If you’ve been following the roll-out of the STIR/SHAKEN protocol (call authentication framework mandated by the FCC for deployment across voice service providers by June 30, 2021), then you’ve read about how the goal of STIR/SHAKEN is to identify and trace back to the source of illegal spoofing activity.
There are legitimate purposes for spoofing a phone number, such as a global pharmacy organization calling to alert a patient to a prescription ready for pick-up and displaying the regional number of the local pharmacy branch as opposed to the corporate number actually originating the call. However, the illegal spoofing of phone numbers has created such a deluge of fraudulent robocalls that innovators across the industry have banded together to deploy solutions to address this troublesome issue.
Illegal call spoofing refers to a bad actor using the phone number of an organization they’re not authorized to represent. It includes bad actors stealing the numbers of others or making up fake numbers with the intent to defraud consumers.
Spoof attacks are often only identified after a bad actor has already caused damage to your brand. Based on the ongoing capture and advanced analysis of audio call recordings, our partner, YouMail, has designed a solution to identify fraudulent brand representation taking place via illegal robocall campaigns as soon as the event takes place.
Audio captured in the form of voicemails is analyzed via communications analytics to definitively determine actual call intent. This replaces the need to rely upon call event-based data (volume, distribution, etc.) and subjective means to ascertain the intent of a caller, and whether or not the message was delivered legitimately, or by an imposter.
YouMail performs this ongoing analysis in a very efficient and effective manner using AI-based algorithms and machine learning technology which creates a digital fingerprint of audio recordings. This is critically important as bad actors rotate through telephone numbers frequently, but the digital fingerprint of their campaigns remain the same or sufficiently similar enough to be flagged as problematic.
By leveraging millions of telephone numbers residing on a diverse carrier base (AT&T, T-Mobile, US Cellular, Verizon), the identification of illegally spoofed activity becomes immediately actionable information once a bad actor campaign is identified and associated with a digital fingerprint. This information may be used to block, redirect (voicemail or IVR), or label (scam, fraud, etc.) calls prior to causing harm to consumers.
In addition, YouMail’s patented technology removes the need to manually verify telephone number scoring associated with fraudulent calls, as may be the case with call event-based analytics engines that do not have access to ground-truth information in the form of audio recordings. This same information is also very useful for facilitating an expedited redress process.
YouMail’s REST-based API provides frictionless access to unwanted robocaller identification data. API users may query the database using originating TNs. YouMail will respond with a fraud risk score and a fraud campaign descriptor, if applicable. The risk score is continuously updated to reflect current threat activity; the data for any TN data is never stale.
As an alternative, robocall data cache licensing enables API users to seamlessly embed the YouMail robocall threat database on an in-network basis, eliminating the potential for compromises in call processing rates that may result due to latency. In this deployment model, the database is updated at regular intervals to ensure risk scores remain current.
The FCC required all service providers to file a certified Robocall Mitigation Plan within the FCC Robocall Mitigation Database by June 30, 2021. For service providers who did not fully deploy the STIR/SHAKEN framework, but opted instead for partial deployment or an alternative robocall mitigation plan, a robust customer vetting and identification process must be identified and executed. One such requirement of this plan is a robust vetting process that identifies businesses/individuals communicating across the network and authenticating their authorized use of the phone numbers that they display to the consumer.
In addition, it’s also a service providers’ responsibility to continuously monitor for vulnerabilities across the network for bad actor activity. The YouMail Robocall Mitigation Solution is built on the same threat database used by the Industry Traveback Group, identifying and shutting down fraudulent robocallers. This solution complies with the FCC’s requirements by providing a robust KYC solution which is an in-network, low-cost solution to stop unwanted robocalls from reaching customers, transiting networks, and originating in the first place.
“We capture the ground-truth with respect to fraudulent calls, campaigns and bad actors. In fact, the USTelecom Industry Traceback Group relies upon YouMail content for objective evidence to initiate actions to stop bad actors and their campaigns.” - Gerry Christensen, VP Business Development and Strategic Partnerships, YouMail
Using the industry’s only live call sensor network, YouMail listens to billions of real consumer calls to monitor and detect imposter activity of your brand. Their algorithms create unique digital fingerprints to match with an associated telephone number used by a bad actor. Their AI and machine learning algorithms segregate legitimate call data from unwanted robocalls, ensuring end-user privacy.
Unlike honeypots, a conventional method that relies on audio to text transcription to detect these actors, YouMail leverages the digital fingerprints associated with spoofed numbers. These follow the bad actors across the network, allowing YouMail to effectively identify them and mitigate them with decisive actions.
The USTelecom Industry Traceback Group (ITG) has been empowered by the FCC to identify, stop, and prosecute bad actors impersonating trusted brands. With the objective evidence of illegal activity captured by YouMail as well as the ability to trace calls to their source, you can empower the ITG to identify and stop the bad actors responsible for spoofing leveraging the same capabilities recently employed by Marriott International. Similar to the brand impersonation identification service, data and traceback support represents an additional service that you may request on-demand.
“The investigation and mitigation aspects of the YouMail Brand Protection Service has virtually eliminated brand impersonation vishing at Marriott. Our ongoing monitoring provides the necessary deterrence for a recurrence at this particular well-known hospitality industry leader.” - Gerry Christensen
The deployment of STIR/SHAKEN and carrier-tailored robocall mitigation plans across the network is the first step in identifying and prosecuting bad actors found to be illegally spoofing phone numbers. Through YouMail’s brand protection solutions, enterprises who rely upon customer communications are now able to employ best-in-breed telephone number monitoring to become aware of fraudulent activities. By adding telephone numbers to a watch list for 24/7 continuous campaign surveillance, enterprises are also able to ensure their own telecommunications assets are not being maliciously used to commit fraud.
Bad actors are constantly looking for new ways to exploit technologies to defraud Americans by posing as trusted, known brands. By deploying a 24/7 fraud monitoring solution, enterprises are able to stay vigilant to brand identity abuse. YouMail’s surveillance represents a near real-time methodology to identify, provide proof, and prosecute fraudulent activity before it substantially impacts a brand’s reputation and/or causes irreparable harm to its consumers.
Special thanks go out to Gerry Christensen and our friends at YouMail for collaborating with Numeracle to produce this article.
With over 30 years of information and communications technology industry experience, Gerry Christensen is responsible for leading new business development and strategic relationships with enterprise organizations, communication service providers, and ICT vendor partners. As VP of BD and Strategic Partnerships at YouMail Inc., Gerry’s mission is to leverage content-based descriptive analytics capabilities to address critical industry needs for consumers and business.
YouMail is a strategic partner of Numeracle’s, to learn more about YouMail, visit www.youmail.com. Or explore additional information on YouMail’s Robocall Mitigation Solution.
