Site icon Sophos News

Robocallers slapped with huge fines for using spoofed phone numbers

Wednesday was a busy day for the Federal Communications Commission (FCC) when it comes to putting some pecuniary hurt on marketing companies for illegally spoofing millions of calls.
One of the fines – a proposed one – was a first for the Commission, in that it’s the first major enforcement action against a company that apparently “commandeered consumers’ phone numbers,” the FCC said in its announcement.
The FCC is looking to penalize Affordable Enterprises of Arizona for more than $37.5 million for what it says are more than 2.3 million illegally spoofed robocalls that pretended to be from consumers’ phone numbers.
Affordable Enterprises was at it for 14 months, starting in 2016. Its shtick was to sic its robots on unsuspecting people in order to telemarket home improvement and remodeling services.
The calls were spoofed to look like they came from phone numbers that had nothing to do with the telemarketer. The calls also appeared to come from unassigned phone numbers and numbers assigned to pre-paid “burner” phones, the FCC said. The caller ID was spoofed in every one of the millions of calls, making it impossible to identify who was actually calling.
The FCC pointed to one poor soul whose phone number was hijacked in order to make those calls. The Arizona woman said she received more than five calls a day on her cell phone, all coming from irate people complaining about the telemarketing calls they got from “her” phone number. In fact, they were from Affordable Enterprises, records showed.
The FCC said:

Such calling tactics harm both the consumers receiving the deceptive calls and those whose numbers are essentially commandeered by the telemarketer.

The FCC notes that the Truth in Caller ID Act prohibits spoofing when it comes to “transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongly obtain anything of value.”
In other words, spoofing phone numbers isn’t always illegal. One of the legitimate, legal uses for spoofing is when a doctor calls a patient from her personal mobile phone and displays the office number rather than her personal phone number, or when a business displays its toll-free call-back number.


If consumers can’t see through the spoof ruse, how does the FCC? With a subpoena, that’s how.
The FCC got wind of Affordable Enterprise when it was tipped off by a whistleblower who used to work for the telemarketer. The Commission’s Enforcement Bureau used that tip to subpoena the company’s phone records and worked with the Federal Trade Commission (FTC) to review consumer complaints from individuals on the Do Not Call Registry.
The FCC says the company also went by the names Affordable Kitchens and Affordable Windows, using an unspecified telemarketing platform to connect sales reps to consumers to try to market home improvement services.

FCC fine for another robocaller

The Affordable Enterprises fine is a maybe, but Wednesday also brought one confirmed slap-down.
This fine was even stiffer than the proposed one: the FCC said that it’s fined health insurance robocaller Philip Roesel $82 million for illegally spoofed marketing calls. Roesel made more than 21 million robocalls over a three-month period from late 2016 through early 2017.
Big fine? Yes, but not the biggest. The FCC recently topped that by fining a Florida robocaller $120 million for the nearly 97 million spoofed calls his marketing companies made to sell vacations at resorts that, surprise surprise, turned out to be so not the Marriott, Expedia, Hilton and TripAdvisor vacations initially mentioned. That robocaller was Adrian Abramovich, whom Senator Edward J. Market had dubbed the “robocaller kingpin”.
In April, the Senate Commerce, Science & Transportation Committee subpoenaed Abramovich to explain exactly how easy it is to download automated phone-calling technology, spoof numbers to make it look like calls are coming from a local neighbor, and robo-drag millions of hapless consumers away from what should be their robot-free dinners.
His answer: pretty darn easy. He told senators:

There is available open source software, totally customizable to your needs, that can be misused by someone to make thousands of automated calls with the click of a button.

Besides all the fines, the FCC says it’s also passed rules to allow phone companies to proactively block calls that are likely to be fraudulent and has also “spurred significant progress” in establishing a reliable call authentication system to verify the caller ID information that appears on phones.

All-time high for spoofing

Such a system can’t come a minute too soon, given that the number of spoofed calls are skyrocketing. In April, such calls hit an estimated 3.4 billion: an all-time high, according to what robocall blocking service YouMail told the New York Times.
These are particularly dangerous times when it comes to so-called neighbor spoofing: that’s when robocallers display a phone number similar to your own on your caller ID, to increase the likelihood that you’ll pick up.
Neal O’Farrell, executive director of the Identity Theft Council, says that neighbor spoofing isn’t just annoying – often, such calls are a means to identity theft: a lot of crooks figure that if they can get a live victim on the line, they’re halfway there.
When it comes to deterrence, the fines are a start, but they’re not the entire solution, given that many robocalls are originating from outside of the US. Third-party apps such as Nomorobo are another tool in the arsenal, but they don’t catch all the spoofed calls.
As spoofing and telemarketing technologies evolve and advance, we all have to stay vigilant.


Exit mobile version