The growth in the telecommunication industry has facilitated communication between parties geographically dispersed. Since most individuals have a desire to develop and maintain relationships, telecommunication devices (e.g., mobile telephone, landline telephone, smart devices, internet protocol telephone, voice-over internet protocol telephone, and the like) have become essential everyday tools. As a result, telecommunication behaviors have developed and evolved.
Consider the situation wherein, for example, a telecommunication request, such as a telephone call, is received. Usually, the recipient may unconsciously wait a few seconds before responding to the incoming telephone call. In an example, the recipient may not pick up the telecommunication device, such as the telephone, until the third ring. If by chance the recipient misses the call, such as the telephone stops ringing before the recipient is able to respond or the recipient is unavailable to respond to the telephone call, the recipient may call the missed number, as a courtesy. In many instances, the recipient may return the missed call even if the recipient is unfamiliar with the telephone number associated with the missed call.
In recent years, a practice, known as phishing, has emerged that has taken advantage of the telecommunication behaviors that have developed and essentially have become second-natured to many individuals. Given the telecommunication behaviors that have evolved, most phishing calls have been configured to ring for a shorter duration than an average incoming telecommunication request (e.g., telephone call). In an example, if an average person does not respond to an incoming telephone call until the third rings, the phishing call may be set to ring twice. In other words, a phishing call is usually timed to prevent a recipient from being able to respond to an incoming telephone call. By limiting the duration of the ringing, the phisher may be able to “lay the trap” without incurring an expensive telecommunication cost. In other words, if a connection is not made, the phisher's telecommunication cost may be minimal or even none.
The phisher is usually able to take advantage of a recipient of an incoming telecommunication request (e.g., telephone call) by relying on the telecommunication behaviors that have become an ingrained habit for many telecommunication device users. In other words, most recipients of missed calls may make a courtesy call to determine the identity associated with the missed calls. Unfortunately, some of the missed calls may be phishing calls. A phishing call is usually an incoming telecommunication request (e.g., telephone call) that may be made to lure unsuspecting victims. Most phishing calls have the purpose of creating a financial scam. For ease of discussion, the recipient of a phishing call is herein known as a phishing injured party.
In an example, the phishing injured party may call the telephone number associated with the missed call. Unbeknownst to the phishing injured party, the missed call is associated with a toll number. As a result, the phishing injured party may be charged with an extravagant toll charge when the connection is made with the phished number (i.e., telephone number associated with the phishing call). Additionally or alternatively, a phishing call may create a financial fantasy, such as winning a prize, that may require the phishing injured party to “contribute” money and/or personal data to facilitate the processing. Unfortunately, the financial scam usually results in the phishing injured party suffering financial losses. In an example, the phishing injured party may never receive the prize or if an item is received, the item is usually of insignificant value. In addition, the personal data that the phishing injured party may have provided may be utilized fraudently by the phisher, such as to apply for a credit card. As can be appreciated from the foregoing, the purpose of the phishing call is usually to take financial advantage of the unsuspecting victim.
To address potential phishing calls, a filtering method utilizing a black list may be implemented. A black list usually requires the identification of specific telephone numbers that a user may want to filter. In other words, if the telephone number is on the black list, telephone call associated with the specific number is filtered and prevented from making connection with the user's telecommunication device. Consequently, any number not listed may be provided access to the telecommunication device. Therefore, to be an effective black list, the black list may have to be maintained and constantly updated.
However, the ability to maintain the black list is not a simple task. Since the telephone numbers that a phisher may utilize may vary, especially since telephone numbers may be easily and cheaply acquired, most users are not equipped to maintain and update a black list that is proned to change. Ideally, if all phishing numbers are identifiable, the memory requirement to store all potential phishing numbers may require the telecommunication device to have a fairly large memory storage space. In addition, the ability for the telecommunication device to compare the telephone number associated with an incoming telecommunication request against all possible phishing numbers may require time and processing power that may cause great inconvenience to the user of the telecommunication device. Due to at least the aforementioned limitations, the black list filtering method usually has a low detection rate.
Another method that may be implemented to address phishing calls is the utilization of a filtering method associated with a white list. As discussed herein, a white list refers to a database/list that may store contact information, such as an address book. The white list is usually associated with a specific telecommunication device and may be internally stored on the telecommunication device or a memory card associated with the telecommunication device. Consider the situation wherein, for example, an incoming telecommunication request is received. The telephone number associated with the incoming telecommunication request (e.g., telephone call) may be compared against a white list. If the telephone number associated with the incoming telecommunication request is not on the white list, the incoming telecommunication request may be filtered and discarded.
Similar to the black list, a white list required the user of the white list to maintain and update the white list. Thus, if a friend has recently changed his telephone number, for example, incoming telecommunication requests (e.g., telephone calls) from the friend may be blocked if the user of the telecommunication device has forgotten to update his white list. Since the incoming telecommunication request is filtered and discarded, the user may not realize that his friend is trying to contact him, especially since details about a blocked incoming telecommunication request is usually not saved. Even if details about the telecommunication request are saved, the saved data are usually not easily retrievable by an average user of a telecommunication device.
In another example, an incoming telecommunication request from a public telephone may be a valid telephone call from the recipient's sister. Since the user is unlikely to have the telephone number associated with the public telephone listed on his white list, the incoming telecommunication request from the public telephone is also filtered and discarded. Due to the limitation of the white list, many actual valid telecommunication requests may be unnecessarily blocked. As a result, the white list filtering method may cause a high false positive.
As can be appreciated from the foregoing, both filtering methods require maintenance of lists that may be a challenge to maintain and update. Since both filtering methods identify potential phishing calls based on an ongoing ‘updated list”, the incompleteness of each list may cause the filtering method to be either too restrictive (as in the example of the white list filtering method) or too lax (as in the example of the black list filtering method). Thus, both filtering methods do not provide a complete solution of enabling telecommunication while protecting users of telecommunication devices from potential phishing calls.