Demurrage is an activist collective with a reputation for detailed investigations into the ways scammers exploit American comms networks and consumers. One sign of their deep knowledge is that their reports on scam activity eschew sensationalism. Another is that the reports are given titles which will mean nothing to the general public, including their latest: “Sinch: A Closer Look at Consistent Avoidance and Lack of Communication”. This new report, dated December 2025, is the sequel to a 2024 report entitled “Sinch: A Case Study”. However bland the title, the contents should be mandatory reading for anyone claiming to have expert knowledge of the US scams ecosystem.
The general public has no idea who or what Sinch is, or that the Swedish CPaaS firm acquired US voice network Inteliquent in 2021, or that Inteliquent is the product of a merger between Onvoy and Neutral Tandem, or that Inteliquent is one of four US comms providers currently being investigated for their role in facilitating illegal calls by an alliance of United States’ Attorneys General. Some US telcos change brand so often that it is difficult to keep track of their names, never mind gathering evidence about which ones are most to blame for scam traffic. However, Demurrage are unambiguous when pointing the finger of blame.
This investigation is a follow-up to the report completed on September 13, 2024, and incorporates new information regarding Sinch’s current stance, practices, and fraud prevention measures.
The initial report documented blocks of numbers on the Onvoy network used to facilitate Spectrum and later Xfinity customer support scams, all acquired by scammers operating out of illegal call centers in Pakistan. It highlighted Sinch’s lack of communication, the limitations of its sole reporting method, the Sinch webform, and compared it with other telecom providers that acted quickly and offered accessible reporting channels to the average consumer.
This updated report confirms that the issues identified in 2024 remain unresolved. It further outlines Sinch’s continued avoidance of communication across multiple official channels and details how scammers are now bypassing KYC requirements to continue obtaining numbers through the Sinch network.
These are brutal accusations, especially as the leaders of Sinch’s American operations exert considerable influence on the anti-scam strategy of the USA. For example, Stacy Graham, the Trust & Assurance Policy Director at Sinch, is also the Vice President of the Communications Fraud and Control Association (CFCA), is on the Leadership Council of One Consortium as well as being its Treasurer, and was appointed in 2024 to the Advisory Board of Somos, a business that actively markets itself as providing the ‘future of trusted identity for telecom’. But then Demurrage line up an even bigger target in their sights, and it has a name that will be familiar to everyone:
Demurrage first observed a surge in PayPal refund scams linked to the “Onvoy/Neutral Tandem” network on June 4, 2025, both carriers now owned by Sinch/Intelliquent. Further investigation revealed that many of these numbers were actually Microsoft Teams numbers.
Microsoft Teams, which replaced Skype following its discontinuation in 2025, is now being exploited by scammers in much the same way Skype was previously abused.
Demurrage backed their claims with reams of evidence. However, obtaining this evidence first required them to tear through layers of obfuscation.
Previously, lookup tools identified “Skype” as the carrier for fraudulent numbers, but MS Teams numbers do not list “Microsoft” or “MS Teams.” Instead, they appear under “Onvoy/Neutral Tandem,” providing few initial clues beyond the fact that both carriers are owned by Sinch.
A Demurrage team member later recognized the default voicemail greeting used by MS Teams numbers and, after obtaining a Teams number for testing, confirmed that numbers appearing as “Onvoy/Neutral Tandem” were in fact Microsoft Teams numbers. As a result, Demurrage was required to report these cases through Sinch’s webform.
Demurrage are scathing about the way Sinch and Microsoft handle complaints about scams.
Sinch has made direct communication extremely difficult, redirecting consumers away from standard contact channels and toward an outdated, flawed robocall reporting form as its primary reporting method. Many of the MS Teams numbers used in these scams were submitted through this form, and several appear to have been shut down. However, neither Microsoft nor Sinch provided confirmation or updates regarding the status or outcome of these reports. [their emphasis]
This lack of engagement is contrasted with the way Lumen handles complaints.
…Lumen immediately place a temporary block on a reported number before forwarding the case to the wholesaler. Lumen communicates with consumers throughout the process and typically resolves fraudulent traffic within minutes…
So how are scammers defeating the know-your-customer (KYC) controls meant to ensure phone numbers are only supplied to trustworthy users? The answer is that yet another cybercrime-as-a-service has sprung up to address this difficulty.
Demurrage defines a “mark” as a complicit reseller who exploits telecom reseller programs by selling pre-made, KYC-verified VoIP accounts directly to scammers operating out of illegal call centers in India and other regions. These resellers typically operate through Facebook, Telegram, and WhatsApp groups, charging premium prices because scammers are not required to submit any of their own information for KYC verification.
VoIP numbers can be a powerful enabler of fraud because they obliterate any meaningful relationship between the number seen by an ordinary member of the public and the location of the person who controls the number. Scammers use automated redirection of VoIP calls as part of a process that obscures who is actually receiving them, and this is further supported by cybercrime-as-a-service providers who obtain KYC clearance for VoIP numbers on behalf of scam call centers. Being a service that is intentionally provided to criminals, a premium is charged by crooked VoIP number resellers to those scammers who want ‘verified’ VoIP accounts because they lack the means to pass KYC checks without assistance.
Demurrage argues that US anti-scam policy should focus on identifying the crooked number resellers currently profiting from this cybercrime-as-a-service, who they call ‘marks’, and by tightening the supply and KYC of VoIP numbers to drive up the cost of cheating those KYC controls. Any increase in these costs will be passed on to scammers, making it less likely they will continue to generate a profit from their crimes.
Scammers already pay inflated prices for DIDs [direct inward dialing numbers] and fully verified accounts purchased through marks, far higher than what they would pay if using their own KYC information. While many work out of illegal call centers, others, such as those running Publishers Clearing House scams, operate from their homes and cannot afford to continuously purchase overpriced numbers, especially if the supply begins to diminish.
Politicians continue to talk about robocalls as being the key vector for scams but Demurrage reports that callbacks have supplanted robocalls as the single most important way to connect scam call centers with potential victims. The US industry needs to refocus on tackling dodgy resellers who advertise their services via social media.
…robocalls now represent only a small fraction of scam activity. If telecoms are genuinely concerned about preventing fraud, or avoiding repeated warnings and potential penalties, they must address not only the shutdown of fraudulent numbers but also the identification of the underlying accounts. This includes tracing those accounts back to the marks who supplied them and removing such individuals from reseller programs and networks. Doing so would significantly limit scammers’ ability to acquire new numbers.
Demurrage’s conclusions match those of Tom Walker, a respected American fraud investigator who spent 20 years chasing fraudsters on behalf of AT&T and T‑Mobile. Walker recently submitted a filing to the FCC that slammed the US comms regulator for ‘intentionally’ hiding statistics relating to scam activity. That filing also drew attention to scam methods identified by Indian police as far back as 2016:
…local police in India conducted call center raids that resulted in an 85% decline in IRS [Internal Revenue Service] impersonation calls and a 33% decline in robocalls overall. This criminal group had hired coconspirators in the U.S. to activate more than 12,000 prepaid cellular phone numbers, sent out prerecorded IRS impersonation calls from these phone numbers, and then programmed these prepaid SIM cards to route incoming return calls to VoIP DID numbers which, in turn, routed calls to criminal call centers in India.
Walker’s submission to the FCC goes on to state:
It is likely outbound spoofed calls have never been the primary driver of financial loss from telecom-initiated fraud… If most robocalls were being spoofed, distribution of providers that owned phone numbers subject to complaints would be proportionate to the percentage of all available numbers they control. Yet I discovered that 74% of complaints listed calling party phone numbers assigned to just 23 telecom providers that primarily sell Direct Inward Dial (DID) VoIP numbers to end-users and resellers. These 23 providers appear to control 19% of assigned number ranges.
163 pages of Demurrage’s report are dedicated to listing Sinch and Microsoft Teams phone numbers that have been used for fraud. That should be sufficient to establish the thoroughness of Demurrage’s investigation. That they also reach the same conclusions as Tom Walker about the significance of DID VoIP number abuse is enough to convince me that the USA’s anti-scam policies have placed too much emphasis on CLI spoofing at the expense of tackling a near total absence of controls over the misuse of VoIP numbers. I am conscious that American volunteer scamhunters have an especially low opinion of Inteliquent due to the firm’s refusal to engage with them, so the scamhunters may be accused of bias. However, the combination of Demurrage’s evidence about the abuse of VoIP numbers supplied by Inteliquent with the evidence separately presented by Walker should be decisive for any impartial analyst of scams that target Americans.
Sadly, the history of anti-scam policymaking in the USA is one where bad conclusions are jumped to first, then cherrypicked evidence is sought to back those conclusions. Individuals who point out contrary evidence are systematically silenced by telcos and authorities who want to control the narrative presented to the public. It is jarring but not surprising to learn about Inteliquent’s lack of interest in engaging with Demurrage while the telco simultaneously adopts a high-profile anti-fraud stance within industry cliques. So in anticipation of a possible backlash from Inteliquent to this article, I questioned Bob Backlund of Demurrage to obtain a more thorough understanding of their work. I began by asking Backlund why he felt the significance of robocalls had been exaggerated.
The statement that “many telecom companies and regulatory organizations continue to focus on robocalls, even though robocalls now represent only a small fraction of scam activity” is based on the repeated press conferences and warning letters addressing robocalls. Regulators such as the FCC and FTC have yet to address meaningfully the activity we’ve observed in the field… These methods are used to drive victims to call listed residential or toll free numbers for fraudulent tech support services. None of these cases involve robocalls.
While American regulators and other officials obsess about phone numbers associated with calls received by the public, as evidenced by their continued insistence on the development of an international traceback process despite an unavoidable legal flaw in their approach, Backlund was adamant that the number of scams instigated by robocalls had been eclipsed by scam methods involving a callback. In callback scams, a victim may receive an SMS or an email whose contents instruct them to call the number included. For example, the victim may receive a fake invoice and will then feel obliged to call the number on the invoice to challenge it. Perhaps the FCC is especially unwilling to change course to better address callback frauds because the regulator has always made the prevention of spoofing central to their anti-scam strategy although spoofing stops being a relevant issue if victims are encouraged to dial a number controlled by a scammer.
In addition to callback numbers disseminated by SMS and email, Backlund also emphasized the ongoing importance of pop-up messages on computers as a method of stimulating callbacks.
The many press conferences and warnings exclude online pop-up scams as well. These are often triggered by mistyped URLs and present fake Windows Defender or Apple Support alerts with toll free numbers instructing users to call for bogus tech support. Such scams are unrelated to unwanted calls and are significantly more common, given how easily users can encounter them, often in combination with scam emails posing as PayPal, McAfee, or similar scam invoices.
A previous Demurrage report highlighted the increased use of prepaid T‑Mobile SIMs by scammers. Backlund explained how they are also used to propagate callback scams.
While robocalls are still being reported, they do not compare in volume to tech support scams using residential and toll free numbers. The average consumer routinely receives multiple scam emails or texts per day, all directing them to different call centers, primarily in India. This activity has increased as scammers shift toward residential and T‑Mobile prepaid numbers, in part because Sinch and T‑Mobile do not respond to consumer complaints, even when numbers appear to have been disconnected for fraud.
US comms providers insist publicly that they have robust KYC controls. Backlund emphasized the ease with which foreign scam call centers overcome KYC obstacles by simply outsourcing to crooked businesses that specialize in passing KYC checks.
The core issue of how scammers bypass KYC requirements remains largely unaddressed. They do so through the use of ‘marks’ who supply pre‑verified accounts and numbers.
The scammer’s need to work around KYC controls aimed at businesses also explains why scammers are now obtaining more retail VoIP numbers and retail SIM cards, as intended for the use of the general public, instead of the toll-free numbers that Americans would typically associate with business use.
Telecom providers strengthened their KYC protocols for toll-free services, requiring verified identities, business registration, and campaign details. These are credentials scammers do not and cannot submit to telecoms. Because of this, scammers turned to residential lines, which only need basic identification and an address, hence why 805 area codes or similar are being used and passed off as “toll free” numbers in the recent wave of refund tech support fraud.
Backlund was keen to emphasize that the kinds of scams identified by Demurrage are run by call centers in India and Pakistan, not the massive scam compounds in East Asian countries including Cambodia and Myanmar. It is an important distinction because the human trafficking, torture and murder that occurs in the East Asian scam compounds will not be alleviated by American attempts to focus international cooperation on less severe crimes. However, Backlund did warn that the Indian and Pakistani scam call centers were also adept at targeting victims outside of the USA. For example, some native Indian scammers have learned Japanese to target victims in Japan. Ironically, American VoIP numbers are also being used to scam Japanese victims because it is much more difficult to obtain Japanese numbers.
Our exchange ended with me asking Backlund for his opinion of new Federal Communications Commission (FCC) restrictions on the supply of VoIP numbers. The FCC’s new order was issued two weeks after Demurrage completed their report.
Eric, so to our understanding, the FCC may reclaim numbering blocks from providers whose authorizations have been revoked or terminated and is considering restricting numbering uthorizations to entities on the Covered List. In effect, this would require all VoIP providers to comply with robocall mitigation rules or risk losing access to their numbers, which is a good thing in our opinion.
The primary concern remains enforcement… there appear to be no meaningful consequences for noncompliance.
This proposal appears to be a response to long standing issues involving major providers, such as Sinch and Bandwidth, that have been repeatedly linked to robocall activity.
It is too early to form an opinion, but Backlund promised me he would let me know about the effectiveness of the FCC’s new restrictions over VoIP numbers. Like Backlund, I was pleased to see the FCC was learning from past mistakes and doing more to stop criminals gaining control over phone numbers. However, the FCC’s description of how VoIP numbers have been abused conflicts with the findings of Demurrage. The FCC continues to talk about scammers making calls with these numbers, while Demurrage says the evidence shows these numbers are used to receive calls from victims.
Americans are currently making a lot of fuss about tracing international calls received from abroad, but tracing will only be a sideshow if the bulk of scams rely on callbacks. Callback scams occur because the USA does not currently exert adequate control over the supply of its own phone numbers. There is a lot more that American authorities can be doing to stop scam communications without needing to pressure foreign entities to comply with American demands. If the American authorities choose not to implement additional anti-scam controls within the USA, it begs the question of why they would expect foreign countries to do more to protect Americans.
Instead of obsessing about traceback, American policy needs to refocus on traceforward. Instead of waiting to receive a call, and then asking where it came from, policies should be geared towards understanding who is obtaining US phone numbers and when those numbers are used to forward calls from potential victims to scam call centers.
I am impressed by the quality of Demurrage’s work, and the deep knowledge of the US comms industry that Backlund demonstrated during our conversation. You can read Demurrage’s new report, “Sinch: A Closer Look at Consistent Avoidance and Lack of Communication”, below or download it by clicking here.
