Skip to main content

Podcast: Robocalls

"mobile phone" by Irita Kirsbluma is licensed under CC BY 2.0
NC State Audio Abstract
Audio Abstract
Podcast: Robocalls

Computer scientist Brad Reaves talks about robocalls – how they work and what happens if you answer. Read on for some highlights.

Robocalls are one of modern life’s annoyances, and we’ve all heard that answering them only leads to receiving more, but is that true? A yearlong study from NC State looked at how robocalls actually work and debunked a few myths along the way.

“How do these robocallers – especially the scams – operate without being prosecuted or sued? There’s a couple of answers to that,” Reaves says. “The first of them is technical. It’s simply incredibly hard to figure out where these calls are actually originating from.

“On the back end of the problem, once you do identify one of these operations, the FCC or FTC, depending on which regulatory body is actually pursuing a case, has to build a mountain of evidence. And that takes a lot of manpower. Similarly, it costs a lot to bring these cases to judgment. And when they’re successful, the shell companies that operate these robocall scams evaporate and the judgments, the government just simply can’t collect on them.”

It’s (a business model) that seems to be reasonably successful. We also know from cases that have actually been successfully prosecuted, that the perpetrators do walk away with millions of dollars.

So if you do answer a robocall, what happens?

“It depends on who’s calling you. We saw in our data that some campaigns are going to try to call you back more than once, no matter what. We saw that something like 60% of our robocalls, when we answer, there’s nobody there, there’s nothing on the other end.

“When you get one of those silent calls, what’s actually happening is that the robocallers will use their software to, send 10 or 15 calls at once for each representative, knowing that most people aren’t going to answer. But in the event that two people answer at the same time, whoever answered first is who gets their attention and the other one just sits silent until they hang up.”

What are “call storms?”

“It turns out that when robocallers spoof a phone number, they don’t check to see if anyone else is using it. And so what happens is that they will place tens of thousands of calls claiming that particular number all at the same time. Now, some fraction of those numbers are going to see a missed call and try to call back. And so what happens is a reflected denial of service attack. This is not intended by the robocallers, it’s just an almost funny, unless it happens to you, side effect of robocall spoofing.

Right now, there’s absolutely nothing you can do (to protect your phone number from being spoofed). If I wanted to, by this afternoon, I could be spoofing calls from the White House.

“Shortly after we discovered this phenomenon in our data, I got a message from one of our students in the lab that said, ‘Hey, Brad I’m getting hundreds of calls right now and a lot of people are asking me why I called them, do you have any idea what’s going on?’ And this is what had happened to him. Now, the good news is that this phenomenon is fairly short lived. It’s a matter of hours or maybe a day or two. And it’s terrible that it happens, but there’s really very little that we can do about it right now.”