As a real estate agent, Kim France’s business depends on answering calls from unknown numbers. But during a five-day stretch in May, his cell phone was filled with so many junk calls that it was impossible to answer the right ones.
“I’m in the middle of a phone nightmare,” France, who lives on Hilton Head Island, South Carolina, told Ars in an email after three days of calls. My phone started ringing three days ago and has continued to ring every few minutes since then. Every time it’s from a different number… I can’t make a customer call, can’t send because incoming calls stop the process. , can’t even take photos for the same reason.”
The first night, French went to bed, slept for 7.5 hours, and woke up to 225 missed calls, he said. Calls continued at roughly the same pace for the rest of the five-day stretch, putting the number of calls somewhere around 700 a day.
The French put robocall prevention tools on your phone, but they didn’t stop the flood. Unfortunately, anti-robocall services that rely primarily on blacklists of known scam numbers generally do not block calls when the caller ID is compromised to hide the caller’s true number.
U.S. consumers receive 2.4 billion robocalls a month, and those from fraudulent numbers are among the most difficult to stop, according to the Federal Communications Commission. Recognizing that today’s robocall prevention systems are ineffective against malicious robocalls, the FCC recently called on broadcasters to increase their efforts to prevent them.
The French case poses even greater challenges than usual because it can be harmed by a targeted attack rather than a robocaller. There is also the question of whether the calls received by France are technically “robocalls.” But what we know for sure is that the problem of unwanted phone calls remains unresolved, and France’s ordeal shows what can happen in the worst case.
France’s efforts fell short
In an attempt to stop the flood, French put his iPhone on Do Not Disturb mode in order to block the first calls while allowing repeated calls from the same number to come through. But then calls started coming in twice from the same number in order to ring through his phone, so France had to turn off the system that allowed repeated calls.
Unfortunately, there were no people or voices recorded on the other end of the line when the French answered the calls. Instead of scam attempts, French said the calls had sounds similar to, but not like, a fax machine. Robocalls are leaving long voicemails, filling up your voicemail archive and preventing customers from leaving legitimate messages.
“My first thought was that this was definitely a computer glitch somewhere,” French said. Later, he began to suspect that someone might want to confront him in an attempt by an accountant to destroy his business. And then, just as suddenly as they started, the calls stopped “out of the blue.” Everything is back to normal.
During the five-day watershed, French became concerned enough to contact the police, a consumer rights attorney, and Verizon Wireless, but the calls continued. Despite his suspicions, the possibility of a malicious person targeting France seemed remote — until weeks later, when Ars discussed the French case with the perpetrator of RoboKillera new robocall blocking service.
Evidence points to a targeted attack
We described France’s nightmare to RoboKiller creator Ethan Garr and provided him with screenshots from France’s phone showing the caller ID of the dozen or so numbers that called him. The RoboKiller technical team then checks your system to see if you have blocked any of those numbers.
Instead of relying on a block list, the RoboKiller technology analyzes voice fingerprints of calls and thus can block many robocalls from sanitized numbers. Robociller take the first place in a competition the Federal Trade Commission held in 2015 to find the most promising new anti-robocall technologies, and the company has been busy improving its technology since then. However, RoboKiller did not identify any of those 36 numbers as suspicious, so it would not have helped France during its five-day robocall flood.
An example of Kim France’s calls.
Caller IDs are corrupted. In some cases, caller IDs mimic real numbers that may be owned by real people. In many cases, numbers calling France are completely fake, derived from area codes (such as 411) or exchanges that do not exist. In other words, the attacker uses a lot of random phone numbers instead of the ones that might seem legitimate.
Scammers seeking money often spoof local phone numbers so that victims think they have a legitimate call. The one aimed at Kim France doesn’t matter—the only clear goal is disruption.
There is also the possibility that it was not a targeted attack and that the French problem was caused by a bug in the auto-type software used by hackers or hackers. It’s also possible it’s a “brutal fax scam,” Garr said.
But based on the evidence, it was likely a targeted attack, the RoboKiller team concluded. It doesn’t cost money to call someone hundreds of times with fax-like noises—many scams try to extort money from the victim. The noises themselves are used to confuse France as to whether the calls are legitimate or not.
“Our theory, and I’m pretty confident, is that this … is someone trying to attack Kim France,” Garr said.
There is no challenge for a determined attacker
We don’t know if someone has a vendetta against France, or if a dedicated prankster happened to target a widely available phone number. But in either case, Garr said pulling off such an attack wouldn’t have been too difficult.
“My agent said, to give you an idea, if you want to do this to you right now you can set this up in 30 minutes,” Garr said.
A web search for “fake fax sounds” quickly turns up websites that provide fax noise files. Using those audio files, some programming knowledge, and readily available tools, a malicious person could have launched such an attack.
“I’ve never heard of this”
There are some online services that let you make calls from anonymous phone numbers. While there are legitimate reasons to make such calls, auto-typing and dialing can also be used for malicious purposes.
“I know one developer who got so mad at someone one time that he just wrote a piece of code to call a number a gazillion times and just drive that person crazy,” Garr said. (Garr added that he does not accept such behavior.)
RoboKiller owner TelTech runs a spoof calling service, called SpoofCard, but does not allow practice calls and therefore almost certainly could not have been used by France’s attacker, Garr said. Businesses have long used spoofed caller IDs so employees can call customers from a single number, Garr noted. Garr’s stepfather, a veterinarian, uses SpoofCard to call sick owners from home at night without revealing his home phone number. The point is, caller ID spoofing technology is widespread and easy to use for both legitimate and malicious purposes.
But as simple as it is, the specifics of the French case are new to Garr. That helps explain why RoboKiller doesn’t block the kinds of calls that damage France’s real estate business.
“I’ve never heard that this is an issue,” Garr told Ars. “As soon as you send this, I wonder if we need to block fax noises.”