Do you think “Robo Spam” calls are bad? I was recently the target of a “Neighbor Phone Spoofing Spam attack which crippled my phone line.
It started with a call to my cell phone with a person saying they were returning my call. While I was on the phone with them, another person called to ask who I was and why I called. Then I started receiving texts that said, “who is this”, “I can’t talk now but will call back”. Within 10 minutes I was receiving calls and texts every second. So many calls and text came in that I could not even carry a conversation on the phone because the calls coming in generated so many incoming call pauses. It was a complete Denial of Service phone attack.
We often refer to a “Denial of Service Attack” to websites where hackers send so much traffic that the servers cannot handle the volume, and that is what happened to my phone. At first, I thought it was a very inconvenient but an admittedly good prank. As the day wore on and several hours passed, it was causing real damage. My number is a cell phone number that I have had for years and my business lines forward to it. If this happens to you, these are some things you should know.
Definition: Neighbor Phone Spoofing is when you use software to change the caller ID that displays on the receiver's phone. Amazingly, it is mostly legal to utilize call spoofing which makes sense in some cases such as a doctor calling from his cell phone and wants his the number of his medical practice to appear. However, Robo callers love it for telemarketing because people are more likely to pick up the phone from numbers with local area codes.
Laws regarding Phone Spoofing: You can go to https://www.fcc.gov/document/rules-and-regulation-implementing-truth-caller-id-act-2009 and search for section 64.1604 which states
64.1604 Prohibition on transmission of inaccurate or misleading caller identification information.
(a) No person or entity in the United States shall, with the intent to defraud, cause harm, or wrongfully obtain anything of value, knowingly cause, directly or indirectly, any caller identification service to transmit or display misleading or inaccurate caller identification information.
Basically, as long as the caller is trying to sell a legitimate service or product, it is okay to use this method which is why you most likely get multiple spam calls a day. . One could make the case that someone was “causing harm” to my business, and in fact, it really was causing harm.
If the receiver on the line did not pick up and answer, the call would drop. The spammers were only interested in people that answer. For all the people that did not answer, they did not get a voicemail, only a missed call from my number.
The numbers of call were so high that even if the attacker stopped, there would be so many people that would report my number as a spam number that my number would be listed as a known spam number. I called my cell carrier to report the problem, on a different phone, and to save you the hours of conversation and call holds, here are the responses from the carrier.
-Call 1, escalated to manager, “This is going on with other people right now as well and a known problem, we will implement software right now that will alert callers there is an issue and my number is not spam. This software should start in next 15 minutes.”
-After an hour of calls still coming in, Call 2 escalated to the manager, “You need to report to FTC”.
I said wait what happened to the first call that said there was software being installed to alert receivers of the call campaigns. The answer, “We don’t know anything about that but we are submitted a ticket on your case”.
The FTC submission is a long process that does address Phone Spoofing and there will never be a response. You are just supposed to submit it, so I aborted the FTC submission.
-Call 3, escalated to the manager, “The only thing we can do is change your number”
Changing a number is extremely disruptive and if I was targeted, the same attack could follow on a new number, so I waited to see if the calls would stop….several more hours go by but the calls and text are still flooding my account.
-Call 4, escalated to the manager, “Sorry, we can only change your number”
I was almost resigned to changing my number but was not going out without a long vent to the manager on the phone about how this was insane that they could do nothing. With some software and a few servers, you could probably knock out any companies phone lines. During this rant, the manager offers to temporarily suspend the line. I was grateful to just have an option and we tried it. The line was suspended for a few hours and reactivated and it worked!
The new calls stopped coming in but numerous follow up calls and texts continued for about a week and continued overall for a few weeks. I lost countless hours of productivity and almost lost my number but it was a real eye-opener to the potential to do real damage with a Denial of Service Phone Spoofing attack. There is nothing that can be done about it until one of these attacks is done on a large scale to a big company or multiple companies but I am absolutely positive it will happen. Even then, there will not be an easy solution but at least it will spark dialogue.
You can take some steps now to learn from my experience::
1- If it happens, hopefully, this blog will save you hours, try suspending your service first. Do not give up on escalating your calls with your phone carrier.
2- Have multiple contact numbers for your company so that you can replace you online numbers with other numbers that are not affected.
3- One key for spam call is using your local phone number. Maybe the days of 800 phone numbers are not over. Having an 800 number could be a less enticing number to spoof.