Column: When the phone company and the robocall scammer are one and the same
It was the sort of robocall racket that makes life miserable for consumers.
On the one hand there was Globex Telecom, a Canadian provider of internet-based phone service.
On the other was an outfit called Educare Centre Services, which the Federal Trade Commission says peddled “bogus credit card interest rate relief, illegally charging consumers millions of dollars.”
The connection? Both companies were controlled by the same person, identified by the FTC as Mohammed Souheil, a Canadian citizen.
The scheme, according to the FTC, is Souheil was able to use his legitimate telecom company as a conduit for his dubious telemarketing firm to target American households.
Globex and Educare agreed last week to pay about $2 million to settle the FTC’s lawsuit. Souheil is also prohibited from any U.S. telemarketing.
Although the settlement is good news for robocall-weary consumers, it also highlights a vulnerability to current efforts to reduce robocalls and “spoofing,” the sneaky technology used to trick caller ID systems.
Those anti-robocall efforts rely on telecom companies spotting spoofers and tracing robocalls to their source.
If a telecom provider, particularly one beyond U.S. regulatory reach, is in on the racket, it becomes much harder to crack down on the bad guys.
“The scammers are really devious,” acknowledged Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions, a trade group spearheading efforts to introduce new robocall safeguards. “They put a lot of effort into this.”
The Globex situation doesn’t mean industry efforts are for nothing, he told me, but it does show that keeping robocallers at bay is an ever-escalating game of whack-a-mole.
“If you put a really good lock on your front door,” McEachern observed, “they’ll just come in through the basement window.”
I tried to reach Globex Telecom. The Quebec company’s phone rang unanswered Monday. Its website could no longer be accessed after the FTC settlement was announced.
Globex’s phone service used what’s known as Voice over Internet Protocol, or VoIP. Basically that means digital voice service via internet data networks.
To reach American households, a VoIP call originating abroad would have to make its way to a domestic U.S. telecom network, which would then deliver the call to its intended recipient.
That’s what made the Globex/Educare link so insidious.
“If you’re an AT&T, it’s very difficult to spot scam calls coming from a legitimate VoIP provider,” said Mark Cooper, president of PKI Solutions, a Portland, Ore., cybersecurity consulting firm.
“Globex legitimized all the Educare calls,” he explained. “It wouldn’t be at all surprising if there was a lot more of this going on.”
Americans received about 3.7 billion robocalls last month alone, according to the latest figures from Irvine’s YouMail, a robocall-blocking app. That translates to more than 118 million robocalls a day, or roughly 1,370 per second.
The U.S. telecom industry is rolling out its own solution, a technology known as “Shaken/Stir” (and the nerdy James Bond reference is deliberate). It’s intended to do for phones what spam filters do for email.
With Shaken/Stir, a call is issued a digital “token” or “signature” at its point of origin. That marker is verified before the call makes its way to the recipient, thus weeding out known scam or spoofed calls.
Routing robocalls through a legitimate VoIP provider doesn’t make them impossible to spot, just a lot tougher.
It also disincentivizes American telecom firms from cracking down because they’d be going after a paying customer — the overseas VoIP company — that may also bring legitimate traffic to a U.S. network.
Teresa Murray, who oversees consumer advocacy on behalf of the U.S. Public Interest Research Group, said the Globex case highlights how sophisticated robocallers are becoming in targeting potential victims.
“This FTC settlement must be a wake-up call to phone service providers so they do more to protect consumers,” she said. “If not, the FTC must be vigilant in going after companies that enable this immoral practice.”
The FTC says it’s trying. The Globex settlement marks its first successful case against a VoIP provider.
“We will continue to go after companies like Educare that target people using these unlawful practices, and VoIP service providers like Globex who knowingly help them violate the law,” said Andrew Smith, director of the agency’s Bureau of Consumer Protection.
I heard much the same from the Federal Communications Commission.
“This is a significant problem, and we have taken a number of enforcement and rulemaking actions to take on these challenging problems,” said Will Wiquist, an FCC spokesman.
USTelecom, an industry association, said the organization assisted the FTC in its investigation of Globex and is committed to stopping unwanted robocalls.
“These calls aren’t just annoying,” Jonathan Spalter, the group’s president, told me. “They’re truly dangerous. They’re stealing from people.”
He admitted, “There’s more work to be done.”
The bottom line, as the Globex settlement illustrates, is that as long as there’s money to be made by preying on people in their homes, robocallers and spoofers will keep finding increasingly ingenious ways of getting past our defenses.
“There are no silver bullets,” acknowledged McEachern at the Alliance for Telecommunications Industry Solutions. “All we can do is try to reduce it like we reduce email scams.”
That’s no solution. But it’s progress.