Robocalls have been described as a modern-day “scourge of civilization.” These calls can be intrusive, annoying, and they frequently are the channel of choice for bad actors to perpetrate scams and frauds. Many of these calls rely upon using a “spoofed” calling party telephone number. Many techniques have been developed in an attempt to identify and reduce robocalls, but robocallers have learned to adapt. A tool that could identify when the calling number is being spoofed would be helpful.
Robocallers in the past would originate calls using by spoofing a single calling party number (“CPN”, a.k.a. automatic number identification or “ANI”). In some cases, the originator of the robocalls would first determine an unused telephone number, and then originate thousands of robocalls using that unused telephone number. Then, when called parties would callback the calling party number, the called parties would quickly learn that the CPN was actually unassigned. Frequently, the called party would encounter an intercept announcement informing them that the number was not in service. This left the called party will few options as to identifying the source of the calls. Thus, the called parties could not reach the robocaller in order to request the caller to cease calling them. The called party could complain to their telecommunications provider, or to regulators, such as the Federal Communications Commission (“FCC”), but of course the calling party telephone number would be of little help in identifying the call originator.
In response to this problem of robocalls using unassigned numbers, telecommunication carriers have been authorized by the FCC to block certain types of calls. For example, if a carrier knows that a CPN is unassigned or unallocated, the carrier can now block calls using that number as the CPN, because presumably, no legitimate calls would originate using an invalid, unassigned or unallocated number.
Scammers were quick to adapt, however. Scammers learned that using a single unassigned number would result in repeated calls to called parties, and this would result in callers recognizing that value, and hence not answering the call. Or, using a single unassigned number facilitated carriers identifying such calls, who may block such calls. In response, scammers altered their strategy for selecting a CPN. They began to select and spoof a CPN value that was assigned to an existing subscriber. Called parties who called back that CPN would then encounter a subscriber who was assigned that number, but in most cases who did not originate the call and had no knowledge of such calls. Obviously, that subscriber whose number was spoofed would be receiving a large number of callbacks from angry called parties, thinking that subscriber was originating the robocalls. The only recourse for that subscriber whose number was being spoofed was to complain to their telecommunications carrier, law enforcement officials, or regulators.
Obviously, the subscriber whose number was spoofed would complain vociferously and carriers would be obliged to react in some manner. One solution was for the carrier to block any calls using that CPN or disconnect that number from service, but that would effectively mean that the spoofed subscriber could not originate calls using that number. They would have to obtain a new number which is very inconvenient. From the scammer's perspective, they would use that number for a short time, e.g., a couple of days, but then the number would be blocked. Further, if the scammers continues to use that number, it was possible, though frequently difficult, for carriers to institute procedures to trace back the call originator.
So, scammers would then simply use another number. However, various analytics based processing would detect such usage, and could identify such callers quicker and block them faster. In response, scammers became even more sophisticated and began using a technique called “neighbor spoofing.” Neighbor spoofing essentially selects a CPN value based on the called party's telephone number (or “called party number”, or “CdPN”). For example, if a robocaller were to call, 404-555-1234 (the CdPN), the CPN value selected would be a minor variation of the last four digits (sometimes called the ‘line number’), e.g., 404-555-1267. The called party would believe that because the area code (404) and the central office code (555) were the same as theirs, that the caller must be located somewhere in the same neighborhood. Hence the term “neighbor spoofing.” Furthermore, in smaller towns, where there may be only a few central office codes used by the residents. Each central office code could accommodate 10,000 numbers, so a small town may require only a few codes. Thus, called parties can quickly recognize these central office codes and they would assume the caller must be local. That is, the call was presumed to be from a local merchant or some other acquaintance in town. This has the effect of increasing the answer rates. Thus, neighbor spoofing is an effective tool for increasing the answer rate and scammers are aware of this.
In metro areas which have a number of area codes, scammers have resorted to using nearby area codes. For example, in the Atlanta metropolitan area, area codes 404 and 770 are very common, so that a local resident based in one area code would not be surprised to receive calls in from the area code. Other areas codes in Atlanta are overlay codes (e.g., 678), which cover the same geographical area associated with both 404 and 770. Again, a local resident would expect that receiving a call in the 404, 770, or 678 area code would be local. Scammers will expand the scope of neighbor spoofing to utilize nearby area codes or exchanges.
By constantly varying the CPN value in a local area, identifying robocalls is more difficult for the carrier and called parties. One called party may complain to their carrier about robocalls purportedly originating from 404 555-1267, but that number may not be used by the scammer for the next call. Further, the carrier cannot simply block all calls originating from that number, since it may be a valid, assigned number, and blocking all calls using that number would adversely impact that corresponding subscriber whose number was spoofed. Thus, identifying and mitigating neighbor spoofed calls is a significant challenge encountered by the telecommunications carriers and a great annoyance to the public. Any technology reducing the number of neighbor spoofed calls would be an improvement to reducing the number and impact of robocalls and scam calls. There is little debate among the public that reducing illegal calls, particularly illegal neighbor spoofed robocalls would be beneficial.
