back to article FTC sues VoIP provider over 'billions of illegal robocalls'

A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed. Los-Angeles-based XCast Labs allowed robocalls from telemarketers to flow through its voice-over- …

  1. bo111

    Caller 2-step identification

    I wish callers could be identified by single-use number sequences on a sort of an official authentication apps. You tell the caller the number, and he must push it back into the authentication app with corresponding organization ID. This can be automated, so your phone app first requests the caller to push a newly generated number, cross-checks, and only then your phone rings while showing verified organization ID.

    To make it more secure, additional check could be possible by you visiting a known web-site (of your bank, for example), where similar verification will be made.

    1. Chewi

      Re: Caller 2-step identification

      No need. There is standards-based technology that is already dealing with this problem and it's completely transparent to both caller and recipient. Look up STIR/SHAKEN. It's all based around cryptography with regular EC keys and X.509 certificates. The US have made it mandatory for all telcos to use it, but I don't believe many, if any, are actively blocking based on the results yet. Instead, they are using it to feed a reputation database for now. I think some teething issues need to be resolved before it could be used to block, such as the inconsistent formatting of numbers (e.g. include country code or not). It seems the reputation database alone has made it easier to spot who the real abusers are though, so it's still being effective.

  2. stiine Silver badge

    Let me know when the executions are going to be scheduled.

    1. Doctor Syntax Silver badge

      They should be required to compensate the recipients. Say a $10 call-handling fee for each call made, That might well break the company. Fine, let that be a warning to others.

      1. Anonymous Coward
        Anonymous Coward

        They'll do the same as in the UK: they let the company fail, and fire up the next one which they have already set up.

        Instead, these charges should be to the personal fortune of the people owning it, or it should be made a criminal offense with mandatory jail sentence.

        Until you make it as personal as a wirebrush where the sun don't shine these people will not stop scamming.

        1. IGotOut Silver badge

          In the UK when it comes to unsolicited calls and texts, it is now possible to hit directors directly if they wind up a business to avoid paying the fine.

          In practice........

          1. Fred Flintstone Gold badge

            it is now possible to hit directors directly

            I wish that were true. That would be really the most enjoyable way ever to knock in a cricket bat..

  3. DS999 Silver badge

    Then how will they reach me about my car's extended warranty?

    * For non US readers robocalls "we've been trying to reach you about your car's extended warranty" were frequent enough they became a meme

    And now that I think about it, it has been at least a year since I remember one of these, maybe these were the guys responsible and the FTC shutting them down spared us all!

    1. Anonymous Coward
      Anonymous Coward

      Re: Then how will they reach me about my car's extended warranty?

      .. or your car is well beyond any extra warranty ..

      :)

      1. Andy the ex-Brit

        Re: Then how will they reach me about my car's extended warranty?

        My car is a 2005 model, and I still was getting those calls last year.

        Also, I already have an extended warranty.

        1. DS999 Silver badge

          Re: Then how will they reach me about my car's extended warranty?

          I recently bought a "new" (2021) car and I haven't got any calls regarding that but I've got nearly a dozen direct mail spam telling me I need to "activate the warranty on my car". Obviously some lowlifes are getting data on people registering new cars with the state and trying to scam them.

          What's weird is none of these use the make/model/year in their communications, they only talk about my "vehicle". Maybe they can only get data that I've registered a car, not what it is?

          1. doublelayer Silver badge

            Re: Then how will they reach me about my car's extended warranty?

            They don't know you have a car. They're just calling around with the assumption that anyone who doesn't have a car will just hang up. They're probably right. My guess is that, if you indicate that you want to talk to a human, they'll have no clue what your name is, let alone anything about the car you may or may not have.

            1. DS999 Silver badge

              Re: Then how will they reach me about my car's extended warranty?

              They don't know you have a car

              The robocalls sure, that's true. But for the direct mailings I'm receiving that is MOST DEFINITELY not the case. I hadn't received anything like that until I bought the new car, now pretty much every week I see something - most of them stamped with something like "official" or "to be opened only by addressee under penalty of law" etc. to fool people into thinking they are really important and require immediate action.

              1. Curtis

                Re: Then how will they reach me about my car's extended warranty?

                In the case of newly purchased cars, these companies are getting records from your state's records offices. Like much data that has been "commoditized", the sellers don't really care how the data is being used, because it's filling state coffers.

              2. Anonymous Coward
                Anonymous Coward

                Re: Then how will they reach me about my car's extended warranty?

                The spam mail probably has more access to records and targets new cars, whereas the extended warranty people don't, since what they call an extended warranty is actually just their own damage insurance contract. Then again, that doesn't indicate that the mail spam knows that much more than you do. I had a period where I was getting frequent mail for car insurance, and they knew enough to know my name and address. They did not appear to know that I don't own a car now and in fact I never have, so they don't even have the excuse of tracking an old one.

  4. Nameless Dread

    For non US readers re robocalls ...

    I had a well-spoken 'lady from Amazon' call my land-line the other day to say 'suspicious activity' had been noted on my Amazon account and it had been blocked.

    'Dial 1 to speak to a customer representative.'

    I hung up and logged in on my desktop to my Amazon account and, to no surprise, there had been no suspicious activity reported.

    Then I recalled I had NEVER given my land-line number to Amazon at all:

    Draw your own conclusions ...

    1. Sp1z

      Re: For non US readers re robocalls ...

      > Draw your own conclusions ...

      Yeah, it was just a cold call and nothing to do with Amazon, which hopefully this FTC action will help to stop.

    2. Caver_Dave Silver badge
      Unhappy

      Re: For non US readers re robocalls ...

      I don't know if there is a new level of scam, but I received one of those 'Amazon' calls last week.

      Rather than a completely random CLI though, it had my father's landline number in the CLI.

      The only time both my father's and my telephone number have been on the same document was "Lasting Power of Attorney" i.e. a UK government site!

      If it's a random CLI, I don't answer it. All the agencies I have to deal with Doctors, Schools, Councils, Police, etc. all withhold their number.

      1. doublelayer Silver badge

        Re: For non US readers re robocalls ...

        Some scammers like to fake a number that's similar to yours, with a similar geographic code but a different number at the end. They appear to think that people are more likely to answer local unknown numbers rather than random ones. If your number starts with the same digits as your father's, or if there is some link between your number and the location of that landline, they might have hit your father's number because of the reduced option set.

        A few years ago, I was expecting this would eventually happen to me because scammers were copying a ridiculously long prefix from my number and changing only the last three digits. By chance, I happen to know two people who have numbers in that set, although I'm only in contact with one of them, so I figured it was only a matter of time before they chose one of those. It didn't happen, and now my infrequent robocallers copy fewer digits of my number before randomizing.

        1. Michael Wojcik Silver badge

          Re: For non US readers re robocalls ...

          They often use out-of-date information, though. I routinely get spam calls from a state I haven't lived in for a couple of years now.

  5. Potemkine! Silver badge

    Robocalls should be made illegal, period.

    Los-Angeles-based XCast Labs allowed robocalls from telemarketers to flow through its voice-over-IP network to folks despite multiple warnings over several years

    Why so many warnings?? One should be enough.

    1. Killfalcon Silver badge

      Put the dates in the article against US elections. The FTC's priorities and capabilities are strongly informed by who's running, or failing not to run, the US government.

    2. Filippo Silver badge

      > Robocalls should be made illegal, period.

      I am on the DNC registry for my country. I regularly renew my registration to the DNC registry. There are no companies that have a legitimate authorization to call me. I regularly report every marketing call I receive to myh country's relevant authority. And yet, I'm at five illegal calls today, and the day is still long.

      Most calls I receive have a human at the other end, and it takes all my willpower not to snap at them. I just hang up, sometimes I try to gather information first, to add to my report, but they are very cagey on who they actually work for.

      Frankly, at this point I believe that all marketing calls should be illegal, period. No permissions, no "sign here", nothing. All marketing call centers are now illegal. Telephone as a marketing platform just needs to be killed with extreme prejudice.

      I do what I can by telling anyone who'll listen to never, ever, accept any offer made via an unexpected phone call, no matter how good or urgent it sounds. No exceptions - in fact, ideally, don't even listen to what the other person has to say, just hang up as soon as you understand it's an unsolicited call. If it's legit and really important, they'll send a registered letter, and if it's legit but they won't send a registered letter, then it's not really important. Sometimes, when I'm feeling unreasonably optimistic, I dream that one day everyone will get it, and the concept will just die.

      1. Anonymous Coward
        Anonymous Coward

        I do not swear except ...

        ... to unsolicited telephone calls. Then the size of my repertoire that gets repeated, depends on how fast they terminate the call.

        If they have a vaguely UK accent and I am in a good mood then I might interrogate them a little to give substance to the TPS report.

