Google and Apple should do more to fight phone scammers, says researcher

Cooperation with government is key, but it’s only part of the solution…

Google and Apple should do more to fight phone scammers, says researcher

UPDATED 05/07/17

Technology companies like Google and Apple should be doing more to protect users against phone scammers, says one security researcher.

David Glance, the director of the UWA Centre for Software Practice at the University of Western Australia, is all too familiar with the different types of scams that prey on users. One of the most common types of scams he's seen are those annoying messages that arrive in users' inboxes. Fortunately, spam filters and machine learning are getting better each day at identifying those ruses.

Not all scams are receiving that same level of attention, however.

One such neglected scam is the phone ploy, which according to Glance accounts for 45 percent of all scams in Australia. He explains as much in an article for The Conversation:

"... Very little has been done about phone and text scams. This is surprising given scammers have quite brazenly stuck to using the same number or area codes over significant periods of time."

Phone scammers, such as those nefarious individuals who perpetrate the "can you hear me" ruse and who capitalize on data breaches, sometimes use the same numbers to prey on unsuspecting users.

These numbers inevitably end up on sites like "reverseaustralia" when users submit complaints to the Australian Competition and Consumer Commission (ACCC), the Federal Trade Commission (FTC), and other government agencies. But because of the difficulty of dealing with customers, the ACCC's ability to protect customers is limited to primarily providing information about scams.

Glance feels this doesn't have to be this way.

On the one hand, he believes governments should take a more proactive approach to dealing with scammers directly:

"It would be relatively easy for government agencies globally to provide a centralised database of numbers associated with scammers. All mobile phones have software available to check phone calls and text messages, and could look up incoming numbers against this database and warn users if there was the slightest suspicion about the caller."

The ACCC, FTC, and agencies could then make these databases available to technology companies like Apple and Google. In the very least, he thinks sharing users' complaints that include details about scammy phone numbers with these tech giants would be a good idea.

On the other hand, he feels the big names in Silicon Valley should be doing more on their own:

"Google and Apple should, however, be able to do more independently of these agencies. With the advent of machine learning techniques being used to analyse emails, it will be also possible to apply the same technology to phone calls."

Until the private sector and governments take a more active role, users can only do so much to protect themselves against phone scammers. There are a number of apps available that can help them screen calls for phone numbers commonly associated with fraudsters. Many Android users also now enjoy an updated feature that warns them if an incoming call is scammy.

But these measures aren't exactly a "win-win" for scam protection and privacy. On the one hand, many call blocking apps collect scammy numbers from registered users' contact lists, which means they could expose participants' phone numbers. Similar risks would arise if governments and tech companies were to increase their efforts towards protecting users against phone scammers. If government agencies were to, say, compare users' incoming calls against a database of known scammy phone numbers, what ELSE could those agencies do? And do we really want to give tech giants MORE access to our devices than they already have?

At the end of the day, caller ID spoofing makes it next to impossible to consistently block phone scammers. As a result, users should focus on strengthening their mobile device security by exercising caution around text messages and phone calls delivered from unknown numbers. They should never click on links embedded in text messages sent from suspicious numbers. Also, they could always let an unknown phone call go to voice mail and use that subsequent record to evaluate the number's legitimacy.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. David L

    July 5, 2017 at 4:29 pm #

    One of the biggest scammers are the Windows support scams. But there are lots more these days, including, those pretending to be from multitudes of government agencies like the IRS, various law enforcement (parking tickets), and Utility companies. But, recently, an anonymous security researcher has taken to Flooding the Scammers phone lines with a repeating message, to prevent them from calling out. He started a YouTube channel to record these calls, and let me tell you, they are hilarious!
    https://youtu.be/EzedMdx6QG4 this is just the first out of five they have recorded so far. Giving the scammers a taste of their own medicine.

  2. RDaleBarrow

    July 5, 2017 at 9:51 pm #

    Instead of end users doing the dangle and thrash to try to get around the problem the *telephone companies* should step up to the plate, research the problem, and find some way to stop this annoyance. These junk calls rotate numbers faster than 100% N3 on your favourite Rolls Royce jet engine.

    Voice over Internet is basically free. I suspect most of my incoming overseas, read scammer, calls use it. It is tough to tell what with spoofed phone numbers.

    I asked my TELCO if I could have all incoming VOIP calls routed to the Bit Bucket (or telephony's equivalent). As is their wont: "We can't do that."

  3. Walt R Mitty

    July 7, 2017 at 6:17 pm #

    Windows scammers ? On quiet days I compete with myself to see how long I can keep them engaged before explaining I'm on Linux.

Leave a Reply