Why You Need to Pick-Up The Phone


Scammers have made the telecom network unusable

You’re in the middle of cropping that awesome baby picture to post on Instagram when suddenly you’re dumped out of the app and your phone switches to an inbound call.

Or you’re in the middle of a workout at the gym, listening to your tunes then the music cuts out. It’s a call.

Or at the grocery store, when you feel your purse vibrating. Is it the kids? Ugh, no it isn’t.

When your cell phone always wants your attention it seems it’s always for a reason you dread: a robocall.

50% of all phone calls in the United States are now considered unwanted garbage.

It sounds very counterintuitive to pick up a robocall but this is really the only option we have left. And if you train yourself psychologically, you can take immense pleasure out of wasting other people’s valuable time and money doing it.

An Indian-American is really tired of “IRS” phone calls from India

The healthcare scammers

The healthcare scam virtually everyone has been getting….

In my particular case I get Obamacare health plan enrollment scam calls. A lot. They hit my phone every single day. Once in the morning between 9:30 and 10am, and again around lunchtime. The scammers always call from a different area code each time.

When you pickup one of their calls it’s always the same recording every time. They ask you to Press 1 to connect to a healthcare enrollment specialist or 2 to be placed on their do not call list. I always Press 1 (pressing 2 does absolutely nothing, they have this routed to a hangup command on their PBX).

When an agent cuts in and joins the line, they start right off with their script. “Are you looking for an individual or family plan?” The agent is trying to fill out what’s called a lead sheet. They can’t offer you much detail about the services that they’re selling or the healthcare plans they’re trying to enroll you for, or what services aren’t covered. The agent calling you at this stage is a filter and it’s her job to funnel hot leads over to the sales team.

What’s fun about this scammer is that every time you call the number back you either get a SIT tone or some other error. They are very unwilling to give out their phone number.

Investigating further with some telecom tools that I have, I discovered these numbers aren’t spoofed. They really belong to the scammers but they’re not set up to route incoming calls back to their phone center they are dialing out of. The error message that you hear when you call back is coming directly from the PBX in their offices.

The advice people give to you about robocalls is wrong

The FCC tells you to just hang up. It has to be one of the most stupidest pieces of advice that’s out there to deal with this problem. Think about it for a second: an automated dialer is awake all the time, it’s only food is electricity, and it only cares when you pick up. If you don’t answer, it will just try again, and again, and again, and again.

Robocallers do not delete phone numbers off their system. Cold-call sales, debt collectors and especially scammers have no incentive to remove your phone number from the dialer if you just hang up. The system moves on to the next victim on the list and eventually circles back to you.

The callers use the same software, a feature known as predictive dialing. The process is simple: call a phone number. It should ring a couple of times. If the call is answered, there should be a brief pause followed by some sound. This is the time it takes between you pressing the accept button on your cell phone or picking up a handset, lifting it to your ear and then saying Hello? If that happens, the line is considered “hot” and a telephone agent will be cut in automatically on to the line.

Most of us are quick to expect an immediate answer when we say hello, so it’s easy to detect when a predictive dialer is being used. You hear silence on the line right away, only followed by the agent and the background voices of her coworkers around her after you speak. If you say absolutely nothing, the line either won’t cut in to an agent or it will take about five seconds before a confused agent pops on the call just to check the line to see why you haven’t said anything.

Economics is why this is happening

Placing Voice-over-Internet phone calls has become incredibly cheap. If you use Skype you’re paying over ten times more than what a typical robocaller is paying to make outbound calls. A big call center only spends about $10/hr in phone charges probing thousands of phone numbers looking for hot leads.

An ad from a VOIP provider selling telephone numbers to be purchased in any area code
An ad from a VOIP provider selling telephone numbers to be purchased in any area code

With scammers, nearly all the telephone calls originate in India, the land plentiful with cheap, lowly-paid English-speaking call centers. Debt collectors employ a mix of US-based and Indian call-centers and business-based cold-calling is nearly entirely US-based. They all call you using a US-based phone number, thanks to cheap dial-in-direct (DID) phone numbers they can reserve.

Some VoIP operators are a bit shadier and allow what is called in the industry pass-through Caller ID. This allows the phone center to pass whatever it wants to in the Caller ID field when putting the call out. This is how the scammers who call you with phone numbers that match the first six digits of your own phone number operate.

If you’ve ever called the phone number back to yell at a person you think robocalled you and discover you reached an innocent victim, now you understand why.

The FCC’s promised system fix is a joke

The FCC promises they’ll have a solution for robocalls with a new certificate system called SHAKEN/STIR. The solution is mostly garbage.

Image result for SHAKEN/STIR framework
The laughable SHAKEN/STIR upgrade the FCC is proposing

At some point, whenever the FCC forces telecom companies to implement it, all telecom providers will have to send an authentication certificate with their call when a call is placed. Because of the age of the phone network this will likely not require any telephone subscriber to do anything. The certificate contains a little bit of information about the phone system that originated the call and who the subscriber was.

The certificates can be presented to what is called a “certificate authority” or repository. Theoretically a phone carrier will allow you to see this certificate when you receive a call, but it’s not clear if that will actually be enforced. If it is, then you will have a way to block entire telecom companies like VoIP providers. You could even block entire networks, like MetroPCS.

This solution is defeatable for one reason: debt collectors. As an industry debt collectors have unfettered access to the telecom network. The largest debt collector in the US is Portfolio Recovery, who owns at least 100 telephone numbers and constantly rotates numbers as each one is flagged by telephone subscribers in their call-blocking apps. Other large outsourced debt collection firms have united as a lobbying group and are at the FCC’s table.

They also have lobbied the makers of call-blocking apps, trying to ensure that their phones are harder to block.

Make no mistake about it, the telecom companies are not going to make it easy for you to ban debt collection calls from your phone.

So it should come as no surprise to you that debt collectors will have a say in preventing customers from blocking the telecom trunking providers that they use to place the hundreds of thousands of outbound calls they make every day. As long as there is a hole in the system open for them, others will follow suit.

As soon as the FCC allows one disreputable certificate authority to join the telecom network and hand out certificates to anonymous nobodies, we are back at square one.

The only benefit that SHAKEN/STIR will provide is easier call identification so spoofing a call becomes harder. But you might actually lose the ability to block phone numbers when a certain certificate is presented to the telecom carrier. And it won’t stop robocallers from buying DIDs in your local area, not hooking them up to their PBX so they can make what appears to you to be a local call, only to discover it’s connected to a call center in India.

Here’s 15 solid minutes of scammers being conferenced in with a bot.

So what, then?

It sounds very defeatist, doesn’t it? There is only one way to give robocallers actual pain and that is to pick up the phone. For all the technology that is employed in this game, nothing can replace a human on the other end of the line, and humans are expensive. ed. note:  I was typing this part of the article when a scammer called from India promising me great rate reductions on my credit cards–if only I could give them the numbers on the card.  I kept her tied up on the phone for 11 minutes.

For the past ten years there has been a growing movement called scambaiting. A scambaiter is someone who specifically wastes a robocaller’s time, preventing them from being productive. Scambaiting can even be automated with services like Jolly Roger robots which you can conference in with your phone. You can even ask your phone company for a feature known as simultaneous ring which will ring both a Jolly Roger robot and your cell phone (your phone will still ring but only once if Jolly Roger knows the call is garbage).

Another app that automates scambaiting is RoboKiller. While their database is less robust than other cell phone apps, it offers the one killer feature: scambaiting. It features robots that are designed to waste a robocaller’s time. The dev team behind that app also hones their robots to counteract the programming that robocallers use to adjust their predictive dialers.

Even if you don’t have a fancy app or your own PBX system, you can do scambaiting the easy way–drain a robocaller’s time: pick up the phone. It sounds counter-intuitive but the more of a robocaller’s time you waste the fewer people can be scammed and the less money they are earning. Chances are excellent your parents are already expert scambaitiers–as you age the number of unwanted solicitations only ever increase.

There’s all sorts of social-engineering techniques you can use to keep a robocaller on the phone:

  • The Bad Connection — “What?” is an easy go-to. “I’m sorry, what was that again?  The phone’s cutting in and out.”
  • OBAMA — Political pull poll surveys hit Pennsylvania the most because of our status as a predictive swing state. That means tons and tons of political survey calls from phone numbers that are always disconnected. Just say one word over and over—whichever politician’s name you think works. I like to use Obama. “Sir, what are your feelings about universal healthcare?” Obama. “Do you think Pat Toomey is doing a good job or a poor job?” Obama. “On a scale from 1 to 10, how would you rate Donald’s Trumps job performance would you say a 1 it is unsatisfactory or a 10, most-satisfactory?” Obama.
  • Overtalking — Don’t wait for the phone agent to finish reading their script, start talking over them. “I’ve already talked to you people before you keep calling and calling and calling and calling and calling and calling and calling….” Repeating “and calling…” 37 times or trying to set a record before they hangup is always a challenge (my record is 30). The phone agent has a script in front of them they’re trying to get through. You’re not letting them get very far. The longer they stay on the phone to wait for you to finish your diatribe, the better. That phone agent also has a boss who gets angry when they waste time on unproductive leads.
  • Uh-huh — This one is great if you’re wearing earbuds or a headset. Just repeat “uh-huh. mmmmhmmm. yeah-huh. meh.” and mix and match after every pause by the phone agent. Don’t bother uttering sentences. I sometimes take off my headset when I do this so my responses aren’t even in step with the phone agent. The caller never has your credit card and bank account information (that’s why they’re calling you!)
  • My Social is 555-55-5555 — Some debt collectors actually ask for full social security numbers when they dial people. This is routine for healthcare debt collectors to do. I just say 444-44-4444. It’s obviously a bogus number and the agent knows it. They’ll insist you answer with the correct one. OK, you got me! It’s really 333-33-3333.
  • Delivery! — “Gotta put the phone down, UPS is here. I gotta sign for it, just a sec” Set the phone down. You could put it on mute, but I never do. So what if they hear keys clacking? I’m in an office, that’s a normal sound. This one is great because I can say that out loud while walking, then just put my phone back in my pocket.
  • One Moment While I Connect Your Call — You are Judy, the Time-Life operator. Use your cell phone’s merge/add call feature and dial out to 248-434-5508, which constantly play’s Rick Astley’s Never Gonna Give You Up. Add the RickRoll call so you, Rick Astley and the phone agent are all on a conference call. Press mute. Put the phone away. They never stay connected more than a minute.

Professional scambaiting – the phone assassins

There’s also a deep dark corner of the Internet where professional and amateur telecom enthusiasts take out scammers through old-school vigilantism: by flooding them with junk phone calls.

I tried some of this myself and I must say it is quite gratifying. Here’s what happened when I started sucking in tech support scammers on to a conference bridge:

I also dialed another scammer from a test number that I can easily throw away. The scammer in India called me back and sent 174 as her area code (the U.S. telecom network does not have such an area code). My phone system detected that her Caller ID was bogus and sent her to a bot, which she started arguing with:

And then of course there is call-flooding, which wipes out their phone center completely. If you’re in the mood for sweet-justice, here’s a scammer receiving 600 calls/sec from a robodialer pointed at them in war mode.