecurity. “The morning this scam call came in I was spending time trying to figure out who might have lost our card data and was already in that frame of mind when I got the call about fraud on my card.”

And so the card-replacement dance began.

“Is the card in your possession?,” the caller asked. It was. The agent then asked him to read the three-digit CVV code printed on the back of his card.

After verifying the CVV, the agent offered to expedite a replacement, Sasser said. “First he had to read some disclosures. Then he asked me to key in a new PIN. I picked a random PIN and entered it. Verified it again. Then he asked me to key in my current PIN.”

That made Sasser pause. Wouldn’t an actual representative from Wells Fargo’s fraud division already have access to his current PIN?

“It’s just to confirm the change,” the caller told him. “I can’t see what you enter.”

“But…you’re the bank,” he countered. “You have my PIN, and you can see what I enter…”

The caller had a snappy reply for this retort as well.

“Only the IVR [interactive voice response] system can see it,” the caller assured him. “Hey, if it helps, I have all of your account info up…to confirm, the last four digits of your Social Security number are XXXX, right?”

Sure enough, that was correct. But something still seemed off. At this point, Sasser said he told the agent he would call back by dialing the number printed on his ATM card — the same number his mobile phone was already displaying as the source of the call. After doing just that, the representative who answered said there had been no such fraud detected on his account.

“I was just four key presses away from having all my cash drained by someone at an ATM,” Sasser recalled. A visit to the local Wells Fargo branch before his trip confirmed that he’d dodged a bullet.

“The Wells person was super surprised that I bailed out when I did, and said most people are 100 percent taken by this scam,” Sasser said.

HUMAN, ROBOT OR HYBRID?

In Sasser’s case, the scammer was a live person, but some equally convincing voice phishing schemes — sometimes called “vishing” — use a combination of humans and automation. Consider the following vishing attempt, reported to KrebsOnSecurity in August by “Curt,” a longtime reader from Canada.

“I’m both a TD customer and Rogers phone subscriber and just experienced what I consider a very convincing and/or elaborate social engineering/vishing attempt,” Curt wrote. “At 7:46pm I received a call from (647-475-1636) purporting to be from Credit Alert (alertservice.ca) on behalf of TD Canada Trust offering me a free 30-day trial for a credit monitoring service.”

The caller said her name was Jen Hansen, and began the call with what Curt described as “over-the-top courtesy.”

“It sounded like a very well-scripted Customer Service call, where they seem to be trying so hard to please that it seems disingenuous,” Curt recalled. “But honestly it still sounded very much like a real person, not like a text to speech voice which sounds robotic. This sounded VERY natural.”

Ms. Hansen proceeded to tell Curt that TD Bank was offering a credit monitoring service free for one month, and that he could cancel at any time. To enroll, he only needed to confirm his home mailing address.

“I’m mega paranoid (I read krebsonsecurity.com daily) and asked her to tell me what address I had on their file, knowing full well my home address can be found in a variety of ways,” Curt wrote in an email to this author. “She said, ‘One moment while I access that information.'”

After a short pause, a new voice came on the line.

“And here’s where I realized I was finally talking to a real human — a female with a slight French accent — who read me my correct address,” Curt recalled.

After another pause, Ms. Hansen’s voice came back on the line. While she was explaining that part of the package included free antivirus and anti-keylogging software, Curt asked her if he could opt-in to receive his credit reports while opting-out of installing the software.

“I’m sorry, can you repeat that?” the voice identifying itself as Ms. Hansen replied. Curt repeated himself. After another, “I’m sorry, can you repeat that,” Curt asked Ms. Hansen where she was from.

The voice confirmed what was indicated by the number displayed on his caller ID: That she was calling from Barrie, Ontario. Trying to throw the robot voice further off-script, Curt asked what the weather was like in Barrie, Ontario. Another Long pause. The voice continued describing the offered service.

“I asked again about the weather, and she said, ‘I’m sorry, I don’t have that information. Would you like me to transfer you to someone that does?’ I said yes and again the real person with a French accent started speaking, ignoring my question about the weather and saying that if I’d like to continue with the offer I needed to provide my date of birth. This is when I hung up and immediately called TD Bank.” No one from TD had called him, they assured him.

