89 comments

[ 3.3 ms ] story [ 147 ms ] thread
I average around 3 robocalls each weekday. They are annoying and it's made me set my phone to not ring when I'm at work.

Do you do anything other than hang up when you get a robocall?

Sometimes when I do answer a robocall I just ask them to hold on for a second while I get a pen and something to write on then I set the phone down and go back to work. They rarely stay on the line for more than 10 seconds and one Medicaid scammer calls often enough that he recognizes my voice and will tell me to fuck off and then hangs up immediately.

I often don’t answer but when I do I set them on silent. Most times it’s immediate hang up but occasionally (less often nowadays) I’d get one that would just sit there indefinitely. My hunch is this the scanner that finds numbers that answer.
With the car warranty people I would let them say their script and ask random (somewhat stupid) questions - I had a fake car/vin/address/name that I'd read to get through any of those questions.

Haven't gotten one in months though...

Hah. With some voice-to-text steps a LLM could talk to these callers for a while before they realized...
The car warranty people always hang up on me when I tell them I want an extended warranty…

…on my 1909 Stanley Steamer.

I answer it and leave the call going until they hang up. I don’t say or do anything else. It costs me nothing and it wastes a bit of their time. It’s a tiny rock in their gears.
> Do you do anything other than hang up when you get a robocall?

Yes, I don't answer in the first place. My phone may as well not have the "phone" feature, I think I use it less than once per month.

I have a rule that I don't pick up unless I already have them in my contacts. If they're not and they need to contact me, they can text me or send me an email, and I'll call back.
How do you handle deliveries then?
Is this an apartment thing? I don't receive calls for deliveries. US, live in a house.
Yeah, delivery men usually call to ask if anyone is at home.
Never received a call for delivery, other than take out food which I'm expecting a call from. That would be an edge case.
People are outraged when I tell them I have no phone in my house that rings.

I'm outraged by the idea of people responding to phone rings like Pavlov's dogs.

What about the case where a doctor’s office calls, then you have to call back, navigate the menus, stay on hold, then get sent to voicemail & they call back n hours later?

This is a really common scenario for me, so I have to leave the ringer on to avoid it.

I can send my doctor and hospital a message through a web portal in just a minute, and it works just fine.
My doctor has no web portal :(
Turning on your ringer is like staying home waiting for the cable man. It makes total sense. If you are always in this kind of situation all the time (on Android) you can star certain contacts and set those to ring. I do that for certain friends.
Unfortunately, it seems like my hospital has a pool of SIP numbers that get round-robin’ed. I was never able to whitelist them all.
(comment deleted)
iPhones have a feature where it just goes straight to voicemail if the calling number isn't in your contacts. That's useful most of the time but I have to remember to turn it off when I'm expecting a call from the plumber telling verifying the service or something.
I pick up and try to waste their time as much as I can, while working on some chore / mindless task. I figure every second I keep them on the phone is another second they're not scamming an elderly person.

Edit: I think my record is about one hour with the "social security administration".

I have never gotten a robocall. Are they an US phenomenon?
They're illegal here... But I still get about 5 every day.
UK, US, CA, usually run by scammers from countries with low income and weaker currencies. They target countries with gullible, often elderly, population groups that have access to cash in a stronger currency to make the biggest profit for the least effort. Huge benefit of the robocaller is that they can sound less scammy because your first point of contact is well spoken relative to the scammer who often has a thick accent.
No, not a UK thing. Have had a UK phone number that I know is on a couple of public databases and at worst I get a call every three or four months with the 'we understand you have been involved in a traffic accident' robocall. A quick poke to the Ofcom fraud site to report it and I am sorted for the next few months.
My bad, I think if they required proof of identity in the US and Canada it would be far reduced.
Are you this outspoken when your corpos outsource all labour intensive task, clothing, manufacturing to "low income and weaker currencies" countries with "thick accent" so that they can sell products at record high prices in a stronger currency country to "make the biggest profit for the least effort".

I know people like you stay silent when it's time to buy the latest shiny iPhones, fast fashion clothings which are made by exploiting labour(even child labour) which pays pennies to 1 $ an hour and working in harsh conditions.

Whilst I can appreciate that my comment may read as racist to some people, that is not the intent nor the reality of the words written.