        TPS - vaguely useless

        Royal Mail unaddressed - fill the the opt-out every 6 months, but still receive the rubbish. Any company that uses this service goes on my "do not buy from" list

        Free 'local' magazines - contacted them all to ask not to be delivered to. One deliverer caught me getting into my car and was extremely abusive because he gets paid per delivery. I have it on video, but the Police will not do anything as the magazine company refuse to name the deliveryman.

        All these things are a waste of resources: time (all), electricity (TPS), and paper (Mail). The world has little enough without wasting it on this junk!

      2. Andy the ex-Brit

        Don't hang up immediately. Tell them you're very interested and ask them if they can hold on a minute. Then put the phone down until they hang up.

        If we can waste enough of their time they become unprofitable. Some Youtubers (Scammer Payback, Kitboga) are doing the Lord's work baiting scammers and wasting hours of their time until they flip out.

        1. Filippo Silver badge

          I did that for some time, but eventually I decided that the best thing for my blood pressure is to just make the entire experience as short and limited as possible, and forget about it.

          Here's an idea. An app where you can push an "it's spam" button during a call. If you do, the phone GUI gets cleared of the call, the mic and speakers go silent, but the call is kept up in the background until the other side hangs up, or until you receive another call. When it's over, a report gets automatically sent to whatever privacy authority is appropriate for your country. Include whatever can be legally included, I'm not sure you can record it without telling them; maybe it can auto-transcribed.

          I'd actually pay some money for that.

          1. Anonymous Coward
            Anonymous Coward

            Better yet - it listens for quiet on the other end of the line, then responds with "Sorry, I missed that, can you please repeat it?" If the caller is a human, they may fall for it once or twice; if it's a bot, it might keep their line tied up for hours!

        2. Michael Wojcik Silver badge

          If we can waste enough of their time they become unprofitable.

          Unfortunately I don't think that's practical. Few people will do it, and thanks to the low overhead of VoIP, bots, and minimally-compensated people working from home, these scams are profitable even with a very low hit rate. It might make some recipients feel better to waste the callers' time – and if so, go right ahead – but I doubt it has any noticeable effect on the bottom line.

    3. bo111

      > Robocalls should be made illegal, period.

      Also because not many people call each other nowadays. Calls are reserved for very important issues.

  6. ThatOne Silver badge
    Unhappy

    *Sigh*

    > XCast knew it was breaking the law and didn't hold back

    Because they knew the law was toothless, and breaking it would earn them a stern look and a telling off. At worst.

    1. Anonymous Coward
      Anonymous Coward

      Re: *Sigh*

      QED..

  7. Carlie J. Coats, Jr.

    Spoofed numbers

    Spoofing phone numbers of government agencies and health-care providers should be a felony -- just as much as impersonating a policeman is. And civil damages should be at least $25,000 per violating call.

    The present civil penalties scheme under the US Do Not Call Act is grossly inadequate (the civil penalty is $500 if no aggregating factors are present, $1500 if any or all aggravating factors are present): the whole scheme needs to be adjusted for inflation since 1990, and then additional penalties for multiple aggravating factors for a call should be additive. Use of any spoofed number should be a severe aggravation -- say $5,000 -- with $25,000 for government/health-provider spoofing.

    1. Filippo Silver badge

      Re: Spoofed numbers

      Spoofing numbers should be considered identity theft.

      1. bo111

        Re: Spoofed numbers

        > Spoofing numbers should be considered identity theft.

        Which is typically the result of such calls.

  8. Snake Silver badge

    Interesting...

    I've had more robocalls at the office in the past month than the prior 4 months put together.

    And this is after the FTC's moves on them.

    Coincidence? I don't think so.

    1. Killfalcon Silver badge

      Re: Interesting...

      Rush to cash out, possibly.

  9. spuck

    Chasing the wrong quarry...

    This is all well and good, but VoIP providers can't call my phone. It takes a telco with a PSTN connection to make that "last mile" connection to my number. The FTC can make a big bluster over shutting down an unknown VoIP provider, but where's the announcement of the fines on their telco accomplices?

    1. Anonymous Coward
      Anonymous Coward

      Re: Chasing the wrong quarry...

      Sorry friend but every commercial VOIP provider has pstn interconnects. I work for a government agency in the US and ALL of our primary telecom service is VOIP with cellular as a backup. If you have a landline a VOIP user can reach your landline.

      1. spuck

        Re: Chasing the wrong quarry...

        Yes, all commercial VOIP providers can call my landline, but not all of them are big enough to do the PSTN connection themselves. Especially the lower-rung, smaller companies that are allowing and profiting off these robocalls.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like