UK telecoms regulator Ofcom is planning to ratchet up its battle against so-called nuisance calls by attempting to cut them off at source, forcing major phone operators to automatically block any suspicious calls that are generated overseas under the guise of UK numbers.
The clampdown will only affect Voice-over-Internet (VoIP) calls but these are thought to be the weapon of choice for many rogues and scammers as VoIP providers simply switch the call from the Internet to the phone networks and there are very few checks in place.
According to Gabriel Cirlig of US cyber-security firm Human, telecoms companies are not inspecting the traffic they receive from VoIP providers, they just let it through onto the network.
He told the BBC: “Recently, because of the ease in implementing your own private enterprise telephone system, everybody can have access to critical telephone infrastructure.
“Because of this lower barrier of entry, it is very easy for scammers to build their own systems to spoof mobile numbers – the cybercriminals are essentially pretending to be legitimate corporate telephone networks in order to have access to legitimate telco infrastructure.”
He said it is currently up to the VoIP provider to check whether the calls it is handing over to telecoms networks are actually legitimate. “This is not a regional problem or restricted to one type of infrastructure, this is a systemic issue that allows crime to cross any borders. This feature is enabling the VoIP business model so they don’t want to stop it,” he concluded.
However, there are concerns that the crackdown will also harm legitimate businesses. Many VoIP networks are already based overseas and so it is not as simple as highlighting “foreign calls“, since many legitimate businesses and individual VoIP customers may still be UK based, even if the traffic appears to be external.
Even so, Matthew Gribben, a former consultant to GCHQ, claimed: “It’s fundamentally the foreign VoIP providers that are technologically enabling these gangs to operate, so Ofcom’s move will make a huge dent in this. It doesn’t fix everything, but it’s an excellent step in the right direction.”
The move follows yet another surge in rogue calls, with Ofcom reporting four in five Brits said they had received a unsolicited message, in the form of either a text, recorded message or live phone call to a landline or mobile in the past three months. This represents an estimated 44.6 million adults.
Scams are most commonly attempted by text, with 71% of people saying they have received a suspicious message. A further 44% who reported receiving such a message at least once a week.
While 75% of those aged 16 to 34 were targeted with rogue texts, suspicious calls continue to be a threat for landline users, with older people particularly susceptible. Ofcom says three in five over 75s reported receiving a potential scam call to their landline.
Overall, around 2% of those who received such a message or call (about 1 million people) reported falling for a scam.
While “nuisance calls” come in many guises, unsolicited marketing calls are one of the biggest concerns and Decision Marketing recently revealed that consumer complaints about telemarketing activity hit a four-year high in the first six months of this year.
According to Information Commissioner’s Office stats, from January to June 2021 there were 83,558 complaints under the Privacy & Electronic Communications Regulations (PECR), covering live calls, automated calls and SMS, more than double the same period last year (38,629).
Under new Government proposals, set out in the recently published consultation entitled “Data: A new direction”, ministers want to bring the Privacy in Electronic Communications Regulations (PECR) in line with UK GDPR, meaning potential fines for rogue telemarketers could be increased from a maximum of £500,000 to up to £17.5m or 4% of annual global turnover.
The consultation highlights that the Information Commissioner’s Office can only take action on calls which are “received” and connected, and the Government is examining whether the ICO could take action against organisations for the number of unsolicited direct marketing calls that are “sent”.
This would be complemented by a new “duty to report”, which would require telecoms providers to report when they have identified “suspicious traffic” (calling, texts etc.) on their networks.
It also calls for views on the benefits and risks of mandating communications providers to do more to block calls and text messages at source, as well as the benefits and risks of providing free of charge services that block incoming calls from numbers not on a so-called “allow list”. These services are offered by most providers but customers have to pay for them.
Commenting on the new plans to cut off rogue international calls, Ofcom networks and comms group director Lindsey Fussell said: “We’ve been working with telecoms companies to implement technical solutions, including blocking at source, suspicious international calls that are masked by a UK number.
“We expect these measures to be introduced as a priority, and at pace, to ensure customers are better protected.”
Will tougher fines bring victory in nuisance call war?
How will UK data reforms hit the marketing industry?
Govt reforms to axe Information Commissioner’s role
Rogues back on the phones as PECR gripes hit new high
ICO defends its record after scathing Telegraph report
Ofcom warns caller ID scams will take years to kill off
TPS is working but we need more complaints, says DMA