It's about the facts and not prejudice.

You're correct in that economic imbalance is where many businesses make a big chunk of their profits, it's only natural that scammers try to take advantage in the same way.

US gets a lot of robocalls for a few reasons: the target population is large and one or two languages addresses the vast majority, easy means of payment from victims, high trust society, and maybe most importantly near zero cost of calling. I read something from the FCC several years ago that call charges between carriers would soon be set to zero, rather than the previous status quo of something around a penny per minute for terminating calls, netted out. Commercial services charge around a penny or less per minute, and anything with volume can get to much less.
We have to start creating criminal penalties for this stuff. We wouldn’t let someone go around knocking on doors, the same door everyday and sometimes multiple times, attempting to scam people.

At this point the phone system is unusable. If my doctors office needs to call me they’re SOL because I’m not answering a number I don’t know.

The spam detection on Google Voice seems to have improved dramatically in the last 12 months or so, it hasn't missed a single spam call in that time for me.
Letting everything get so terrible that customers are basically forced to preserve their own sanity by selling their data to the data-vacuum of all data-vacuums is hardly a solution.

At that point it's basically a protection racket.

Won't happen. Your inconvenience is worth far far less to those in power than helping their "business" friends make more money. The difference between "business" and "scam" at this point being nigh indistinguishable.
the fcc should not have put robocall abatement policies on hold for 4 years. for me, that ruined voice calls.
Can we talk about junk mail, while we're at it? I back-of-the-enveloped the numbers once, and we'd need a $5-10/month tax (or service fee or however they want to frame it) to pay the postal service what it gets from bulk mailing, per household—and probably on the lower end of that, because there'd be some savings from not processing all that bulk mail anymore. Easily worth it IMO. Throwing away literally 95%, by weight, of the mail I receive is tedious and wasteful. I think the "tax" it imposes on time and attention is well in excess of $5/month, even for low earners, and losing one piece of actually-important mail in the mess can far outstrip the annual cost of such hypothetical payments.
while I agree that junk mail is an issue, there are some differences.

1. junk mail is sent either to a recipient or an address, the mailer is paying some fee for it.

2. while it is a nuisance, they aren't going out of their way to hide who sent it or breaking a bunch of laws and contracts in order to send it.

3. we don't have government agencies ignoring or trying to stop the implementation of laws that pertain to junk mail, we'd need to get laws passed to stop it before that could occur.

so, yeah, horrific waste, but not the same.

> they aren't going out of their way to hide who sent it

I see an awful lot of bulk mail that's trying really hard to look like something it's not. Some of it's so bad that I'm surprised it doesn't fall afoul of various laws (and maybe it does, but enforcement is so poor that it's still profitable to do it).

Damages against a legal entity are usually not "existential" in value (sufficiently large enough to terminate the entity). I really hope that an example is set here with intentionally existential damages. A company that so avidly facilitates spam and scams need not exist.
The penalties for permitting more than X robocalls through in a given period including those originating outside your network should be so high that legitimate operators under US jurisdiction are terrified of allowing connections from companies that turn a blind eye to robocall farms—a couple of those stop being able to route calls to the US, and they'll either shape up in a hurry, or continue not being able to route calls to the US, and either way, problem solved.
This. I don't understand why we can't catch and prosecute these spammers. Is it that hard for the phone companies/authorities to trace who's making these phone calls?
Good luck prosecuting a scammer in a foreign country. We need penalties for the telecom services providing access. Right know it's trivial for someone to get a ton of numbers and starting making calls over SIP. You shut them off, they'll just go to another provider.
It should not be trivial to buy hundreds of numbers.
It shouldn't be, but it is. The latest scams all involve calling people from local looking numbers (same area code), since it's more likely victims will pick up.
The scammer in a foreign country has to have on-the-record account(s) with some foreign telecom company, directly or via some chain of intermediaries.

Just shut down those accounts, and if the foreign telecom doesn't comply, then block calls incoming from that telecom. Eventually the scammers will start encountering serious resistance to obtaining new accounts and numbers.

So why hasn't anyone done this yet?

