>At about 12:30 p.m., my phone buzzed. The caller ID said it was Amazon. I answered.
This is a terrible story and I feel for the person affected.
The lesson here is that there's no reason at al to answer any inbound phone call if it's not a personal contact.
There are only two reasons someone you don't know may be calling you:
- to sell you something
- to scam you
If it appears important like your bank or a government agency then call them back and do not answer. There is no upside and a potentially disastrous downside for trusting an inbound request of any kind.
> He told me to go to the FTC home page and look up the main phone number. “Now hang up the phone, and I will call you from that number right now.” I did as he said. The FTC number flashed on my screen, and I picked up. “How do I know you’re not just spoofing this?” I asked.
> “It’s a government number,” he said, almost indignant. “It cannot be spoofed.”
Completely insane that we continue to allow caller ID and number spoofing, it's so effective for these fraud scenarios.
I consider myself technically inclined, yet up until today I didn't realize numbers COULD be spoofed
One day a few months ago I woke up to a missed call from a verified number. I had been in a car crash the night before, and I was worried I missed a call from the driver's insurance company.
I called them back, and I was told that I was talking to a civil engineering firm; the receptionist was polite, but she sounded even more confused than I was. I had googled the number while I was on the phone, and yup, it belonged to a civie firm.
At the time I just assumed some engineer fat fingered my number by mistake, but I guess I missed a call from "Amazon" or "your insurance company" or some other nonsense. Funnily enough an insurance scam might have gotten me in the state I was in.
And, in fact, there are good reasons to spoof numbers. For example, a company may want all/many numbers to look like they come from a company's central exchange as opposed to an individual person's desk.
I think answering unknown numbers in real time is situational. I normally don't answer any of them; as you said, if it's important, they'll leave a message. But when I bought a refrigerator I knew delivery people would be calling, so I answered unknown calls until it was done.
The ability to view a transcript of the message in real-time is a great new feature of iOS 17. I use it all the time — and it's pretty much always junk.
I don't always answer calls from random weird area codes. But I'm also not willing to effectively throw out my phone as a way to reach me because I get the odd junk call.
The underlying issue is that answering these junk calls perpetuates them.
When I am expecting a call from an unknown number, I begrudgingly answer the junk calls, knowing full well the next several weeks will be full of them.
With cell phones being near-ubiquitous, there's no reason not to text and email in these scenarios.
My niece and nephew's school does text message updates. Informational communications from friends are by text or email (and can be confirmed via the mechanism not being used, or by arranging a call). I have never gotten a call for a delivery (it's all email and text if I've opted-in), and would treat one as a scam, even moreso if it is related to an online purchase. Legitimate emergency services have zero excuse for not displaying as such via caller ID.
More and more routine notifications ("You have an appointment next week") have moved to texts. (Lots of people ignore emails or they filter to rarely-checked tabs.) And pretty much no one where I work calls unscheduled. But there's still a fair bit of calling from doctors' offices, immediate needs, etc. They'll leave an often partial message if it's important but then you can get into call-back loops.
There are absolutely reasons to answer inbound calls. Job seekers will hear from recruiters they haven't heard from yet and heaven help you if you miss a call from a government agency because you'll be waiting on hold for a long time when you call them back. Like anything, there are tradeoffs.
Yesterday I ordered an Uber to go from a hotel to the Airport. Immediately after connecting with a driver I get an inbound call from another state.
I'm the type that never answers inbound calls unless it's in my contact list and even then I might not answer and let them leave a VM or follow up with a text.
But I made an exception in this case due to the timing and my desire not to miss my flight. It was the Uber driver clarifying the pick-up spot.
> But I made an exception in this case due to the timing and my desire not to miss my flight. It was the Uber driver clarifying the pick-up spot.
This points to failed process on Uber's part. There is no reason an Uber driver should need to call their customer from their personal phone. The pick-up spot is prominently displayed on both the driver's and rider's apps. You can't miss it.
Same for delivery drivers. If the package requires an in-person signature, there should be a process for what to do if the customer is not available that does not involve the delivery driver calling from a personal phone.
Would you believe that passengers frequently do not appear at pick up spots? Or that some pickup spots in some geographies in crodwed cities are unclear?
Some drivers call proactively to avoid issues. I’ve had multiple calls from Uber drivers.
Unemployment agencies can call to ask questions about your application and it'll go quicker if you pick up. Often it's important for people to get the unemployment money quickly.
Indeed. Hospitals and medical providers almost always call from unknown numbers, and if they leave a message the person leaving it may not be reachable easily for callback.
Recently I contested a fraudulent charge on a credit card. When they called me for information about the incident they couldn't offer any way for me to verify that they were from the bank they claimed to be from. No published number. Can't verify my information until they hear me give it. Can't call them back because they have an internal extension, it would go to the regular fraud number which starts the whole process over. My choice was either to cooperate or ignore them and pay the bill. It was in fact the real bank...
