Scammers not shaken, operators havenโt stirred
UK regulator Ofcom has revealed that it ordered telcos to stem the tide of scam calls by instructing โmajorโ operators to block suspicious international calls at source. To date only one operator has acted on Ofcomโs directive while the other are โexploring methods of making it workโ.
The directive concentrated its focus on Voice over IP (VoIP) calls and it has asked operators to block suspicious international calls that are masked by a UK number. However, some say security has been a low priority for too long.
Britainโs vulnerable subscribers are a lucrative revenue stream for global fraudsters. According to this Ofcom report 44.6 million UK people were targeted in the past three months. Only two per cent responded and followed the scammersโ instructions but that created 892,00 victims.
Criminals run vice over internet protocol
Ofcomโs Networks and Comms Group Director Lindsey Fussell claimed the regulator has worked with telco on technical solutions, namely blocking, at source, โsuspicious international callsโ that are masked by a UK number. โWe expect these measures to be introduced as a priority, at pace, to ensure customers are better protected,โ said Fussell.
However, some critics have said that mobile operators are slow to act on security threats, not just to the subscriber but to their own operations. If the opportunity cost of new revenue streams is greater than the cost of security, then the safety aspect of the customer experience is not a top priority, businesses and consumers say. In March fraud busting service provider Revector outlined the frustrations involved in getting different departments to work with each other.
Blocking nuisance calls is not enough
Existing measures to tackle nuisance calls are not fully effective, reports ISP Review, which said many operators donโt do enough, with the worst offenders being among the smaller providers and some VoIP firms. โWe havenโt seen any useful technical details on the approach being taken here or precisely what Ofcom has requested operators to do,โ it complained.
Europeโs mobile operators would need to co-operate and co-ordinate their efforts tightly and this will be difficult to achieve. Many genuine calls could be blocked in the process. Since operators donโt inspect traffic before passing it on, spoofing UK numbers is easy to for criminals who want to give their scam calls the facade of credibility.
โItโs an excellent step in the right direction,โ said Matthew Gribben, a former consultant to the UK governmentโs intelligence agency (GCHQ), but โIt doesnโt fix everything.โ
The IETF offers some hope of protection
Meanwhile OFCOM and the EU are calling on mobile operators to investigate the options offered by the STIR/SHAKEN system. This is a suite of protocols marshalled together by the Internet Engineering Task Force (IETF) which combines the use of Secure Telephony Identity Revisited (STIR) with Signature-based Handling of Asserted information using toKENs (SHAKEN). To date much of the work has focused on the US and Canada.
In the UK the frequency scam-tainted customer experiences evoked furious responses.
โThe most obvious thing to have done but itโs unbelievable itโs took 20 years to do it,โ said Anthony Goodman on ISP Review.
โItโs ridiculous how many scam calls and e-mails you get in this country,โ said another disappointed customer, William Wilkinson.
โUnless fines are handed out weโll see some UK smaller carriers continue to pass calls on because it makes them some money,โ said Scott, another disillusioned UK telephone subscriber. โItโs the last days of unchecked calls so they will just milk that final opportunity.โ