It is true that not all robocalls have a scam behind them: some companies and public entities use robocalls to communicate important information. The difference with the ones made by the bad guys is that these require consumers to register to receive them.
However, in recent times some organizations, such as the Internet Security Office (OSI) in Spain, have warned of a significant increase in this type of telephone scam. They usually pretend to be ordinary organizations, such as your bank, and make offers to you in order to access your credentials. There are also many cases related to other sectors of our daily lives, such as health, telephony, home insurance or even Social Security itself.
According to YouMail, an American company specialized in blocking robocalls, consumers in the North American country have received nearly 22 billion robocalls in the first five months of the year, and could reach more than 52 billion by the end of 2021.
With this scenario, the US Federal Communications Commission (FCC) has decided to make it a little more difficult for cybercriminals and therefore has established that all voice providers verify where the calls are coming from.
Stir/Shaken technology ensures that calls traveling through phone networks have their caller ID signed as legitimate by originating carriers and validated by other carriers before the calls reach your mobile.
Stir stands for ''Secure Telephone Identity Review'' and Shaken stands for ''Signature-Based Handling of Claimed Information Using Tokens''. Stir is the technical protocol and Shaken is the framework by which calls can be traced in the new robocall mitigation database, explains the specialized media CNET.
In short, this new technology authenticates the origin of a phone call and ensures that the information on the caller ID matches.
Currently, companies like Google have begun to implement a function for verified calls in the Android operating system. Users with the Google Phone app will be able to check if the incoming call is from a verified source, marked with a blue check.
Verified calls, they specify from Google, aims to solve this type of problem and, to do so, it will show the name of the caller, the logo, the reason for the call and a verification symbol that indicates that the company has been authenticated by the tech giant.
A 2019 Federal Trade Commission report revealed that phone calls were the primary means of contact for scammers. Although most people claimed to have hung up on those calls, the fraudsters' nefarious intentions were successful in some cases, earning, on average, $1,000 per scam.
This type of modus operandi is known as a vishing campaign, in which cybercriminals pose as companies to obtain user data.
Vishing, like many other social engineering cyberattacks, is based on a series of techniques with which to gain the user's trust, generally by posing as a person or entity recognized by them. As we said, sometimes it can be your bank saying that there have been a series of suspicious charges in your account and they want to review the latest movements with you. To do this, it asks you for a series of data, such as your credit card number, CVV and signature code.
Remember: your bank will never ask you for this type of information, much less by phone or by email. But even so, it is possible that you are not aware or do not reflect on it because they are pressing you and you end up sharing it.
Two types of robocalls that can hide a scam are identified: those that use automatic dialers and recorded messages and those that are executed by illegal robocallers, that is, when it is a human who is speaking to you. Normally it is these second ones that tend to catch the most clueless.
The Internet Security Office itself offers a series of basic tips to detect and avoid vishing scams behind robocalls: