Spam Call Nightmare Inundated Woman With Hundreds Of Weird Phone Calls A Day
As a real estate agent, Kim France’s activity depends on responding to calls from unknown numbers. But for a period of five days in June, her cell phone was inundated with so many unwanted calls that it was nearly impossible to answer legitimate calls.
âI’m in the middle of a cell phone nightmare,â France, who lives in Hilton Head Island, South Carolina, said in an email to Ars after three days of calls. “My phone started ringing three days ago and has continued to ring every few minutes since then. Each time it is from a different number … I can’t make a customer call, I can’t not texting because incoming calls interrupt the process, I can’t even take pictures for the same reason. “
The first night, France went to bed, slept 7.5 hours and woke up with 225 missed calls, she said. Calls continued at about the same rate for the remainder of the five-day period, bringing the number of calls to around 700 per day.
France installed automated call blocking tools on her phone, but they haven’t stopped the flow. Unfortunately, anti-robocall services that rely primarily on blacklists of known fraudulent numbers usually do not block calls when the caller ID has been spoofed to hide the real number of the caller.
U.S. consumers receive 2.4 billion automated calls per month, and those from spoofed numbers are among the hardest to stop, according to the Federal Communications Commission. Recognizing that today’s automated call blocking systems are often useless against spoofed automated calls, the FCC recently called on carriers to step up their efforts to block them.
France’s case posed even greater challenges than usual, as it may have been the victim of a targeted attack rather than an ordinary robotic caller. The question also arises as to whether the calls received by France were technically “automated calls”. But what we do know for sure is that the problem of unwanted phone calls is still unresolved, and France’s ordeal shows what can happen in an extreme case.
France’s efforts fail
Trying to stop the flooding, France put its iPhone in do not disturb mode to block initial calls while allowing repeated calls from the same number to go through. But then the calls started arriving twice from the same number in order to ring on his phone, so France had to turn off the setting that allows repeated calls.
Oddly, there was no one or recorded voice on the other end of the phone when France answered the calls. Instead of attempted scams, France said the calls consisted of sounds similar, but not quite similar, to that of a fax machine. Automated calls left long voicemail messages, filled its storage with voicemail messages, and prevented customers from leaving legitimate messages.
âMy initial thought was that it was definitely just a computer glitch somewhere,â France said. She later began to suspect that someone might be targeting her in a calculated attempt to disrupt her business. And then, as suddenly as they started, the calls stopped “out of the blue.” Everything is back to normal.
During the five-day deluge, France was worried enough to contact police, a consumer rights lawyer, and Verizon Wireless, but the calls continued. Despite his suspicions, the possibility of France being targeted by a malicious person seemed remote to him, until weeks later when Ars discussed the case of France with the maker of RoboKiller, a new robocall blocking service. .
Evidence points to targeted attack
We described France’s nightmare to RoboKiller co-creator Ethan Garr and provided him with screenshots of the France phone showing the caller ID of a few dozen numbers that called her. The RoboKiller tech team then checked their system to see if they had previously blocked any of these numbers.
Instead of simply relying on a block list, RoboKiller’s technology analyzes the audio fingerprints of calls and can thus block many automated calls from spoofed numbers. Robokiller won first place in a competition organized by the Federal Trade Commission in 2015 to find the most promising new anti-robot technologies, and the company has continued to improve its technology since. Despite this, RoboKiller had never reported any of those 36 numbers as suspect, so it wouldn’t have helped France during its five-day robbery of robocalls.
Caller IDs have been tampered with. In some cases, caller IDs mimicked real numbers that might belong to real people. In most cases, the numbers calling France were completely wrong, coming from area codes (like 411) or from exchanges that did not exist. In other words, the identity theft attack used many random phone numbers instead of the ones that might appear legitimate.
Scammers looking for money often spoof local phone numbers so that victims think it is a valid call. Whoever was targeting Kim France didn’t care, the only apparent target was disruption.
There is still a possibility that this was not a targeted attack and that the France issue was caused by a bug in the autodialer software used by telemarketers or scammers. It’s also possible that it was a “fax scam gone bad,” Garr said.
But based on the evidence, it was most likely a targeted attack, the RoboKiller team concluded. There is no financial value in calling someone hundreds of times with fax-like noises. Most scams attempt to extract money from the victim. The noises themselves were probably used to confuse France as to whether the calls were legitimate or not.
âOur theory, and I’m pretty confident, is that it wasâ¦ someone who was trying to attack Kim France,â Garr said.
No challenge for a determined attacker
We don’t know if anyone has had a vendetta against France, or if a dedicated prankster has just targeted a widely available phone number. But either way, Garr says leading such an attack wouldn’t have been too difficult.
âMy developer said, just to give you an idea, if he wanted to do it for you now, he could set it up in 30 minutes,â Garr said.
Searching the web for “fake fax sounds” can quickly find websites that provide fax noise files. Using these audio files, a little programming knowledge, and readily available tools, an attacker could have launched a similar attack.
“I’ve never heard of that”
Some online services allow you to make calls from spoofed phone numbers. While there are legitimate reasons for making such calls, automatic dialing and impersonation can also be used for malicious purposes.
âI know a developer who got so mad at someone that they just wrote code to call a number billions of times and drive that person crazy,â Garr said. (Garr added that he does not tolerate such behavior.)
RoboKiller owner TelTech runs a fraudulent calling service called SpoofCard but it does not allow robocalls and therefore certainly could not have been used by the French striker, Garr said. Companies have long used forged caller IDs so that employees can call customers from a single number, Garr noted. Garr’s stepfather, a veterinarian, uses SpoofCard to call patient owners from their homes at night without revealing his personal phone number. The point is, caller ID spoofing technology is widespread and easy to use for both legitimate and malicious purposes.
But as simple as it is, the specifics of the France case were new to Garr. This helps explain why RoboKiller isn’t blocking the types of calls that have disrupted real estate activity in France.
âI’ve never heard of this problem,â Garr told Ars. “As soon as you sent this, I wondered if we should block out fax noise.”