They don't necessarily need to use a foreign telecom company. They can buy SIP access directly from a US company (Twilio, SignalWire, etc) and use it anywhere.
Then that's even easier, because a US company's customer accounts are under the authority of US courts.
You would think so. However, the number of scam/spam calls I receive daily proves otherwise. When I look up these numbers, they are mostly CLEC or mobile numbers. I assume some of the caller IDs are still spoofed, though I thought STIR/SHAKEN was going to fix that.

Approximately 50% of the calls I receive are through a company identified as "Sinch". Some complaints about them here: https://scammer.info/t/sinch-and-inteliquent/85531

Sadly, scams are big business.

The reported names can be entirely spoofed, but the telecom engineers know who they are connected to, and the companies they are connected to know who they are connected to ad infinum.
What's the incentive to do anything about it?
Money?
Without big fines, don't companies make more money not following up on it?

1) VOIP providers get revenue from the customer (scammer.) 2) Upstream telcos are getting paid by the VOIP provider for the numbers, call origination fees, etc. 3) The receiving telcos get some call termination fees.

How does this relate to the discussion?

No one outside the telecom's accounting department will have the figures handy to know either way. And the net balance would certainly would be proprietary information that won't be shared on HN in any case.

If there’s no financial incentive for companies to stop this stuff, it won’t happen. That’s how.
We will never discover whether it's one way or the other via HN comments, so it's an irrelevant point.

It's not even possible to talk about it in any substantive capacity.

Many of the calls are coming in from overseas, using US VOIP numbers that cost a dollar a month (or less.) We need a "know your customer" type provision for telecom companies. An overseas scammer should not be able to buy 100's of US numbers with a credit card.
One trick I’ve found to screen robocalls is to answer and be silent. They seem to use an automated system that dials pools of numbers and checks to see if a human is on the other side before connecting you to an agent. If it gets silence it hangs up.

Real humans wait a few seconds and say “Hello?”

Half of the ones I get use those apps that go straight to your voicemail to leave a message so you can’t even answer if you wanted to.
My voicemail message is silence. I only get audible responses from live person spam. They seem to just go ahead after a few seconds regardless, probably because of a mandatory script. Then they just say "hello" a few times.
I tried this and it didn't work.
Not so used to "robocalls" where I live, but we do get lots of scam calls spoofing a local number. I feel that should be impossible. Yeah, when I'm in some other country, that operator in that country needs to call "on behalf of me". But there is no verification. I can be connected to a tower here in Norway, and someone from a different country can call my neighbor pretending to be me. Why isn't this a solved problem?
(comment deleted)
Because telcos blindly trust the metadata passed to them from outside their networks, and this is by design (going back decades to when all telcos were "trusthworthy" quasi-national actors).

The sheer volume of calls that go through a phone network, and the lack of a central system to locate the true source of a call, means it's somewhere between prohibitively expensive and impossible to validate and verify the metadata of every call coming into a telco's network.

> prohibitively expensive and impossible to validate and verify the metadata of every call

Isn't that what the SHAKEN and STIR protocols fix? Maybe the telco can't validate every call, but even if they at least told me when the metadata has been verified would be great. Most of my legitimate calls originate from another US number and all of those should be verifiable.

Yes that was a first attempt at addressing this, but it's still imperfect and not universally adopted, even though both the US and Canada have required adoption since 2021.

The FCC for example still exempts "small rural phone providers" I believe? Adoption is growing though, but it's hard to say how fast and by who.

It's honestly a cost/benefit thing.. Changing fundamental infrastructure at telcos is super hard and expensive and most will not do it until they are forced to by law.

> means it's somewhere between prohibitively expensive and impossible to validate and verify the metadata of every call coming into a telco's network.

This is true, but also it does not prevent tracking down the source afterwards. As in, telcos normally have enough records to check a given chain provider by provider. We could still fine the right entity if there were correct laws for it available.

Like I said, there is too much call traffic for this.

Believe it or not, most non-US telcos don't have (or rather don't choose to have) the capacity to inspect and log every single phone call, because it's not a cost they want to bear for the tiny fraction of calls they might need to look at later.

In the US the govt forces major telcos to either log or copy calls over to the NSA, so it's different but they're never going to use that very sensitive expensive setup to go after scammers.

Even if they did, let's look at what would happen:

A US telco takes a call log that came into their network and tries to work back through the chain of international telco providers that routed the call, to find the source.

It's only a matter of time before they reach a telco in the chain that says "we don't have those logs sorry".

Plus, each telco along the way will charge the US telco for retrieving and providing those logs. No one works for free.

And then even if they get to the source, guess what? It was probably a fraudulent account with a stolen credit card, at a virtual reseller where no human interaction ever happened to set it up.

Sad trombone.

I really don't think that's a huge issue. (Worked at a telco, but small one)

Sure, nobody works for free, but if requests for source become a thing that happens, there will be systems to retrieve it with less work as well. It doesn't need to be a long record - keeping the last couple of days for complaints handling may be painful, but not "too much traffic". If adtech can save all our clicks for analysis, telcos can handle the short term lookups.

> It's only a matter of time before they reach a telco in the chain that says "we don't have those logs sorry".

That's the whole idea - the blame for that specific call falls on them then. Get fined, next time don't lose the logs, sorry.

> Plus, each telco along the way will charge the US telco for retrieving and providing those logs.

Make it a requirement for reporting so they can't - similar to how DMCA safe harbour works. Either you deal with your customer, point at a source peer, or become the responsible party.

> a stolen credit card, at a virtual reseller where no human interaction ever happened to set it up.

That's fine. Close the account and if it repeats too often for the reseller they can get fined until they implement better fraud checks (or prevent large volumes of calls without human interaction). This is not a novel problem - that's why you can't spawn 500 GPU instances on EC2 right after you open an account.

Edit: Back of a napkin - Verizon claimed to handle 800M calls a day some years ago. Logging the 2 source, 1 destination numbers, peer ids and date in binary format, which is all you need for handling complaints, gives you <40GB per day. That's searchable with grep on a laptop. It's definitely not too much data for a telco.

Again I'll say the same thing I said to someone else: if it was this simple and this easy, it would have been done by now.

I've been working with or at telcos for more than a decade and I am still regularly amazed (not in a good way) at how complex, messy and byzantine a lot of the internal systems are, never mind anything that needs to talk to another equally (but differently) byzantine telco somewhere else.

Never had a robocall in Europe in like ever. Seems like this is a problem that's very possible to completly solve
(comment deleted)
Why is it so easy to spoof caller id phone numbers for these scammers?

I use Verizon’s call filter app and it seems to help. I haven’t gotten robocall spam in a while.

I’m also curious about this. I’ve gotten calls from people saying I’ve been calling them all night (although not since I’ve switched from android tk iOS) and once I called a number back and the lady on the other side began crying because apparently her phone had been spoofed for awhile and she was getting tons of calls.
The simplified answer is that phone networks were designed and built 100 years ago and have a fundamental assumption of trust built into the interoperability model between telcos.

Back when every telco was a quasi-governmental national operation, they could all more or less trust each other to do the right thing, so when one network operator receives information from another (for example, caller ID info) it just blindly trusts it as correct.

We've layered tons of modern digital services on top in the last decades but fundamentally there's still that very old network with very basic capabilities underpinning it all.

And so in today's world where every telco offers wholesale access to resellers (who then have sub-resellers and sub-sub-resellers) it's almost impossible to police this stuff.

There's so much traffic going through these networks, it would be very expensive to stop and validate/verify every call's metadata, even though there have been proposals on how to do that put on the table by various parties for years.

But telcos are competitors, and getting them together to agree on how to handle this kind of thing is hard. No one can agree on who should pay for it, and no one wants to go first. Every telco basically passes the buck. So if you are on Verizon and you get a fake caller ID spam call, Verizon will say "we're just forwarding the call from X, go complain to X".

There has been some legislation passed in the last few years as the problem has gotten worse, but don't expect telcos to move on any of this until forced to by law.

source: I work for a telco.

> But telcos are competitors, and getting them together to agree on how to handle this kind of thing is hard. No one can agree on who should pay for it, and no one wants to go first. Every telco basically passes the buck. So if you are on Verizon and you get a fake caller ID spam call, Verizon will say "we're just forwarding the call from X, go complain to X".

This is why making telcos explicitly, legally, financially responsible for the forwarding garbage calls would fix this really, really fast. The telcos would figure it out, no need to dictate a system.

