For years, phone scams have proliferated in America, recently getting worse in the amount of money they’ve extracted, while efforts to stop them have had little effect. Now, the U.S. government is trying something new. June 30 was the deadline set by the Federal Communications Commission (FCC) for major phone companies to implement an anti-robocall technology with an acronym evoking James Bond’s martini. “Implementation of caller ID authentication technology using the STIR/SHAKEN standards,” the FCC says, “will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help voice service providers identify calls with illegally spoofed caller ID information before those calls reach their subscribers.” Meanwhile, Americans receive millions of robocalls calls each month, and a recent report found that more than 59 million people in the U.S. lost money to phone scams over the past year. Who’s behind all this, and why is stopping it so difficult?

Marguerite Reardon, a senior reporter at CNET, explains that phone scams come both from inside the U.S. and from countries around the world, including Russia and India. Scammers often belong to criminal organizations, she says, while easy-to-use internet technology allows them to commit their crimes from anywhere. Reardon sees STIR/SHAKEN as an important step in U.S. authorities’ efforts to stop phone scammers, but she’s skeptical that it will make a significant impact. The frustrating reality, she suggests, is that the only reliable way to stop scams in a time of pervasive deception is for an informed public to know how to protect itself.


Graham Vyse: When and how did scam calls become such a big problem in the U.S.?

Marguerite Reardon: We’ve had problems with scam calls practically as long as we’ve had phones. With phone-call technology like Voice Over IP, or Voice Over Internet Protocol, it’s just gotten so cheap and easy to reach people, and scammers have picked up on that. It’s been escalating over the past decade.

Vyse: Has the severity of the problem been quantified?

Reardon: The companies doing data collection generally are also trying to sell people solutions to block these calls. YouMail, for instance, does regular surveys, which show these calls increasing, and people are getting scammed out of money.

Vyse: What do these scam calls sound like?

Reardon: There have been calls where scammers pretend to be from the Internal Revenue Service, telling people they need to immediately pay a penalty or they’re going to get arrested. People panic and give away their financial information. Another scam that’s been around forever is fake support calls from Apple: “Your account has been compromised, and it’s locked, and we need your password or your bank account information.” During the pandemic, there were a lot of scam calls about vaccines or treatments, so people would get scammed into making a purchase they thought would help protect them against COVID-19.

The Federal Trade Commission [FTC], the Federal Communications Commission [FCC], and some state attorneys general have tried to warn people, but these scams persist because, unfortunately, people often fall for them.

Brett Sayles

Vyse: I assume this is happening across America?

Reardon: It’s all over the place. It’s landlines and cell phones. That’s what makes it so infuriating.

Vyse: What laws do these calls violate?

Reardon: When it comes to mobile phones, there are actually very strict rules, regulations, and laws. No robocall is permitted unless you’ve given explicit consent. It’s not the same for a landline phone. Lawmakers believe your cell phone is such an intimate part of you—almost an extension of you as a person—that they made the rules stricter in terms of who can contact you on your cell.

Vyse: What if I only have a cell phone and I’m still getting many scam calls?

Reardon: All robocalls are illegal if you haven’t given consent, even if they’re coming from legitimate companies. There are a few exceptions, including for political solicitation. But even your kid’s school isn’t allowed to contact you via robocall on your cell phone without your explicit consent.

Now, sometimes you might not remember if you’ve given consent. Another thing people don’t realize is that every time you’re signing up at Walgreens, for example, to give them consent to be able to contact you, your information can get sold to somebody else. That gets into a whole other issue in Washington, D.C., about privacy and what companies should be expected to do in terms of protecting private information. People don’t realize that anytime you’re giving your phone number to anybody that’s just getting sold and recirculated everywhere.

The 2019 Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, or the TRACED Act, required this new STIR/SHAKEN technology and gave law-enforcement agencies more leeway to work together. It’s not always simply going after the callers. It’s also going after providers that are allowing this to happen. A lot of smaller providers are the ones who seem to be doing this a lot more.

Vyse: I understand companies selling our data to other companies, but are some companies selling your data to scammers?

Reardon: Yes. There were some enforcement actions against telecommunications companies selling consumer information to scammers. When credit card numbers get stolen, there’s a market for that. It’s the same with phone numbers. Maybe there’s a legitimate sale of those numbers or maybe something gets compromised and sold illegally, but it’s out there.

Vyse: You say scam calls have ramped up over the past decade. What’s the history of attempts to stop them?

