There is very little analysis of the quarterly reports on traces of suspicious calls received by Americans, especially when you consider the communications industry says it cares deeply about:
- collaboration;
- information; and
- identifying the origin of scam calls.
Having worked for telcos, I find it easy to understand why industry insiders prefer not to discuss the results of these traces. They are embarrassing. Nobody ever received a lucrative contract or job offer because they commented on the smell emanating from a potential customer or employer. And so, as every quarter goes by, the statistics sent by the US Industry Traceback Group (ITG) for publication by the US Federal Communications Commission (FCC) paints a worsening picture of the state of the US industry, but because the public narrative is that everything must always be improving, nobody talks about them. Except me.
The figures for the most recent quarterly report, which covers October 1 to December 31, 2024, are so bad that I will not bother dissecting them. They speak for themselves.
- Of 117 traces tagged as Amazon scams, 22 were traced to T‑Mobile, 9 were traced to Verizon, and 8 were traced to AT&T. That is 33% traced to the Big 3.
- Of 708 traces tagged as order scams, 219 were traced to T‑Mobile, 118 were traced to Verizon, and 101 were traced to AT&T. That is 62% traced to the Big 3.
- Of the 910 traces on the report which identified the originating telco, 38 were traced to telcos outside of the USA. The other 881 were traced to telcos inside the USA. 255 were traced to T‑Mobile, 133 were traced to Verizon, and 109 were traced to AT&T. In other words, 55% of completed traces were to the Big 3.
- 299 traces in the report were incomplete because a telco did not respond to a request for data. Such a business will likely sit outside of US jurisdiction. That means the number of traced calls that led to the Big 3 is 50% greater than the total number of traces that could have potentially led to a telco based outside of the USA.
It has often been claimed that US industry data shows scam calls received by Americans have mostly originated in other countries. The implication is that the US industry is powerless to stop scams until there is a global infrastructure for protecting the interests of American consumers. Readers of Commsrisk have the skills needed to evaluate the accuracy of those claims.
And before anyone says ‘simboxes’, let me shoot down the misleading notion that the use of simboxes makes the USA more dependent on assistance from foreign countries in order to tackle crime. On the contrary, simboxes are an easier problem for the US industry to address than some of the other tools and techniques that criminals utilize. The difference is that mobile network operators and local law enforcement must work together to tackle simboxes; they cannot pass the buck to other kinds of telco or to other nations. A mobile network operator is responsible for who gets their SIMs and who can instigate calls on their network.
Some also appear to be spreading misinformation about the novelty of simboxes. Simboxes are not a new tool for committing crime. Simboxes have been used for crime for at least a quarter of a century. I was conscious of controls being implemented to identify and stop simboxes when I began work at T‑Mobile UK, 24 years ago, even though there was less simbox crime in the UK than other countries. The global communications industry possesses enormous accumulated knowledge about methods that can be used to detect and stop simbox crime. Many governments and regulators have ruthlessly punished mobile operators that were deemed to have made insufficient effort to prevent the misuse of SIMs and simboxes. To give just one prominent example, the value of MTN, Africa’s largest telecoms group, fell 20% during 2015 because the government of Nigeria threatened a USD5bn fine for failing to disconnect unregistered SIMs. I see little value in the US creating an infrastructure that traces scam calls if there is no intention to limit the supply of SIMs to criminals or to punish US mobile operators that have not taken adequate steps to counter the abuse of SIMs they supplied.
There is a long-established recurring pattern of criminal behavior that sees scam communications being conveyed in bulk using business-to-consumer channels until controls are implemented on those channels, at which time the same kinds of scam communications then get conveyed less efficiently using consumer-to-consumer channels. The net result is that criminals have to spend more to commit the same crime; they do not stop trying to commit crime. Simboxes are used to exploit consumer-to-consumer communication channels. If the rise in scams traced to the Big 3 US mobile networks is due to increased simbox use by criminals then that was a predictable consequence of improved controls on communications services sold to business users. It also means there is no excuse to fixate on foreign cooperation to tackle crime. Tackling the abuse of simboxes is completely within the control of US authorities and telcos.
Simboxes function as a relay station when they are used to bypass controls on communications. The second leg of the communication will be a conventional domestic phone call placed by the simbox to the end recipient. The first leg of the communication can be international, but need not be a conventional phone call. The rise of the internet has supplied criminals with cheaper and more secure ways of engaging in real-time international voice communications than the placing of a literal phone call. If simboxes are in extensive use within the USA then this undermines the benefit that might be accrued by developing the infrastructure to trace international phone calls to their destination. Phone companies can trace phone calls but they cannot trace Whatsapp calls or a dozen other voice services that criminals might co-opt. Some other entity would need to perform such a trace, if any trace is possible given the technical and legal obstacles with trying to gather data about communications encrypted end-to-end across multiple legal jurisdictions. If simboxes are to blame for a rising number of scam calls received by Americans then the correct response is to target the simbox, the SIM in the simbox, and the domestic call made by the simbox. It seems to me that the fixation on the international element of these calls exhibited by some US professionals is motivated by a desire to distract attention from anti-scam controls that the US industry can implement without outside assistance.
The FCC receives these traceback reports, but it is my belief that they lack any personnel with the competence needed to interpret them correctly. A rising number of traces to US mobile operators should draw attention to the risk of SIMs being obtained by scammers. Typical anti-simbox controls include restrictions on the number of SIM cards that a person can acquire and the use of data analysis to identify anomalous traffic patterns indicative of simbox use. Many readers of Commsrisk will be familiar with plenty of other anti-simbox controls, so I will not bore you by trying to enumerate them all. It is sufficient to reiterate that the global telecoms industry knows a lot about how to tackle simbox abuse, regardless of whether some Americans wrongly believe simboxes are a novel way to commit crime. My home country, the UK, has been one of the weakest countries at tackling simbox abuse because of confused decision-making by its government and regulator but even they have finally tabled legislation to prohibit the ownership and sale of simboxes. There is no excuse for US legislators, regulators and telcos to continue allowing simboxes to be used for crime. If the FCC wants a comprehensive anti-scam policy then the prevention of simbox abuse must be central to it, but there have been no signs of the regulator waking up to the risk so far.
If you do not trust my opinion, at least you can analyze the US traceback data for yourself. It would be good to have more independent fraud experts pay attention to them. You can see the data below, or click here to open a spreadsheet in a new window, where the menu includes options to download the data in various formats. Masochists can also obtain the original PDF and text versions on the FCC website here.