Sure, and how do you plan to do that globally, all at once, in a fair manner, and with everyone (regulators and telcos) on the same page?

If you think no one has proposed this or tried this before, you'd be incorrect. :-)

Don't get me wrong, you're right that would work, but getting it to work is near impossible.

Don't forget that every telco would lobby against this, and they are some of the most well-connected enterprises around.

>how do you plan to do that globally, all at once, in a fair manner, and with everyone (regulators and telcos) on the same page?

That's the trick, you don't. The US has enough influence that its telcos should be forced to say "from date X international peers that send spam will be disconnected, because we're directly liable for it". There's no serious telco in the world that would say "ok, so our customers won't be able to call the US anymore".

It's a bit like the Brussels effect.

Applying it only to the ones in US jurisdiction would fix it. Telcos in other important markets would comply with the demands of the US telcos, or get cut off (and lose business to other telcos in those markets that did comply). Regardless of which option the foreign telcos pick, US robocall volume would plummet. Give it a 1-2 year notice before enforcement starts. I would expect little or no disruption by the time the deadline hit.
Yeah that's just not how it works, sorry.

Look I get it, you've imagined a very reductive simple solution to a hugely complex problem and I know it makes sense to you, but you're really drifting into the Dunning-Kruger zone here..

Telcos are hugely, stupidly, complex operations, and all the international inter-connectivity between them even more so.

You can do whatever you want of course, but perhaps consider just trusting me when I say if this was as simple and effective as you put it, it would have been done by now.

> You can do whatever you want of course, but perhaps consider just trusting me when I say if this was as simple and effective as you put it, it would have been done by now.

> > > Don't forget that every telco would lobby against this, and they are some of the most well-connected enterprises around.

Oh, you already covered the reason I think this actually hasn't already been done.

We need to redirect these calls to an AI that will ask great questions and seem almost quite interested.
I eventually resorted to installing NoPhoneSpam[1] on my phone, and setting it to block all phone numbers not on my contacts list. At first I had doubts that it may prove disruptive, but it was surprisingly easy to adjust to after adding my doctor's number to my contacts list (which I should have done before). Most people end up texting you if they can't reach you, anyway.

[1] https://f-droid.org/en/packages/at.bitfire.nophonespam/

Why do consumers get prosecuted for circumventing DRM, even if just to claim back their ownership of content and devices they bought, but companies get away with actually malicious circumvention (spoofing) on a much wider scale?

Also, technically speaking, how can big telcos make sure they route a call to the right phone, and also claim to be helpless against spoofing?

About two years ago, someone named Alnar (a man I do not know) requested information about health insurance. For whatever reason, either as a mistake or otherwise, he gave them my Google Voice phone number.

I was getting, without hyperbole, more than 150 calls per day, about 100 of which were Robocalls, all of which were trying to sell me healthcare. When I would get humans, they were always asking for Alnar.

This went on for about three months, until I just decided to no longer have my Google Voice number route to a "real" phone anymore. I still get about 40 calls a day, most from robots, but they're manifested in the form of transcripts on Google Voice.

I hate Alnar, I hope he steps on a Lego block, but even more I hate that it must be at least a little profitable to do this phone spam. They're making the phones largely unusable.

I have a first-initial-last-name gmail address.

Over a period of years, it became basically unusable. A dozen or more people with the same first-initial-last-name have typo'd my email address into enough systems that the volume of crap coming in—some unsolicited stuff that gets through gmail's increasingly-useless spam filters, some technically solicited, just not by me—is high enough that keeping up with it's just not worth it.

Yeah, I have a similar problem; I have [firstname][lastname] as a Gmail, and I do get a good chunk of emails targeted to people who are not me.

Fortunately my last name isn't terribly popular in the English-speaking world, and my first name (Thomas) isn't super popular in Germany, so it's not a huge deal. Still, it was annoying enough to where I eventually just bought [lastname].app and set up an email for that.

I've been getting calls and texts for "Victoria" for literally 5-6 years now. She apparently has been going through forclosure, so I get spam calls trying to buy the house. I know no one named Victoria and have never owned a house.
Please do CANSPAM next. You're sitting on a gold mine of free tax revenue.

I can forward you all the emails from YouTube recently "announcing important changes to my account" that were really Google marketing announcements and nothing changed on my account.