Security

Researchers Reveal Method To Stifle Malicious Robocalls

robocall incoming on a smartphone

Researchers at North Carolina State University on Wednesday revealed a novel method for foiling malicious robocalls.

Called SnorCall, the method uses artificial intelligence to analyze the content in robocalls and, in a significant number of cases, provide law enforcement and other stakeholders with the information they need to track down the bad actors behind the calls.

In a paper presented at Usenix Security Symposium in Boston, the researchers explained how SnorCall was used to record 232,723 robocalls collected over 23 months on more than 60,000 phone lines provided to them for their project by Bandwidth, a telecommunications platform provider.

The robocalls were then transcribed and analyzed by a machine-learning network called Snorkel, which is where SnorCall gets its name. Snorkel allows researchers to build and manage training datasets without manual labeling, turning weeks or months of work into hours or days.

“Snorkel is the machine learning framework, which we use as the foundation layer to analyze robocall audio,” explained Sathvik Prasad, a Ph.D. student at NC State and first author of the paper.

“Our framework is flexible enough to categorize any kind of robocall,” he told TechNewsWorld. “In our paper, we demonstrate how to do that for social security and tech support scams, which are predominately malicious.”

“There are quite a few benign but annoying telemarketing calls, like auto warranty calls,” he added. “We collected those, too, but they’re not as harmful as a border patrol or social security impersonation call. What we focused on was the most egregious calls, the most harmful ones to society, and studied them in detail.”

Tracking Down Robocallers

SnorCall uses the labels generated by Snorkel to identify what each call is about. Does it mention a specific company or government program? Does it request specific personal information? If so, what kind? Does it request money? If so, how much?

All that is fed into a database that can be used to identify trends or behaviors. The researchers also demonstrated how they could find phone numbers that could be traced back to the originators of the robocalls.

“Scammers can fake where a robocall is coming from, but they can’t fake the number they want their victims to call,” Brad Reaves, corresponding author of the paper on the work and an assistant professor of computer science at NC State, told TechXPlore.

“And about 45% of the robocalls we analyzed did include this ‘callback number’ strategy,” he continued. “By extracting those callback numbers, SnorCall gives regulators or law enforcement something to work with. They can determine which phone service providers issued those numbers and then identify who opened those accounts.”

“What we did — extracting callback numbers from robocalls — had never been done before,” added Prasad. “It allows us to tie those numbers to the global calling infrastructure, which is also unique.”

He noted that “spoofing” caller ID numbers was an almost universal tactic used by malicious robocalls — with 95% of the calls spoofing caller IDs.

Out-of-Control Problem

“Robocalls are out of control in the U.S.,” maintained Maria-Kristina Hayden, CEO and founder of Outfoxm, a cyber hygiene and resiliency company.

“Some estimates show over 50 billion calls to U.S. consumers in 2022 alone,” she told TechNewsWorld. “I hear from hundreds of individuals a month who are fed up with the cadence of ‘scam likely’ calls to their cell and home phones.”

The robocall problem is complex, added Liz Miller, vice president and a principal analyst with Constellation Research, a technology research and advisory firm in Cupertino, Calif.

“The reality is that the number of scam calls is rising, often targeting disproportionately vulnerable audiences, such as elderly non-English speakers who are terrified their social security number is being used as part of a criminal act,” she told TechNewsWorld.

“But the reality is that more of these automated recorded calls are being used by legitimate businesses, organizations, or government offices as a fast way to distribute information. The weekly recorded message from a school principal to parents is one example,” she continued.

“Robocalls are not all bad, and they are not all unwanted,” she said. “However, there is also a spotty capacity to differentiate or weed out the good from the bad. The company YouMail released numbers at the start of 2022, noting that in December 2021 alone, robocalls averaged 1,831 calls per second.”

Believable Deceptions

Technology analyst Jeff Kagan noted that many of those calls can be problematic for consumers. “Robocalls are often the first step in a process that leads to theft,” he told TechNewsWorld.

Robocalls are a problem because they are malicious, and becoming more believable, tricky, and a nuisance, declared Hayden.

“Even the national Do Not Call list and paid apps that are supposed to prevent calls are not very effective — and I’ve tried many of them,” she said.

Robocall campaigns are becoming more and more effective as criminals leverage global context to make their lures more believable, she added. “For instance,” she continued, “during Covid, scammers called posing as pharmacies calling with Covid test results or vaccine appointments.”

“Scammers are also targeting specific generations with topics that may lure them in, such as posing as representing Medicare and calling older populations,” she noted.

Some robocalls can even be terrifying, asserted Miller. “Being told your passport is being held at a consulate unless you pay a fine can be downright chilling if you don’t know the call is a total scam,” she observed.

She also pointed out that robocall scammers are getting more sophisticated. She cited a tag-a-long scam pegged to Camp Lejeune lawsuits.

“While legitimate calls to action were being deployed to join a pending legal action, robocalls were deployed telling people to call a number, where they were asked for a credit card number to join the case and become a plaintiff.”

Best To Be Skeptical

Kagan advises consumers that skepticism is the best protection against robocall scams. “You should be aware that the vast majority of times you get a call or an email or a text from someone whom you don’t know, you should assume it’s a scam and ignore it.”

“I get dozens of attempts every day by phone, voicemails, emails, and text messages,” he said. “There’s simply no way to see through all of them.”

“It’s unfortunate that we’ve come to this,” he said. “But we have.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels