Telstra CEO Andrew Penn is calling on industry, government and regulators to do something about the relentless onslaught of scam calls using spoofed numbers targeting Australian consumers.
In a LinkedIn post, spotted by ITNews, Penn said Telstra had blocked 2.9 million calls in July, but despite its efforts he said the calls keep coming, comparing it to a game of "whack-a-mole".
“This is no game though - they usually involve a customer getting a call from an overseas country that dials once and hangs up,” wrote Penn.
“If the customer calls back they are unwittingly dialling a premium number and will incur significant call costs - and the profits go direct to the scammers and this year they are expected to net more than $500 million from unwary Australian consumers.”
"This is an industry-wide issue of broad community concern and we need industry, government and regulators to work together to address it," wrote Penn.
Call back scams however are just part of a bigger mess linked to number spoofing, where callers overseas fake a local number as part of a fraud scheme.
The Telecom Industry Ombudsman (TIO) earlier this month warned Australian consumers of 'remote access scams', where a caller impersonates a tech support from Telstra or Microsoft convinces the victim to provide remote access to their computer.
ACCC’s Scamwatch currently estimates remote access scams have cost Australian consumers $3.5 million this year. It’s the fourth most costly scam behind investment, romance, and false billing scams based on reported complaints.
Phone scammers have even impersonated staff from the Australian Cyber Security Centre in an attempt to defraud Australian consumers using remote access scam methods.
The TIO noted a “concerning new trend” from victims who say they called their telco’s tech support line about a real problem and, shortly afterwards, the victims were called by a scammer impersonating the correct telco. After that it followed the usual routine, where scammers ask for consumers’ banking details to buy software in order to fix the problem.
“These consumers were particularly receptive to the scammer, because they had just been speaking with their telco provider about a real technical issue,” the TIO noted.
Penn doesn’t state what regulators or lawmakers should do to combat the problem of scam calls and spoofed numbers.
However, a Telstra exec recently noted the SHAKEN/STIR protocol as a possible industry-based solution from telcos. It’s being rolled out by US voice carriers to counter the flood of spoofed-number robocalls -- automated calls with prerecorded messages -- and scam calls targeting consumers there.
The SHAKEN/STIR protocol is the industry-end of a complicated effort within America to deal with scam caller problems there; solutions from lawmakers and regulators haven't been completely welcomed by consumer advocates.
US telecoms regulator the Federal Communications Commission (FCC) in June voted for new rules that would require all voice carriers to implement the call authentication system by the end of the year.
The FCC at the time also voted in favour of carriers blocking robocalls by default, but it didn't prevent carriers from charging consumers for blocking these calls. In July, it turned out that AT&T, the US equivalent of Telstra, would block robocalls for free, but also charge consumers for blocking spam calls.
Nonetheless, to turn up the heat on spammers, the FCC in August made it illegal for foreign callers to spoof a US number a month after the House of Representatives approved the Stopping Bad Robocalls Act.
SHAKEN/STIR stands for Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR).
The system allows carriers to ‘sign’ calls originating from their network with cryptographic certificates, while the terminating carrier cryptographically verifies the call.
The protocol doesn't actually stop number spoofing from foreign callers, however it could stem the tide of these calls since calls originating outside the country should fail the verification process and therefore would not be marked as 'verified', according to AT&T. The telco completed an industry-first cross-network test of the protocol with Comcast in March.
The question for Australian consumers now is whether lawmakers and regulators can devise a suitable response that addresses the problem of scam calls but also doesn't expose users to extra fees for protection against spam calls.