Your phone rings. You don't recognize the number, but you answer anyway. "Hello, hello?" Then a prerecorded voice comes on the line: "Congratulations! You've been selected to receive at absolutely no cost to you free installation of aluminum siding for your home, along with a set of solar panels …"
By this point, if you have any common sense, you've already hung up. But you wonder: How could this happen since you've already signed up for the "do not call" list? And why are these scammers allowed to annoy me?
It occurs to you to follow the advice found on some websites. Because of caller ID, you can see the number the call came from, which could be in New Mexico, Tennessee, Wisconsin or any other state. So you call back to find out who really placed the call and to give them a piece of your mind. But it's not meant to be. A voice simply says: "Sorry, this number is not in service."
Chances are this has happened to you more than once, maybe even once a week, and you'd like nothing more than to stop it. And so would the Federal Communications Commission (FCC), which vows to "facilitate blocking of illegal robocalls." But it's a slow process. "In terms of call authentication, we are still in the preliminary stage," said FCC spokesperson Will Wiquist.
"Consumers still get an unacceptably high volume of calls that can annoy or defraud," said an FCC press release. "One particularly pernicious category is spoofed robocalls where the caller ID is a fake, hiding the caller's true identity."
The FCC proposed new rules in March to stop this, and it's nearing finished getting public comment on this. But in the meantime, thousands, and probably millions, of robocalls have been made, often from companies dedicated to doing just this.
"There are multiple online services that offer caller ID spoofing for a price," said Tripwire, a software security service. "Some even offer a 30-second free trial so you can try out the service." All you need is the phone number you're calling from, the number you're calling and the number you want to show up on caller ID.
Part of the problem is the open architecture of the nation's phone system. In the past, FCC rules required voice service carriers such as AT&T (T) and Verizon (VZ) to "complete all calls," with no discrimination allowed.
But robocallers and scammers have jammed up the system and irritated people to the point where something has to change. A spoofer's basic tactic is to obtain a phone line -- preferably one not in use -- and usurp it to place calls nationwide, which is why you get no response when you call back.
Alert carriers identifying these lines would be allowed to block illegal spoofed calls that go out from these lines "without running afoul of FCC rules," claimed the agency. It added that "A test of this by the industry-led Robocalls Task Strike Force reduced IRS scam calls by about 90 percent" in just three months.
Fake IRS calls are the most annoying and probably the most lucrative for spoofers. Pretending to be the tax man or woman, these scammers threaten you with the consequences of owing money for unpaid taxes. And if a naïve person answers, they intimidate and cajole the victim into sending a money order or gift cards that the phone predator can access.
Stopping in-country calls may be possible, but scammers are ruthless. The FCC is still trying to figure out how to deal with spoofed calls from international locations, which then get bounced around and through several networks. "When that happens, it's tough to maintain a fingerprint," said the FCC's Wiquist. "The problem is tracking it all the way through the system."
The enemy at the gate even knows how to unlock legitimate numbers. One tax scam in Pottsville, Pennsylvania, claimed to arrest victims who didn't pay outstanding tax debts. The scary part was that caller ID showed that the call came from Pottsville City Hall.
In another case, a Miami man placed 96 million robocalls to trick consumers with an automated message telling them to "press one" to hear about vacation deals from Hilton, Marriott and TripAdvisor, none of which were participating. Instead, these calls were routed to a foreign call center to sell time shares to the unwary person. This man now faces a $120 million "proposed" FCC fine for "illegal spoofing."
The FCC may be fighting back, but sheer numbers aren't working in its favor. In July, it issued a fine of nearly $3 million against a New Mexico-based dialing service, which provided a "technology platform" to make millions of illegal robocalls but had refused to stop even after being warned.
How can consumers avoid getting "spoofed?"
- Be careful when you answer the phone. If you don't recognize the number or it comes from an unfamiliar area code, let it go to voice mail. Scammers don't usually leave one. And be sure to set up a secure voice-mail password even if it's not required.
- Don't assume that someone from "a government agency" calling to ask for money is legitimate. This just doesn't happen. And never give out personal information such as your Social Security number to an unknown caller.
- If you're uncertain about a call placed from an unknown number, check it out online. Chances are that someone has already caught on to this spoofer and put out a warning on the number.
- Update your information on the "do not call" registry.