FULLY AUTOMATED PHONE PHISHING

And then there are the fully-automated voice phishing scams, which can be be equally convincing. Last week I heard from “Jon,” a cybersecurity professional with more than 30 years of experience under his belt (Jon asked to leave his last name out of this story).

Answering a call on his mobile device from a phone number in Missouri, Jon was greeted with the familiar four-note AT&T jingle, followed by a recorded voice saying AT&T was calling to prevent his phone service from being suspended for non-payment.

“It then prompted me to enter my security PIN to be connected to a billing department representative,” Jon said. “My number was originally an AT&T number (it reports as Cingular Wireless) but I have been on T-Mobile for several years, so clearly a scam if I had any doubt. However, I suspect that the average Joe would fall for it.”

WHAT CAN YOU DO?

Just as you would never give out personal information if asked to do so via email, never give out any information about yourself in response to an unsolicited phone call.

Like email scams, phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, call the number on the back of your card. If it’s another company you do business with, go to the company’s site and look up their main customer support number.

Unfortunately, this may take a little work. It’s not just banks and phone companies that are being impersonated by fraudsters. Reports on social media suggest many consumers also are receiving voice phishing scams that spoof customer support numbers at Apple, Amazon and other big-name tech companies. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contacts list. The Federal Trade Commission’s do-not-call list does not appear to have done anything to block scam callers, and the major wireless carriers seem to be pretty useless in blocking incessant robocalls, even when the scammers are impersonating the carriers themselves, as in Jon’s case above.

I suspect people my age (mid-40s) and younger also generally let most unrecognized calls go to voicemail. It seems to be a very different reality for folks from an older generation, many of whom still primarily call friends and family using land lines, and who will always answer a ringing phone whenever it is humanly possible to do so.

It’s a good idea to advise your loved ones to ignore calls unless they appear to come from a friend or family member, and to just hang up the moment the caller starts asking for personal information.


218 thoughts on “Voice Phishing Scams Are Getting More Clever

  1. Lindy

    From what I have read :
    the criminals are using VOIP and buy and drop lines often. It is impossible for the phone companies to trace these kinds of calls and the VOIP companies have NO interest in stopping this lucrative activity.
    I got a spoofed call FROM MYSELF (on my cell) within the span of 10 mins. That really unnerved me. Just my name showed up and not the way my provider has me listed.

    1. Marc vdc

      This seems to be a result of voip and sip trunks. Tel Co providers never ever used to let pstn or isdn lines send any caller line identifiers back which didn’t match the number range on that trunk which the outbound call is coming from. Hence you couldn’t spoof cli very easily.

      With sip trunks it moved to a trust model, we all know how well they do in tech. This resulted in any sip trunk accepting cli or any other. Hence spoofing became very very easy and the cli of calls became not a reliable way to identify the incoming call.

      This isn’t new but due to the cost saving of handing off calls as data instead of isdn or pstn meant every ran to sip. BT 21st century sip trunk model in the UK is a prime example.

      This was always a huge insecurity and combined with the vast data loss we have seen online of personal data means there is no way for someone to actually identify who they are on the receiving end of the call.

      I often have calls from banks saying I’m your bank, I asked them to prove it and they can’t, without giving away personal info and so we end up on the merry go round.

      Banks don’t care as they pass costs onto customers. 🙁

    2. Lindy

      That call was from me – I mean – you. I mean it was from ourselves. I am you, in the future. I *NEED* to talk to you. Please answer the call next time. I am trapped in the past (long story) and need access to funds to get the delorean fixed. Make sure you have your last three off your active credit card handy!

  2. Gary Moore

    This is an awesome article and a real wake up call. Thank you.

  3. JCitizen

    I got hit by clicking on an add at a legitimate site hosting green energy. I knew I got hit, but in my arrogance, because I knew I had every thing updated under the sun, I waited before doing anything about it. All I had to do was close the browser and run CCleaner, and their probably would have be a thing to worry about; but I dragged my feet and completely forgot about it when I tried to open an app and got a UAC prompt I double should have known better – but NOOOOOoo! I had to make the same mistake as many of my clients and sign off on the UAC. It didn’t take long for me to realize my mistake, and it was three of the worst bugs I’d ever caught. I just had to give up and rebuild my operating system. *sigh*

  4. acorn

    1. “These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contacts list”.

    “I suspect people my age (mid-40s) and younger also generally let most unrecognized calls go to voicemail.”

    My best solution so far having tried many many dozens: A no-ring smartphone app, spam caller-scam caller calls, doesn’t ring unless it’s a number already in my contact list or whitelist. Recently had the phone service provider deactivate my voicemail–most voicemails were spam voicemail.

    2. My answer to Martha Moore, if she had a smartphone. Petepall, Mark, Pm, & Susan Tuttlel: Which is why I now use a 100% no-ring app.

    3. Bruce & BobF: Regardless of a “Shuffle-Ventures-Lionbridge-Case-Study-2018.pdf” report, I’ve questioned family that NEVER get spam-scam calls through Verizon. I’m on the the Sprint voice-spam-scam carrier that the report says will receive 51% of spam-scam calls.

    1. timeless

      The “only in my contacts list” defense is going to fail someone sometime, and soon. I recently called my parents at an unusual time. They decided the call was probably a scammer spoofing my number. I’m proud of them (I shouldn’t have called them at that time…). I’m also scared. We don’t share an exchange, but they’ve reached a level of paranoia where they reasonably concluded this was a valid risk.

      I don’t have a good sense of the scope of address book leaks, but the average Facebook account probably offers a pretty sizable number of phone numbers from friends.

      I personally suspect that I recently friended a fake Facebook account. It claims to be in my age range and region and to have mutual friends (it even played a mediocre round of Words With Friends), but it asked me my age and where I’m from. (@Brian if this sounds interesting, reach out…)

      Similarly, any time someone compromises mainly credentials, they can trivially harvest names and phone numbers to perform a similar address book friends attack.

      For the really paranoid, we already have software to do video deep fakes, but keep in mind that it’s also possible to synthesize voices, so if you are a public person, your voice call also be impersonated.

      1. Bart

        Do you really find Facebook worth the problems and time spent?

      2. ThursdaysGeek

        Yeah, I do pick up calls from unknown numbers. I didn’t in the past, and one was from a co-worker of my spouse, calling to tell me they were taking him to the hospital.

        A scam call is more likely than that happening again, but if they say they’re from my bank, I hang up – my bank doesn’t have this number.

    2. Terri Naab

      I like the Samsung I have with modern PC. It always says “Scam Likely” those I never answer and any numbers I don’t know

  5. Godel

    I don’t know about America but in Australia bank staff do NOT know your PIN, as it’s buried somewhere deep in the bank’s computer system. An analogy is that staff at large web sites do not know your password, only the hashed result when you enter your correct password.

    They do have access to all the other stuff such as card number, mother’s maiden name etc. One authentication question that I’ve been asked recently is what’s my monthly credit limit. That’s information that’s not generally passed around.

    1. Vog Bedrog

      No-one knows your PIN except you (hence ‘P’ for ‘personal’) – there’s a hash value on the card, and another hash value floating around in the banking system, and only your PIN can be used to check that these correspond. Your PIN should never be stored by any POS system, and should *never* be disclosed under *any* circumstances (there is no reason for bank staff to ever request it) – providing good security except in cases of shoulder-surfing or camera surveillance (which you can prevent with your other hand anyway).

  6. PAULKO

    I get a few calls like this around dinner time, 6;00 pm. I pick up the phone and say something like this ( if it is a lady ) Ah, Ms Susan, it was so nice to talk to you today about your question about honesty.
    Remember I left you with this scripture. I have it right here, HEBREWS 13:18 I WILL READ IT TO YOU AGAIN”
    ‘ carry on prayer for us, for WE TRUST WE HAVE AN HONEST CONSCIENCE, as we wish to conduct ourselves honestly in all things. ( New world translation )
    Remember that Ms Susan…. Ms Susan–are you still there? I need your phone # please,, Oh, well Guess she didn’t want to talk about honesty. and I wanted to tell her about 2 Corinthians 8:21 “we make honest provision,not only in the sight of JEHOVAH, but also in the sight of me. OH, WELL IF SHE CALLS AGAIN, I WILL MAKE SURE I HAVE THAT SCRIPTURE HANDY ALSO. END OF TELEPHONE CALL

  7. Carl 'SAI' Mitchell

    2 Simple rules: Never answer the phone if the number isn’t in your contacts list. If it’s important they can leave a message. My voicemail introduction says as much.

