Here's how it works in the U.S., and why it doesn't go away:
* A scumsucking business decides to hawk some scam. They start by creating an LLC (a limited liability company) devoted to telecommunications, ostensibly to resell telephone service sort of like an MVNO would. This LLC is based in the U.S. They buy a range of phone numbers associated with the LLC.
* The company then coordinates with an out-of-country call center, in places like the Bahamas, India, Pakistan, Mexico, etc. The call center receives and sends calls into the U.S. based on an assigned number from the LLC as a PBX (private branch exchange). As a PBX, these call centers can use a single ANI (automatic number identification) based on a US-based address (usually faked by the so-called telecommunications LLC), and the actual numbers behind it are hidden. PBX software allows you to override the number you see when your phone rings - that's why you get numbers on your phone completely unrelated to the actual call origin.
* The LLC may "sell" some numbers to legitimate businesses so they can claim it's just abuse of their systems.
* As people begin to complain about the scam calls, and the network operators that sell the numbers cut the offending numbers off the network (and this takes weeks at least) the LLC will simply cut off the old number, and issue a new number to the offshore call department.
* Eventually, the network operator will refuse to issue new numbers to the LLC, so the LLC will close up shop. However, the owners usually have a new telecommunications LLC ready to start the process all over again.
* The dirty secret here is that the major network operators (Verizon, ATT, etc) don't really care too much about these scam MVNOs/call centers, because they get paid, and paid well, and get to look like they're doing work to prevent scam calls while making money doing it. When these guys tell you "We can't see where the call is coming from" this is a straight-up lie, as any network operator call center employee can tell you.
Yes, but. SS makes a cryptographically based attestation about the origin of a call. For a user A on, say AT&T mobile calling a user B on Verizon, this is straightforward: the AT&T server can make a strong "type A" assertion: they know A, they control the access network that A is on, everything is copacetic.
However there are other tiers of attestation that are less strong, and because telcos also do a screaming business in bulk transport of other people's calls, these calls still get connected. So for example user C in say, Telenor Pakistan calls user A on AT&T, but the call is carried across the world by some transit carrier, like Lumen or BICS. This happens all the time. Then all that ATT see is that BICS attest that they trust Telenor, but have no control over the source number C.
It gets real murky real fast. On top of all this there are yet more complex cases, like American Express buying a block of phone numbers from one phone company but actually being connected to the global phone network by another. Or wanting to have those domestic numbers route offshore but still appear as US numbers when they call you stateside.
Its a mess, and SS helps as best as it can, but I think the real solution requires a change in how telcos get paid, and route one another's traffic for money, and that is not changing anytime soon.
This and the grandparent explanation are very helpful. Thank you both!
The frustrating thing is I would bet that the vast, vast majority of people in the US do not want anything except those “type A assertion” calls: calls from trusted users of trusted carriers. And I say this as someone who regularly communicates with friends and business associates overseas but essentially never through the traditional phone network.
It seems like that would also cover the situations some people often mention regarding emergencies, since a hospital, school, or random person on the street won’t be calling through some fly-by-night carrier.
I get some people and businesses have more complex needs, and I’m sure there are a million corner cases. But it feels like if you let people easily opt in to a sensible but restrictive plan, and allowlist trusted carriers in other countries, you’d solve a lot of this problem?
> opt in to a sensible but restrictive plan, and allowlist trusted
The irony is that the end users have built this by themselves: ignore all calls unless they are from a known contact, at best, diverting the rest to voicemail. Basically each user builds a 1-deep network of trust. Sad that it had to come to this.
There's are argument that says this is all a side effect of a technological innovation: the rise of VoIP/SIP over TDM.
It seems like a failure of the free market. If instead it were prohibitively expensive to run a telecommunications provider, and no country would have more than two or three, the spam calls could be regulated away. Perhaps at the expense of other technological or financial innovation.
I can only speculate, since Europe is a huge place with multiple telco regulatory regimes and lots of transnational telcos. For example:
- France has a version of STIR/SHAKEN
- Germany's Deutsche Telekom has massive presence via local operating entities in poland, austria, czechia etc etc. So it might be that they can assert tighter knowledge of a caller across countries and carriers because its all really DT.
- Similarly Orange/Hutchison in France, Austria, and IIRC north Africa.
Could it be due to pricing differences? I have only been in the EU for 6 months, but one thing I noticed when signing up for cell service, is that SMS and Calling is expensive when calling to a different country. For me to call someone in Germany from The Netherlands, it is €0.23/min.
At that rate, scamming someone on the phone from a different country is prohibitive. The other option would be to setup shop and purchase numbers from all EU nations, which is also prohibitively expensive and probably not as easy since LLC's aren't really a thing.
My guess is the large population of the US + the advantageous legal system for new companies is what makes this a unique issue for Americans.
From what I gathered, it's a lot less of an issue compared to the US, but scam calls & SMS do happen.
My anecdota: I'm French, and receive scam calls from time to time. They are different from the ones you see in the US. Here it's mainly "CPF" scam calls, which is training credits every working person automatically get and they are trying to scam you into paying for a illegitimate training with those (don't ask me for more details, I've not researched it further).
In France, it tends to be less of an issue because the government is at least somewhat invested in fighting such scams, and because the language isn't as universally spoken as English (which is true for most of Europe).
You can usually spot a foreigner speaking French miles away, and it's a red flag for any sane person when an incoming call has an accent.
* A scumsucking business decides to hawk some scam. They start by creating an LLC (a limited liability company) devoted to telecommunications, ostensibly to resell telephone service sort of like an MVNO would. This LLC is based in the U.S. They buy a range of phone numbers associated with the LLC.
* The company then coordinates with an out-of-country call center, in places like the Bahamas, India, Pakistan, Mexico, etc. The call center receives and sends calls into the U.S. based on an assigned number from the LLC as a PBX (private branch exchange). As a PBX, these call centers can use a single ANI (automatic number identification) based on a US-based address (usually faked by the so-called telecommunications LLC), and the actual numbers behind it are hidden. PBX software allows you to override the number you see when your phone rings - that's why you get numbers on your phone completely unrelated to the actual call origin.
* The LLC may "sell" some numbers to legitimate businesses so they can claim it's just abuse of their systems.
* As people begin to complain about the scam calls, and the network operators that sell the numbers cut the offending numbers off the network (and this takes weeks at least) the LLC will simply cut off the old number, and issue a new number to the offshore call department.
* Eventually, the network operator will refuse to issue new numbers to the LLC, so the LLC will close up shop. However, the owners usually have a new telecommunications LLC ready to start the process all over again.
* The dirty secret here is that the major network operators (Verizon, ATT, etc) don't really care too much about these scam MVNOs/call centers, because they get paid, and paid well, and get to look like they're doing work to prevent scam calls while making money doing it. When these guys tell you "We can't see where the call is coming from" this is a straight-up lie, as any network operator call center employee can tell you.