Almost everyone has been plagued by robocalls on a home or mobile phone. Last year, there were 58.5 billion robocalls, according to a study by YouMail, which estimated the average American received 178.3 robocalls in 2019. Although the deluge of robocalls lessened this spring with COVID-19 pandemic, a growing number of enterprises are now facing the problem as well.
“For organizations, robocalls can overwhelm a receptionist, hurt overall productivity and pose a security threat,” said John Adler, CEO, Call Control, in a presentation at the IAUG South Florida Chapter’s June 17 virtual meeting. “It’s important to take steps to protect your company.”
Adler said he began looking at an IT solution after his father was the victim of a $300 tech support scam over the phone. Now, his company offers Community IQ™an automated voice firewall system that integrates with Avaya Session Manager and can be customized for an organization’s specific requirements.
“Many enterprises have made major investments to safeguard the IT infrastructure, but the voice channel is largely unprotected,” Adler said. As a result, hackers are using robocalls to gain access to financial accounts or employees’ personal information. For instance, a hacker might try to set up a three-party call to try to trick a contact center agent into giving an account number. “One criminal used AI software to impersonate the CEO’s voice and demand an immediate wire transfer of funds,” Adler said. “The chief financial officer thought he was speaking to his boss. Fortunately, the fraud was discovered before the transfer was completed.”
Adler said it’s important to educate employees about how to identify and handle phone phishing or “vishing” scams. Among the red flags are callers who offer to split a prize, make threats, or push for an immediate purchase in order to obtain credit card number. “It’s always a good practice to ask for a call-back number,” he added.
Contact centers and help desks are also vulnerable points of attack, as callers pretend to be customers or prospects seeking names, titles and phone numbers of managers, as well as any credentials that would allow them to penetrate the network.
Another major problem with robocalls in the enterprise is loss of productivity and a potential downgrade to customer service. Adler said one hospital received 4,500 scam calls in just two hours – each of which had to be answered by a person in order in case the call involved an urgent medical issue for a patient or family member.
To address that issue, enterprises can invest in quality call-blocking technology for their mobile, landline and business phones. the goal is to allow legitimate calls from customers or prospects, while blocking spam or vishing calls. For example, Call Control’s cloud-based system incorporates public and private sources to create a proprietary database of robocall and spoofed numbers. “You can set up rules to allow, block or send callers to voicemail,” Adler said. “There are call logs behind this, so you can go back and change on a per-call basis.”
In the coming months, the U.S. robocall landscape is likely to see some significant improvements. The Federal Communications Commission (FCC) has adopted a framework called STIR/SHAKEN for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards. Carriers would validate U.S.-originated calls that pass through interconnected phone networks before reaching consumers.
In December, President Trump signed the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, a bipartisan law that requires most U.S. carriers to ensure that calls are coming from real numbers with higher punishments for scammers.
However, robocalls and vishing attacks originated from international locations may slip through the tighter U.S. regulatory environment. That means enterprises should continue to be vigilant and take steps to protect the voice channels into their networks.