Ah, I meant that there is no way to reach a second tier fraud handler on any published number. If you start over, you'll just repeat the escalation process, and end up with another unverifiable caller asking you to verify information.
This was a $6k transaction. Depends on your lot in life, you're right. But, I think the takeaway is that it takes both you and the bank to prevent fraud. And only one of those is in your control.
This. Not in my contact list? Good luck getting a hold of me. And people who know me know not to call on my phone.
My bank will lock me out of online banking if they want something from me. That will get me driving to the bank to fix the issue in person. Anything less than that will be procrastinated into oblivion.
Exactly do not pick up any call unless it's in your contacts already let all others go to voicemail to screen them. Even those voicemails be weary of especially if it's something that sounds scary even a family members voice crying for help..call their phone number directly to see if they are ok (it's not an AI voice). If you do call the unknown number which is possibly using a fake voice of one of your loved ones or friends ask them personal questions and or shared experiences between you and them..the scammers haven't downloaded our memories (not yet at least).
Personally I ignore almost unknown calls and voicemails and do not do any online shopping. Those few that I respond back to I'll say I can't verify who you are (people search sites & google search) are you a scammer/spammer?
It's not as easy as it sounds. The POTS network was not built with this sort of authentication in mind. Though every major carrier has converted to all-digital backhaul (which still leaves a number of last-mile exceptions here and there), every evolutionary step was built around backwards compatibility. What was never there can't be magicked into existence, though of course it can be strongly encouraged with incentives.
Even though mobile-to-mobile and VoIP-to-VoIP calls carry subscriber information under the hood, other call pathways don't or require translation of the information. STIR/SHAKEN are designed to carry this information end-to-end but the need for backwards compatibility and the usual slowness of cross-vendor cooperation leave some gaps.
Plenty of identifiers can be spoofed (email addresses, for example). This doesn't mean they are not useful. 911 operators for example can use caller ID to locate someone who couldn't disclose their identity or was disconnected too early.
Getting rid of something useful just because it doesn't work perfectly is dumb. It's replacing infrastructure maintenance and improvement with demolition.
It's not a technical problem, it's a market capitalism problem.
Legislate that callers receiving a call without a valid caller ID will be allowed at least one month of bill payments returned and they'd make damn sure that they never routed calls without a caller ID. "Valid" would have to encompass things like 'foreign country of origin', I imagine. So, a call from a scam call center, that the local company allows to be routed, might only have "City, Country". But that would be enough to auto-block all non-domestic calls. Your home country's supplier can decide whether to route calls from a foreign peer, but I imagine that not being able to charge customers would be sufficient impetus?
A company routing more than X% of non-IDed calls could be subject to penalties against it's directors (a fine equal to a years income, and/or 5% of all assets, would probably be enough), just to sweeten things.
Why aren't we more militant with companies that enable antisocial/scam activities?
No, it's a technical problem. These weaknesses exist because legacy systems had them and the entire telephony network is nothing but backwards compatibility and technical debt.
So in your view well regulated telephone networks could not feasibly ensure every call has origin data? Not even to the level of upstream origin to the suppliers network?
In other words, they have no idea where calls enter their network from; a corollary of which is they don't know which company to bill for any of the calls they terminate.
Companies purposefully allow false origins for call centres, and purposefully carry calls from spammers for financial reasons (they get paid). It's not a technical problem.
What you describe is an historic problem, not a technical inability to act.
Traditional regulatory authority has been moderately effective at getting changes made already, but being too aggressive risks network fragmentation. Even the USA is just one participant in the NANP, never mind the global telephony network.
We also don't live in the days of AT&T having a monopoly anymore. Any change requires cooperation between different vendors, and ensuring a smooth rollout means allowing for a slow rollout. This is the telephone system after all, not some startup's barely-used product.
Plus the government has multiple arms and some of them don't want the changes to be made or not too quickly (surveillance, stings, etc.).
> The lesson here is that there's no reason at al to answer any inbound phone call if it's not a personal contact.
I was thinking about that the other day. I think 'incoming calls' is an idea that got badly implemented, or I'd even call it one of the worst features ever implemented.
Besides my friends and family (I normally text chat with them during day hours and calls after work), why would anyone unsolicitedly call me? I might be in a meeting or deep work; did that never occur to you? So, either I miss those calls or do not pick up.
Some scammers are just dumb. One of them called me on a weekend and said - "This is border police". DumbF*k, there's no border police.
This is a terrible story and I feel for the person affected.
The lesson here is that there's no reason at al to answer any inbound phone call if it's not a personal contact.
There are only two reasons someone you don't know may be calling you:
- to sell you something
- to scam you
If it appears important like your bank or a government agency then call them back and do not answer. There is no upside and a potentially disastrous downside for trusting an inbound request of any kind.