    Second, never give out information to people who called you. Only to people you have called. If they say they’re from your bank, you ask them how to connect after you call the number on the back of your card. If they can’t answer, you hang up and call the number to report fraud. If they’re legitimate they’ll have an extension or similar process and you can hang up, call the number on your card, and enter the extension.

    1. Good Steps

      Carl, all of those are very good steps to follow.

      I agree with you, if the call is important they will leave a message for you. Then you can decide to call them back.

      I also agree with other posters that answering a call just because the number is in your address book is a risky idea. Even the article by Brian Krebs shows how that plan tripped up an intelligent person.

  8. Kallen Web Design

    This is such an important post. Thank you. I have forwarded it to all my family members. I consider myself pretty savvy, yet I can see how I might be fooled.

  9. Norm

    The telephone has been a scammers friend for a long tome.

  10. Ron

    Do not fall for the story that the phone companies cannot do anything about scam calls. Proof: I live in Europe, but travel to the US regularly.

    In Europe scam/robo/spam calls are basically unheard of (with the exception of maybe the UK). So I practically NEVER receive one here. But as soon as I am in the US, and put my US SIM card in my phone, I get 5 calls a day!!!

    Go bug your telco or your senator to force the telcos to fix this!

    1. Eric

      What helps us Europeans is the fact that we speak 27 different languages. Believe me, if we all spoke the same language, criminals from the east would scam us beyond belief.

  11. Pauca

    Crooks,thieves,fraudsters never sleep.
    All the crooks and thieves have one problem !!
    They make so much money that they want to invest money..but where ?? They got no skills,only what they know is stealing liang, frauds,scams, only friends are other crooks.
    Perhaps most easy business for them is real estate business.
    Thats why we see people in real estate business..and nobody dont know where the capital is come from.
    Then…we look at them wow.. what great enterpreuner minds…
    But in fact he might be the person who stole even from you and you even dont know this.

  12. Judy64

    How about if someone says they are from your credit union…click…hang up. If you feel anxious that they may have been from your credit union, call them yourself and say you think someone from there just called and you got cut off. A pain in the neck yes, but better than the headache you could have instead.

  13. Jim Van Dyke

    This is a great play-by-play of how ID criminals leverage one identity credential to obtain the next, and the next, and the next…until they have enough to successfully conduct their desired transaction. Scary how the whole process is becoming more automated.

    Great article, Brian.

  14. JWR

    My method has worked fine for me for many years. I don’t care who has my phone number. If the caller isn’t in my contacts list, the call goes straight to voice mail. Very few scammers leave a message to call them back. The only time I get a lot of unwanted voice mails is close to elections. Even these are useful in helping me decide who NOT to vote for.

  15. JPF

    Great article. All forms of scams are becoming increasingly more sophisticated. One question about the first two scenarios. If the scammer already has a duplicate of an ATM card and has made a withdrawal using the duplicate from an ATM machine, what is the scammer’s purpose in making the vishing call in the first place? To get more personal identification information? It seems they already have what they need to drain the bank account.

  16. EJD

    I got a call this summer from a “Microsoft Tech” telling me my PC what sending out viruses and that they needed to get on it to fix it. I love these calls, I have fun with them. She started asking questions, phishing for info on what type of OS I had, like, “What’s do you see on your desktop?”, I answer “A picture of my kids”. I just kept giving her unhelpful answers to her questions. She eventually catches on and tells me that I’m not being nice and that I’m wasting her time. Go figure.

    1. Bob Merlin

      I love to wind up the “Windows” or “Micrsoft” guys. I told one I had an Apple and then he said he was an Apple tech also. Bye!

      My favorite one:

      “This is Windows calling.”

      “Oh good, I was about to call you and complain because the last time you cleaned my windows they were so dirty I couldn’t see out of them. Let me talk to your customer service!”

      Click!

  17. EJD

    Another call I got from a “Dell technician” telling me they has a security update on a PC I recently got repaired. I actually had a Dell tech come a few weeks prior to the call to replace a motherboard in a laptop, so I was a little curious. Told them we had several Dell laptops and asked them for a Service Tag, which after a short pause they provided me with one. I then proceeded to mess around with them for a little longer. After the call I looked up the service tag and they actually gave me a real Dell Service Tag. But it was from a laptop that was sold somewhere over seas in the middle east, I’m in Canada.

  18. David

    I’ve decided that I’m going to hit the wireless companies where it counts. If, after 1 year of my business, they don’t block robocall/spam calls then I’m switching networks. Yes, I’ll eventually cycle back to them, but when the first telco offers this filtering, I’m going there and will likely stay.

    Closing accounts is something they will notice.

    1. acorn

      My bit of experience with different voice carriers, quizzing family on another carrier and reading a research report: #1 T-Mobile #2 Verizon. Not Sprint, my spam-scam carrier the last few years; nor AT&T, bottom of the pack..

    2. acorn

      Spam-scam call blocking by voice carriers:

      T-Mobile 90% scams, <47% spam calls, 91% overall rating, supposedly free blocking . Personal experience for perhaps a year corroborates it's much better compared to Sprint.

      Verizon 0% of scams, 35% of spam calls, 65% overall rating.

      Sprint 0% of scam & spam calls, 51% overall rating.. Personal experience corroborate–bads.

      AT&T 14% scams, 50% spam calls, 25% overall rating.

      Source: http://www.cbsnews.com/news/which-cell-phone-company-is-best-at-blocking-robocalls (“Shuffle-Ventures-Lionbridge-Case-Study-2018.pdf”)

    3. acorn

      August 2, 2018 “New Robocall Study Ranks Wireless Carriers’ Performance Detecting, Managing Unwanted Calls”

      Spam call Detection; ID of Spoofed Numbers:
      Verizon; Sprint is using similar technology as Verizon 94%; 98%
      AT&T 90%; 64%
      T-Mobile 87%; 60%

  19. Lerie Taylor

    Anyone with common sense can avoid these scams. It’s completely idiotic to give your information over the phone to ANYONE.

    So you think your bank doesn’t know your social? mother’s maiden name? your first car? didn’t you tell them these things when you set your account up?

    I have seen comments here like “this was a wake up call”, you shouldn’t be allowed to have a cell phone and your internet activity should be monitored because you’re the idiots giving these people money.

    Some guy named “Ron” says he doesn’t get these kinds of calls in Europe? You’re just not important enough, most of these scams are ALL over the EU, Russia, Africa and every other nation/country in thew world.

    I am not surprised to see Krebs posting this kinds of stuff, considering the amount of morons we still have out there but it’s pretty petty and I think your time and blog should reflect more important problems then telling people not to give their personal info out online or over the phone, it’s for the birds/morons/idiots/gullables.

  20. Brett

    After reading this post, it sounds like after the Equifax breach, scammers are now purchasing this previously private information (like SSN), then using that for combined voice/spear phishing.

    Warn your family and friends that this may be going on, especially that callers may have details like account numbers to gain trust.

  21. David

    Another point, regarding AT&T’s call filtering app (Call Protect): They’re now charging $3.99 to unlock all of the features. This means they’re essentially profiting from the annoyance of spam/scam calls. That *really* makes me mad.

  22. KN

    In addition to the usual garbage, I’ve been getting robo-calls all day the past two days pretending to be from Apple, telling me my iCloud account has been compromised. Brutal!

  23. sorka

    I see a lot of comments asking why the Telcos are not dig anything about these scammers. The fact is, they can’t keep up. I worked for a telco for 15 yrs who specialzed in VOIP and DID resales. For every spoofed # we would catch a dozen more would pop up in it’s place. The scammers are getting better and better at hijacking into a telco network, fraud is increasing on these networks daily, and techs are doing all they can to stop the flow. The problem is these hackers are smart, they run through more than 1 network with their spoofed #s, makes it exceedinly hard to trace, especially when the calls are (mostly) coming from overseas.

    1. Readership1

      You are right, but there’s something else worth mentioning: telcos are common carriers.

      Customers must be provided with the freedom to receive calls from anyone in the world, unless they waive that right by explicit request.

      And paying telco customers, even scammers, have the right to use telco lines to make their calls. Telcos cannot exercise editorial control over who can call whom.

      Why?

      To prevent interference with commerce.

      To prevent local telephone operators, especially when it was done by hand, from deciding “Mr. Smith gets too many calls on my shift.”

      To prevent the sort of interference with communication systems that’s associated with fascist dictatorships.

      To promote the common good and utilize transmission facilities over and on public land, common carriers must transmit from one end to another, without regard for where a call originates or terminates, without regard for religion or race or if the call is a scam or to sex talk or be pure or conduct business. A call is a call.

      Filtering of calls isn’t built in to the telco business, because they’re common carriers.

      That’s why telcos don’t do much. 1. They were never designed to prevent calls. 2. They’re obligated to connect calls. 3. Filtering is a class-action lawsuit waiting to happen.

  24. Em

    Brian, Thanks so much for this and other articles – you provide very helpful information. Regarding this statement:

    “I suspect people my age (mid-40s) and younger also generally let most unrecognized calls go to voicemail. It seems to be a very different reality for folks from an older generation, many of whom still primarily call friends and family using land lines, and who will always answer a ringing phone whenever it is humanly possible to do so.”

    I wonder if the above is a bit out of touch and reflects an age bias ….

    1. BrianKrebs Post author

      It certainly reflects my bias, which is informed mainly by older family members, who very much do behave that way.

  25. No Contact

    I don’t answer my phone. Literally never – it’s an outgoing telephonic device, and I leave it on full DND without voicemail. Call blocking software on my phone answers the call and immediately hangs up without any notification at all.

    I never feel the need to obsessively check my phone. Most of the time, I don’t even know where it is.

    While this may seem like an over-reaction – articles like this don’t apply to me anymore. I am a happier person. Turn your phones off and try it sometime.

    1. Bart

      Yes, yes. The telephone is a failed technology, good only for calling AAA when the car breaks down.

  26. Howard GREEN

    Gave much info on a supposedly random political poll. Agh! Realized later they could easily know my phone number and possibly match it to demographic info, address, etc. Plus know my opinion on current situation. Fearfull of Big Government, if not now, then soon.

  27. Chris Male

    The problem with blocking all calls not in your contacts list is when your doctor, hospital or a company you have made online contact with, calls you from their departmental number which is not a main number, they can’t get through and the call could be important to you.

    1. acorn

      On the rare day I’m EXPECTING a call is the only day I MAY turn the only-in-my-contacts or only-in-the-whitelist blocker off. I have better things to do than answering 22 spam-scam calls in ONE DAY, which I recently got on the Sprint-spam-scam voice network. It’s different when I was on T-Mobile and I know for sure I perhaps got no or near zero spam-scam calls compared to what I get through the Sprint voice network.

      Any other important communicators have other ways of contacting me (email, which mine is spam free, or snail mail) or I contact them if I’m expecting communications. It’s gotten to that point.

    2. acorn

      My attitute has completely changed as a Sprint spam-scam-voice-network customer. I’ve specifically asked some companies or organizations what number their call will be from.

  28. DaveMich

    A strategy we practice is to have two phones (three, actually).

    The first is a landline phone with an answering machine. Everyone gets that number, businesses, institutions, acquaintances, the grocery store – and yes, the bank. We don’t answer that phone, even if we’re standing right next to it. If they won’t leave a message it’s not legitimate.

    The other two are cell phone numbers. We don’t give those out except to a very small circle of family and trusted friends. One exception is the auto mechanic.

    We do get the occasional randomly dialed scam call that we route to voicemail, but this does a good job of controlling the problem.

  29. JPA

    As someone well older than mid-40’s I can remember when we didn’t have cell phones or even message machines. And we were able to send people to the moon and back. With that background its easy for me to relax about not answering a call.

Comments are closed.