In two major announcements the Federal Communications Commission (FCC), the US comms regulator, has signaled its intention to ramp up financial penalties for businesses that spoof the ID of inbound calls. Spoofers are generally trying to fool people into receiving automated marketing calls, and the practice has become more common despite laws meant to prevent it. Recently a fine of USD82mn was issued to telemarketer Philip Roesel and his companies after they were found responsible for making more than 21 million robocalls that marketed health insurance. Meanwhile, the FCC has proposed a fine of USD37.5mn for Affordable Enterprises of Arizona after they abused the phone numbers of ordinary people to disguise their robocalls.
The FCC explained why Roesel deserved an USD82mn fine.
Mr. Roesel, himself (doing business as Wilmington Insurance Quotes), or through his company, Best Insurance Contracts, Inc., made millions of spoofed robocalls. He sought to sell health insurance and generate leads for such sales. By spoofing his caller ID information, Mr. Roesel made it difficult for consumers to register complaints and for law enforcement entities to track and stop the illegal calls. Such conduct, along with long-standing Congressional and Commission recognition that illegal robocalls cause consumers significant harm, show intent to cause harm and an effort to wrongfully obtain something of value.
Whilst Roesel spoofed caller IDs to hide the true source of his telemarketing calls, the FCC highlighted how Affordable Enterprises went further by hiding behind the numbers of innocent phone users.
The Tucson-based company made more than 2.3 million maliciously-spoofed telemarketing calls to Arizonans during a 14-month span starting in 2016 to sell home improvement and remodeling services. The company apparently manipulated the caller ID information so that many calls appeared to come from consumers who were unconnected to the operation…
One Arizonan received more than five calls per day on her cell phone from consumers complaining about telemarketing calls they thought she had made. Records show that Affordable Enterprises had made spoofed telemarketing calls to consumers that appeared to be coming from the cell phone of this unaffiliated Arizonan. Such calling tactics harm both the consumers receiving the deceptive calls and those whose numbers are essentially commandeered by the telemarketer.
The investigation of Affordable Enterprises began after a tip-off from a former insider.
The FCC’s Enforcement Bureau began its investigation based on information provided by a whistleblower. Using this lead — from a former employee of Affordable Enterprises — the Commission subpoenaed the phone records of the company and worked with the Federal Trade Commission to review consumer complaints from individuals on the Do Not Call Registry. The company, which also used names including Affordable Kitchens and Affordable Windows, used a telemarketing platform to connect sales representatives to consumers to try to market home improvement services…
…Many consumers who received these telemarketing calls had placed their numbers on the
national Do Not Call Registry, which prohibits marketing calls to listed numbers.
Many national do-not-call lists are also taking a battering because of the current surge of cheap robocalls. Whilst reputable marketing companies will respect consumer wishes, national schemes can do nothing to stem the rising tide of calls generated by fraudsters and dodgy businesses. Research by academics at EURECOM even suggests that some scammers are using do-not-call lists as a source of phone numbers to target.
The issue of robocalls and spoofing has become a high priority in the USA. Cheaper IP-based calls and improvements in technology have made it much simpler and more profitable for scammers to bombard phone users whilst hiding their true identity. Anti-robocall business YouMail estimates that Americans collectively receive over 4 billion robocalls every month, many of them from fraudsters. Earlier this year the FCC issued a record USD120mn fine to a Miami businessman who was responsible for almost 100mn robocalls in a three-month period, many of them involving ‘neighbor spoofing’, the practice of changing the caller ID to give the impression they originated locally. The FCC is also backing the adoption of the SHAKEN/STIR framework, a SIP-based method for real-time authentication of digital certificates associated with originating numbers.
The US government passed the Truth in Caller ID Act in 2009, prohibiting callers from deliberately falsifying caller ID information to disguise their identity with the intent to harm, defraud consumers, or wrongfully obtain anything of value. However, the FCC states that the proposed fine for Affordable Enterprises would represent their “first major enforcement action against a company that apparently commandeered consumers’ phone numbers”. Whilst the FCC’s enforcement activity has ramped up significantly, national solutions will only address part of the problem because many robocalls now originate in other countries.
The consumer protection challenge posed by robocalls and caller ID spoofing will be one of the key topics discussed by Eric Burger, Chief Technology Officer of the FCC, when he attends RAG Kansas next week. RAG Kansas will be held at Sprint’s offices near Kansas City on October 17th and 18th, and will also feature speakers from AT&T, T-Mobile, CenturyLink, Rogers, TELUS and other telcos from North America and further afield. Risk, assurance, and anti-fraud managers who work for telcos are welcome to attend the conference for free; they may register here.