New robocall scam

Hiya announced a new robocall scam they’ve observed. Here’s how it works.

Eavesdropping scam

Dubbed the eavesdropping scam, this ruse is a clever bit of social engineering.

Hiya calls it the eavesdropping scam because the caller is heard talking to another person, “I’m trying to get ahold of them right now.” It’s as if the victim is eavesdropping on the scammer.

That’s the hook.

The rest of the scam call is vague by design. It doesn’t use any of the typical fraud-related keywords found in other robocall patterns.

The called person is left wondering what that was all about. Why was it so important to get ahold of me now? So, they call back.

When the victim returns the call, they’re connected with a scammer who attempts to commit a fraud scheme, such as tax relief services.

What about STIR/SHAKEN?

The robocallers do not use spoofed numbers. In fact, over half of the eavesdropping scam robocalls observed were signed with either partial (B) or gateway (C) attestation using STIR/SHAKEN.

Ouch.

We’ve been following a related trend in our monthly reports on STIR/SHAKEN statistics. For example, in March 2022, calls signed with B or C attestation were three times more likely to be robocalls than other calls—even unsigned calls.

Digging into these signed robocalls a little deeper, we found that many were signed by a downstream provider on behalf of the Originating Service Provider (OSP). The downstream provider signed them using their own SHAKEN certificate.

These OSPs often claimed a complete SHAKEN implementation in the Robocall Mitigation Database. However, they aren’t listed as a SHAKEN-authorized provider on the STI Policy Administrator website. How does a provider do STIR/SHAKEN if they aren’t approved? Sure, their calls eventually get signed, but not by them, and not with their SHAKEN certificate—they don’t have one.

So, the OSPs aren’t doing either SHAKEN or robocall mitigation. The downstream provider knows very little about the calls they’re signing.

It’s a huge gap in robocall defense. Many robocallers are exploiting it.

The eavesdropping scam is yet another demonstration that STIR/SHAKEN doesn’t prevent unlawful robocalls. It prevents spoofing the calling number, if enough calls are signed. In this scam, the calling number wasn’t spoofed, and the robocalls were signed.

Further details are available in the Hiya press release.

girl listening on a tin can telephone

Corrective action

Here are steps that would strengthen the defense against unlawful robocalls:

  • Require SHAKEN authorization by the STI Policy Administrator to claim a SHAKEN implementation.
  • Providers that aren’t really doing SHAKEN should either do SHAKEN for real or robocall mitigation if they qualify for a SHAKEN extension.
  • The FCC should phase out the non-IP SHAKEN extension. Their criteria were met in July 2021—nine months ago. This would dramatically increase the number of signed calls, which would in turn make robocall mitigation more effective.

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.