It should be noted that not all spoofed calls are illegal, nor unwanted. There are various business applications where calls are originated using a spoofed number. For example, many doctor's offices and hospitals will arrange for automated calls to remind patients of appointments, confirm appointment times, report test results, initiate follow-up calls, etc. These calls may originate from a service provider using the telephone number of the doctor's office as the calling party number. Thus, the called party may recognize the number as coming from their medical provider when receiving the call. However, when that number is called back, the call is not routed to the service provider originating the reminder calls (which may be a contact center providing such services), but to the medical provider's location. Thus, spoofing in this context can provide a valuable cost-saving application to medical providers. Further, such calls are legal and are desired for many of the called parties.
One technology developed to address illegally spoofed calls is called “SHAKEN” and “STIR” (abbreviated herein as “S/S”).1 One skilled in the art of robocall mitigation would be familiar with this technology, and this technology is used to authenticate the calling party number on VoIP calls. The calling party number indicated in a call origination is authenticated by the originating service provider. The calling party number is typically indicate in a call establishment request message (e.g., the signaling used to initiate a call). The verification process involves application of a digital certificate to indicate the level of attestation. This process is referred to herein as “signing” the call. Hence, a “signed” call (or a call that has been “signed”) has been processed to determine the level of authentication. The digital certificate is passed along with the call setup message, which in the VoIP environment may be a session initiation protocol (“SIP”) INVITE message. At the terminating service provider, the digital certificate is examined in accordance with the S/S procedures and various procedures or services may be offered to the called party based on the level of attestation indicated. For example, a text-based indicator could be provided to a user on their mobile phone reflecting the level of calling party number authentication, which may aid the called party in knowing whether to answer the call or not. In other embodiments, calls in which the calling party number cannot be attested to may be handled different. 1 Various resources are available to provide further background details on the operation of S/S, and the teachings are not repeated herein. Further information may be found in references submitted contemporaneously with this patent application, which are incorporated by reference into this specification.
The utility of the S/S framework in identifying unauthorized spoofed calls is increased as more and more carriers deploy the technology, and as more switches within each carrier are updated and enabled with the technology. For purposes herein, a switch that is upgraded with the S/S technology to either sign call originations or recognized signed incoming calls is referred to as an “S/S configured switch” or “S/S enabled switch.” For example, if only one switch, referred to as Switch A, in a carrier's network is S/S enabled, then each externally generated incoming call to Switch A (i.e., from other switch) will necessarily not have signed the calls. However, once another switch in that carrier's network, referred to herein as Switch B is enabled, then calls from Switch B to Switch A can be signed.
However, neither Switch A nor Switch B can determine whether an external unsigned call received from some other switch has a spoofed number. This limits the utility and benefits of the S/S framework occurring only to calls between Switch A and Switch B. Any other calls will be unsigned, and therefore whether spoofing is present on these other calls cannot be readily detected. Therefore, there is a need to maximize the benefits of deploying a S/S framework on the switches that have been S/S configured when working in an ecosystem of other switches which are not fully yet enabled.
In order to fully appreciate the benefits of the technology and concepts disclosed herein, a basic knowledge of the working of the S/S framework is necessary. Only a high level overview of basic aspects are including herein. In addition, a basic knowledge of telephony, telephony numbering aspects, robocall call labeling and blocking, and number portability concepts are required. Number portability involves “porting” a number based on one switch to another switch. For example, a wireline number based on one end-off switch of a wireline carrier can be ported to a wireless carrier on a different switch. To route calls, number portability involves the use of a “local routing number”, which supplanted the use of the telephone number for routing purposes.
Prior to number portability, calls were routed based on the first six digits of the 10 digit telephone number. Thus, if the called number was e.g., 404-555-1234, the call was routed on the area code (or “NPA” for numbering plan area) and the central office code (“NXX” where N is a number 2-9, and X is a number 0-9). Thus, 404-555 was used to route the call to the proper destination. A central numbering authority, which those skilled in the art will be familiar with, manages the opening of NPAs and allocation of central office codes within each NPA to a carrier. With number portability, the NPA-NXX of the telephone number is no longer used to route numbers, since the number could be ported to a different switch. Thus, a “local routing number” (“LRN”) concept was defined, and this number was allocated to each switch. The LRN is signaled in the various call setup protocols, and is also formatted as a 10 digit number, where the first six digits conform to the NPA and NXX numbering conventions. The last four digits of the 10 digit LRN are believed to be non-critical to routing the call to the serving switch (a.k.a. terminating switch).