Reardon: The FCC has been thinking about this for a while. During the Obama years, the FCC was talking about how to address these issues. It started having proceedings to look at regulations. Part of the problem, though, was that there was a law in place—the Telephone Consumer Protection Act—and there was some protection there for consumers, but the FCC didn’t want to go too far and make the rules too onerous for companies.

Vyse: What’s the concern?

Reardon: The concern is that, if you start allowing the phone carriers to filter too much traffic, they’re going to be blocking calls people want. You don’t want to miss an important call because some filter thinks it’s illegitimate. There’s a legitimate concern about being sophisticated enough in that filtering.

Vitaly Vlasov

The problem has gotten so bad, though—and congressional leaders have gotten so annoyed by the problem—that the FCC has been looking at ways to give the phone providers the assurance, “We’re not going to go after you if you’re legitimately trying to protect your consumers from these calls.”

The 2019 Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, or the TRACED Act, required this new STIR/SHAKEN technology and gave law-enforcement agencies more leeway to work together. It’s not always simply going after the callers. It’s also going after providers that are allowing this to happen. A lot of smaller providers are the ones who seem to be doing this a lot more.

The STIR/SHAKEN framework and protocol has been worked on for several years. There was some controversy early on: “Is this the right technology? Do we want to put a specific technology into the law?” The big carriers were already pretty much on board with the technology. They were already working on it. The reason legislation was needed was that Congress—and everybody else—felt that they weren’t doing it quickly enough, and everybody needs to have the technology enabled for it to work. The legislation was a way to put pressure and a deadline on it, so the carriers would finally get it implemented, and the big ones did.

With STIR/SHAKEN, there’s a database with all the legitimate numbers. A carrier can quickly make sure a call is coming from where it says it’s coming from and then forward the call on. If it looks like a spoofed call, it can be blocked or labeled as “SCAM” so you don’t answer it.

Vyse: What exactly does STIR/SHAKEN do?

Reardon: STIR/SHAKEN is an acronym for Secure Telephone Identity Revisited and Signature-based Handling of Asserted Information Using toKENs—but nobody’s going to say that. It’s basically trying to authenticate calls—to make sure they’re coming from the place you think they’re coming from. One of the big ways illegal robocalls happen is through “spoofing”—using a number you can’t simply trace back to some bad guy in Russia. Callers generate different phone numbers all the time, and sometimes it’s really tricky, because they’ll make it look like the calls are coming from your neighbor.

With STIR/SHAKEN, there’s a database with all the legitimate numbers. A carrier can quickly make sure a call is coming from where it says it’s coming from and then forward the call on. If it looks like a spoofed call, it can be blocked or labeled as “SCAM” so you don’t answer it.

Vyse: This is a database the phone carriers have?

Reardon: There’s a third party the FCC has chosen that manages the database, but the carriers give out the numbers.

Vyse: How important is STIR/SHAKEN in the context of past efforts to fight scam calls?

Reardon: It’s really important. As I said, many of the carriers, especially the major ones, had already been working on implementing this technology. The big guys—Verizon, AT&T, and T-Mobile—met the June 30 deadline easily, because they’d already started phasing it in, but the deadline was important. It got the big guys and medium-sized guys ready to go forward.

Andre Moura

The problem is that the FCC gave smaller carriers two more years to implement the technology, and a lot of these bad calls are originating from small Voice Over IP carriers. The FCC started a proceeding in the spring to try to move up that deadline from June 30, 2023, to June 30, 2022, for when even those small carriers have to comply with STIR/SHAKEN.

The context here is that the internet makes it really easy to become a phone company, if you’re providing service over IP. People don’t realize how, even in the traditional phone world, there are hundreds of small carriers across the country providing service. It’s not just AT&T and Verizon. There are a lot of small regional carriers.

Vyse: And if a scammer is using a small carrier, which is passing the call off to Verizon, for example, then the Verizon customer is affected?

Reardon: Potentially. Verizon is trying to address these issues. They provide some level of filter. Consumers can also put scam-blocking software on their phones, and a lot of people don’t use those.

Vyse: So, how effective is STIR/SHAKEN likely to be?

Reardon: It’s funny you should ask, because I had a conversation with FCC Commissioner Brendan Carr, and he said it’s like a “game of whack-a-mole.” The criminals always seem to be one step ahead of authorities. Authorities are doing the best they can—the FCC says it’s really getting serious about this, along with the FTC and Congress. I hope we start to see at least a slowing down of scam calls, but I don’t think they’re going away for a long time.