Smishing texts have increased over 60% in just one year. With scammers spoofing caller ID, how can you trust any communication coming onto your phone? Today’s guest is Giulia Porter. Giulia is the Vice President of RoboKiller, the app that eliminates 99% of spam calls. Since 2017, Giulia has been leading RoboKiller’s vision to create a world without spam calls. And now more recently with spam texts, they’ve introduced Text Killer.
“Spoofing tactics are nearly untraceable.” - Giulia Porter Share on XShow Notes:
- [1:04] – Giulia shares her background and why she was led to a career with cyber security.
- [2:24] – Caller ID spoofing is when a scammer changes what number comes up on your phone when they call. There is also neighbor spoofing.
- [4:30] – Technology has allowed scammers to call from any number, including your own.
- [5:54] – Scammers try to stay ahead of trends.
- [6:30] – Stir/Shaken is a framework designed to help stop spam call problems.
- [8:12] – Most United States phone providers did implement this.
- [10:10] – Giulia explains how this framework works and some of the pitfalls it has.
- [12:08] – As of May, we are at about 6.5 billion estimated spam calls in the United States per day. About 35-40% of those use caller ID spoofing.
- [13:19] – Spam texts are on the rise having experienced a 60% increase in one year.
- [15:01] – Text Killer tries to distinguish between spam and unwanted texts.
- [16:21] – Giulia describes a court case against Facebook that changed the landscape of notification texts.
- [18:01] – Some people have a “burner phone” with a separate number that they use for accounts that require a phone number.
- [21:03] – Giulia shares some of the scams that were trending in the last couple of years and what scammers were targeting.
- [22:20] – In 2022, there has been an increase in illicit spam texts.
- [24:27] – Don’t tap links in texts or reply to them. Delete the text.
- [26:18] – Thinking about your phone number in a more serious way is a way to be more aware of how many people have access to it.
- [27:56] – Chris shares something you can do about your personally identifiable information online.
- [29:20] – RoboKiller and Text Killer use AI and machine learning to analyze calls and texts to stop them from reaching you.
- [30:50] – You can talk to your carrier to find what protection they offer.
- [32:01] – Another concern is lobbyists paying providers to have select campaign texts to come through.
- [33:13] – You can report spam texts and notify your carrier.
- [34:52] – How does Robo and Text Killer make sure the numbers and texts that are blocked are accurate?
- [38:12] – RoboKiller has to work with different providers and that creates challenges when they all function slightly differently.
- [40:38] – The next wave of scams are through apps like WhatsApp and Messenger.
- [43:12] – Organizations need to also consider how much they lose to scams posing as them.
- [45:12] – RoboKiller is available online as well in the app store on iPhones and Android. There are free services and premium.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- RoboKiller Website
Transcript:
Giulia, thank you so much for coming on the Easy Prey Podcast today.
Thanks so much for having me.
Can you give myself and the audience a little bit of background about who you are and why you got involved in what you're doing?
Yeah, definitely. My name is Giulia Porter. I'm the VP at TextKiller or Vice President at TextKiller. I started at TextKiller/TelTech, who owns TextKiller, in 2017. Actually, a lot of different factors here, but at the launch of RoboKiller, which was launched in 2017 to stop the spam call problem that was getting really bad at the time and still is bad, unfortunately.
Actually, I joined because my mom had fallen victim to a tech support scam. I don't have a cybersecurity background. I learned a lot along the way. Now we're here talking today about TextKiller and the new phone scam problem, which is unfortunately spam texts.
That is perfect. Let's talk for a few minutes about the predecessor to spam texts, spam calls. Not that spam calls have ended, but let's talk a little bit about the rise of spam calls and some of the techniques that the government and providers are sort of implementing to reduce that.
Definitely. I think it's in the report. When you think about the history of phone scams, it's important to remember that scammers are smart. They are following how we are communicating. As we are communicating in different mediums, starting with the landline phones, to cell phones, to texting, scammers follow that and evolve their tactics to reach us in the places we're communicating most.
It's important to remember that scammers are smart. They are following how we are communicating. -Giulia Porter Share on XBack in 2017, obviously, texting had been around for a while. At the time, spam calls were getting really bad, actually, largely, because of a technology called caller ID spoofing. What caller ID spoofing is, is when the sender of a phone call changes their caller ID to be a different color ID than the true phone number that they're calling you from.
There's a technology out there that makes caller ID spoofing very easy to do, as well as very easy to plug into technology, such as auto dialers, which just allows scammers, telemarketing companies, whoever wants to use it, to play these thousands of calls from caller IDs that are not their own. That started as just caller ID spoofing, where you get a spam call from a random number.
As scammers have evolved their tactics, they moved on to neighbor spoofing, which I think everyone is familiar with, which is when a scammer calls you from a caller ID that looks like it's from either the first three or six digits of your area code. Their tactic there is thinking that you are receiving a phone call from your doctor, mechanic, or somewhere local that you might want to answer. And now they've gotten you on the phone.
Unfortunately for scammers, that worked for a while. That's where we really saw that big explosion in 2017, really just 2020 or 2019 in these spam calls. The other reason for both those tactics with caller ID spoofing and neighbor spoofing is that both spoofing tactics are nearly untraceable. These scammers can place thousands of calls and really get away with them. It's very difficult to be able to trace back the true origin of a phone number. Scammers really had kind of a heyday.
I had a question. I know for me, all the spam call history, that makes sense to me. What surprises me is that there wasn't more, “I'm claiming to be Southern California Edison, and I'm going to spoof Southern California Edison's caller ID.” Am I just an anomaly?
You are the anomaly, yes. Neighbor spoofing did get pretty targeted for some time. When RoboKiller was first monitoring this trend, we first saw scammers starting with the first three digits of your area code. Technology with neighbor spoofing evolved so that they really could match any digit of your phone number. People were even receiving phone calls from their own phone number, which is always a great way to get people's attention. They're like, “What the heck?”
You might be in an abnormal trend, though. I think I mentioned this earlier. No one person gets the same types of spam calls. But scammers were seeing a lot of success with people answering those spam calls, so they did get pretty advanced there for quite some time.
Then everyone now has gotten to the point where even if it's not a spam call to your mom, you should just pick up the phone anyway.
Exactly, yeah. Actually, before a lot of the government regulations came out, scammers really were starting to see less success rates with this spoofing tactic, because people just stopped trusting phone numbers that were calling them that look like their area code. There's a running joke with just everyone receiving the car warranty scam a bunch of times. I think that maybe that's something we can all relate to across the country, which is hard to find these days.
I think that's really where scammers started to change their tactics. Actually, that's kind of around the same time we started seeing spam texts emerge, where we saw this trend happening leading up to some of the government regulations with STIR/SHAKEN, where scammers, obviously, understood that these changes to the landscape for caller ID spoofing were coming and wanting to get ahead of that to try to see if they could find a new avenue to steal from us over the phone.
For laymen, we've heard about shaken and stir, stir and shaken in the news, and that this was going to be, whether appropriately communicated to us or not, this was going to be the resolution to all spam calls. Obviously, since I got a spam call earlier today, it's definitely not the case. What exactly is shaken and stirred? Why hasn't it achieved the results that, as consumers, we are expecting?
SHAKEN/STIR or STIR/SHAKEN, however you like it or however you've heard it, obviously, being in the telecom industry, I think the understanding of that framework really is that, unfortunately, it’s always hard to be kind of the bearer of bad news, that framework was designed to help stop the spam problem. It was not the silver bullet to stopping the spam call problem as a whole.
Really, what that framework was designed to do was to help consumers trust the caller ID that they are seeing on their phone when their phone rings. The way in which STIR/SHAKEN or SHAKEN/STIR is designed to do that is to verify the true origin of the phone number that's been in place. That's done by sending what's called attestation levels in the STIR/SHAKEN framework, where certain types of calls with certain levels of verification get different scores or different added stations.
The receiving end of whatever person or company is processing that phone call can then make that decision on that verification on whether or not that call is safe and what really to show to the recipient. If you've ever seen the spam likelihoods, et cetera, on from your carrier or if you use a spam call blocker, that is really where you see that framework out in the wild.
Not every provider was required to adopt the actual STIR/SHAKEN framework. It's very technological. Of course, these carriers, systems, and providers are pretty advanced. They're giant too. In order to implement this framework that was a big technical lift, most of the big carriers in the United States did actually implement the attestation framework that I just described.
For smaller carriers or carriers where that just didn't work or providers, they could implement what's called the robocall mitigation program, where they would have to register with the FTC and FCC to say they had a system in place for identifying caller ID spoofing that was not necessarily the STIR/SHAKEN framework, but did have some advancements in technology.
RoboKiller does also offer a solution for providers to do that and wants to be as much as part of the solution as possible. That framework is, as you can see, not necessarily disjointed. There's definitely a unified effort to stop spoofing, but the solution itself is definitely various.
Did the implementation kind of just move the spoofing around in the sense that, OK, because US carriers are more technologically advanced, they're able to implement it, so people just moved their businesses to carriers that were using less technologically advanced systems?
What we're seeing at RoboKiller and TextKiller—obviously this is robocall, so mostly it was RoboKiller—is that the percentage of spam calls that we see on a monthly basis that we believe is using caller ID spoofing based on RoboKiller's algorithm, which does include logic to identify that, is that caller ID spoofing rates have remained around the same pre- and post-STIR/SHAKEN rollout.
First and foremost, I think the thinking as to why that currently is is two reasons. (1) There's a lot of passing that these attestation levels need to be processed through in order to reach the end user. While, of course, it's great that all the large carriers adopted this framework, not everyone is really integrated with attestation levels. Different players in different parts of the telecommunications ecosystem, some are receiving these attestation levels, some are not.
For example, RoboKiller does not actually receive a lot of these endpoints, which is, I think, one thing that we've been watching pretty closely. Some providers are, and it's working great for them, and they have seen improvements. But for RoboKiller, we're not a carrier, of course, so we are getting a lot of different data.
(2) The other piece that's been missing up until last couple weeks, is a lot of spam calls come from international locations. Of course, it's very hard to regulate those carriers. The FCC is trying to do what they can to put some pressure on. If these providers from international places want to send traffic to the United States, which of course, is a great market, they are putting pressure on these providers to start adopting this framework or a robocall mitigation program in order to close that gap. I think that's been a big piece that's missing to date.
Yeah, lots of entities involved and lots of complexities.
Yeah, that's a great point. I think what a lot of people don't realize is I think of a phone call being played straight and you think of Verizon and AT&T. But what you don't really understand or think about is there are so many other things that have to happen to place and receive a phone call that aren't those brands that you're aware of. It's definitely quite a lift to try to get this and imagine.
Do you have estimates on the percentage of calls that are caller ID spoofed and the total volume is billions of calls a day?
As of May, we're at about 6.5 billion estimated spam calls in the United States. RoboKiller estimates based on any given month, that’s about 35%-40% of those calls use some form of caller ID spoofing. That has remained flat, like I said, pre- and post-STIR/SHAKEN.
Some form of caller ID spoofing—is some of it legit and some of it not legit?
Yes, or some being neighbor spoofing, some being caller IDs.
I worked for a company that we did our customers through a platform. Technically, the numbers were spoofed to numbers that we owned, but not with that carrier.
Yeah. Of course, there are some legit. Spoofing gets such a bad rap. For some businesses, it makes a lot of sense. You can't handle all the customers calling you on an inbound line. Your phone is ringing off the hook. I think yours is certainly a good example.
Yeah. OK, let's talk about SMS spam now. How bad is the problem? And what is being done about it?
Spam texts are definitely on the rise. In 2021, Americans had more spam texts than ever, unfortunately. We estimate that Americans received about 87 billion spam texts, which is about a 60% increase from 2020.
I think based on the history of STIR/SHAKEN and really where the industry focus has been, again, spammers are smart. They really are trying to push into spam text, at least what we believe, ahead of what they're anticipating as, at some point, STIR/SHAKEN really is going to make a huge impact in their ability to play spam calls, spam text to them, or a little bit of the Wild West, because the industry focus has been super honed in on stopping caller ID spoofing for calls.
What we've seen is just this explosion in spam text as a result of scammers trying to get out ahead of this. Unfortunately, what that's done is that consumers are vulnerable to yet another threat.
What are some of the most common types of spam texts? For some reason, every political party has decided I'm on their donor list, even though I've never donated to them. Every candidate that's running in California somehow gets my number, and texts me, and how excited they are that they can collect their donation from me.
Yes. We'll have a whole other hour conversation on political messages, because that's definitely been an interesting development, really, actually, during kind of COVID times when politicians couldn't get out and actually do a lot of campaigning in person.
The way we delineate—and this is kind of the same approach for robocalls—but with TextKiller or spam text blocking products, we try to delineate between what's spam and what's unwanted. For spam, a lot of times what we're seeing is what we call brand imposter scams. This is true for robocalls. It's actually a little bit more true for spam texts, where these scammers are texting you hoping that you take a look at your phone quickly and think that Chase Bank, you need to authenticate something, or you need to verify purchase with Amazon.
What we're seeing is a lot of these scammers trying to pose as these legitimate organizations to get you to do something that it's either making some sort of purchase, authorizing some sort of payment, all of course to get your personal credit card information or provide that on kind of a website that might look like Amazon, but it's actually not. That's really what we're seeing on that front.
The other thing that I think is important to note is that a lot of people I don't think really followed that closely, because this was more of an industry thing. But last year, there was actually a Supreme Court ruling that for more of the legitimate text messages that people just don't want to receive. There was a ruling with Facebook versus a consumer actually who was suing Facebook for sending him a lot of text messages that he did not want to receive and said that he did not opt into.
The Supreme Court actually ended up ruling in Facebook's favor. Within that, at a very high level, what that really meant for the telemarketing industry was that the Supreme Court ruling in Facebook's favor really broadened what the definition of an auto-dialer and the consent needed to place auto-dialing. Mostly texts, but also calls are needed.
Previously, the legal interpretation was very strict. You really needed consent. You needed to prove consent for a call and text that was being placed on a smartphone. The interpretation of some of the ruling recently is that it's much broader. We've seen a huge explosion in what people, they're legitimate, but they're not wanted. Some people, depending on whether or not they want them, do end up bucketing those political messages into unwanted and spam as well.
I don't know how much you know about the Facebook case. Was this the case where the person provided Facebook their cell phone number for the purposes of two-factor authentication, and they turned around and started sending messages other than two-factor authentication notices?
That is correct. I'm going to butcher this name. It was actually originally filed in 2017. […]. It was in a Montana residence.
Yeah. I remember hearing about that case. I promptly changed the number that I use for my two-factor authentication to a device where if I send all the messages there, I don't care.
Yeah. A lot of people, to your point, are using burner phone numbers now to sign up for accounts and things like that. I did the same as well.
We could talk about burner numbers in a bit. When it comes to the brand impersonation, are they impersonating real numbers for the brand? Are they impersonating the shortcodes? Are they just trying to impersonate the URL in the text message or just, “Hey. We’re claiming to be Amazon. Call this number, and we'll help you out”?
Yeah, actually speaking of burner phone numbers, we’re seeing a lot less or fewer rates of true caller ID spoofing used for spam texts. We're trying to figure out why that is. Of course, the spam text problems are newer to us. But seeing less of these every single number that these texts are being sent from are sent from different numbers.
That's kind of our basis of monitoring what's spoof versus what's not. It seems scammers are just getting their hands on a bunch of different phone numbers. You're blasting those out and just kind of seeing what sticks. When one gets shut down, just kind of repeating that process of obtaining phone numbers really isn't that difficult and isn't super expensive.
It's not as easy as caller ID spoofing, but it's not inaccessible, which is why we're seeing the scale of spam texts that we are. We're actually seeing less of the truth, like, “Hey. This is Amazon” shortcode, which is a six-digit phone number rather than the longer ones that you're used to for phone calls.
We're just sending out a shortcode, because, again, sometimes I don't always receive the same text message code from Google if I'm doing Google authentication or verifying banks, which is, I think, for scammers, a way to capitalize and I think are less overhead costs, which is kind of I think about scammers treating their operational extensions as a business. But it's kind of how it works, unfortunately.
I've also noticed that I get the two-factor authentication, SMS shortcode messages, and sometimes, two entirely separate entities are using the same shortcode. The first time I saw that, I was like, “Oh, I don't like that practice.” Now I'm mixing vendors in one number.
In general, what are the specific types of scams that are being perpetrated within the text messages? I know early COVID, I was getting a ton of, “Hey. This is UPS, and we sent the package to the wrong address. Click here to get it redirected.” Because everybody was having everything mailed to them.
Yes. The first exposure on spam texts that we really were monitoring at RoboKiller and TextKiller was, sadly, the explosion of COVID-19 texts. The second everyone heard of quarantining, we saw tons of scams around PPE testing. Those really were sending people to fake websites to put their credit card information to get stuff they would never receive, which was, of course, just infuriating given the circumstances.
Yes, as more people just kind of got stuck at home, scammers started really evolving their strategy to target what everyone was doing, which was online shopping. I can tell you, I definitely did. Those, of course, are super believable. For me, it was also all I had outside of work. You pay attention to those very closely. Of course, scammers know that.
Really, what we're starting to see is just continued escalation. As life goes back to normal for us in the US—or as much as it can—we’re starting to see more of the standard, to-be-expected scams, texting people as their bank saying you should log in or trying to get access to your Gmail account to get access to your passwords. Really, anything that you use and any technology that you use that might contain your personal information, scammers are after, and that's kind of where they're evolving.
This is inappropriate, but we have seen a lot of illicit spam text too, which we're not totally sure what the deal is with that. In 2022, there's been a big spike in a lot of people complaining about these messages that are just gross. We're trying to figure out what the deal is there that's unusual. We really did not see that trend for spam calls as much. We want to understand what's going on there as best possible.
I know that was one of the first email spam verticals, so to speak.
Yes, it's interesting. I'll keep you posted if we figure that out.
Yeah. I assume that'll taper off and go to things that are a little more financially lucrative.
Yeah, and more mature, I guess.
Or less mature.
Yes.
In addition to the financially incentivized ones, where they're just trying to get credit card information or personal information, are there also a bunch of them that are malware-oriented that are trying to take over devices?
That, we're still looking into. The URLs in text messages, which frankly, for consumers, it's actually more scary. If you answer a spam call, the worst that can happen—unless you provide your personal information on the phone—you can hang up.
Maybe you've given them your name. Maybe you've told that scammer that you're a person on the end of the phone number. But at the very least, the risk is that you get more spam calls, which in some ways, it's a solvable problem, if you have RoboKiller, of course. But for spam texts, it's actually scarier.
I'm someone who's not very precise with my tapping. Really, these URLs are concerning, because there's just that one extra risk that you might tap on that link. It either brings you to a pretty sketchy website, which could collect your IP address and your cookies, and be using that for some sort of kind of data collection, and then, like you said, with malware.
We have just kind of been really trying to shut down just like any URLs to protect our users from that. It's really hard to know how much of those URLs, from an aggregate basis, include malware, but they definitely are not safe. Either way, we always tell people if you can avoid it, just try to delete the text message on your phone. Don't tap it.
The other thing, of course, that scammers are always trying to say is, “Reply stop to this text.” You don't want to receive it. All you're doing is just answering spam calls saying that you're a person on the end of that line and getting yourself kind of identified as a potential target even further.
Yeah. What can consumers do with respect to…let’s talk about the two separate things with them getting spam text messages. Then what can they do to stop getting spam text messages?
I've had the same phone number since I got home. In a lot of ways, my phone numbers are my Social Security number, but I don't treat it the same by any means. I'm always like, “Oh, 10% off online. I'll give my phone number.” I would obviously never do that with my Social Security number.
The first thing we always just try to remind people of is unless you want to change your phone number, which always has a risk that it was someone else's phone number, and they're getting rid of it because they got spam calls, it was important to try to start thinking about your phone number in that way, especially as you kind of go on in life. If you have a smartphone and you're keeping that number, it's important to kind of think about all the ways that you probably either remember, don't remember, giving your phone number out.
Of course, there are a lot of companies that treat your data with respect. Whether or not you want to spend time reading every single one of their terms of service is up to you. I know I don't have that time, but of course, you are trusting these companies with those numbers. Certainly, as we've seen in headlines, that's not always the case, unfortunately.
First, just being cognizant and kind of thinking about your phone number in a different way, I think, is really important. If you're concerned about that, one thing that you can do that I always recommend is just google your phone number. I did that when I first joined RoboKiller, and I had found that actually didn't make my phone number on Facebook private, so I found a bunch of those things that way. You can change some of your settings in some of your profiles to address that. I always recommend doing that.
We do recommend putting your number on the Do Not Call list just like SHAKEN/STIR or STIR/SHAKEN. That also wasn't designed to stop spam calls, because those scammers are not abiding by the law. It should reduce the number of legitimate telemarketing calls you receive. I don't think that applies to spam texts or text messages, unfortunately, but maybe it does. Let me confirm that. I actually admittedly forgot, but I'll come back to that.
Other than that, I think, trying to avoid answering these calls or texts will definitely help to tell those scammers that you're a real person at the end of the line. It's another kind of tactic to prevent the calls that you may get targeted by.
I know one thing in reference to your telephone number being exposed online is that Google just announced—it's June when we're recording this—within the last two months, that if you google some personal information, your address or your phone number, and it's on a site, you can submit a request for Google to not index that page so it doesn't show up in the search results. They can't remove the content from the other company's site.
One of the things I did is I took my cell phone number and reported all those pages where that cell phone number existed and reported it to Google. I said, “Hey. This is personally identifiable information about me.” After two months, I finally got the, “We've removed those pages from the search results.” That's another thing that you could do. At least, remove the reference of the cell phone number to your name.
Yeah, definitely. I think some people too, just anecdotally that I've talked to in the industry, it's an awesome solution. Some people, unfortunately, can't afford real estate agents and angel listings, but are getting absolutely crushed.
Again, to segue a little bit, that's really why we recommend having a spam call or text blocker installed on your phone. There are free services. There are also premium services that obviously are more effective. RoboKiller offers both as well as TextKiller.
The benefit to using a call or text blocker app is, first and foremost, these apps have huge databases of known phone scams. I'm talking millions if not billions, where the second you sign up for that service, you're instantly protected from those scams reaching you. In addition to that app, like RoboKiller and TextKiller have algorithms that are new technology that's designed to stop these older problems that are really also pretty predictive.
The benefit to using a call or text blocker app is, first and foremost, these apps have huge databases of known phone scams. -Giulia Porter Share on XRoboKiller, specifically, as well as TextKiller, uses AI and machine learning to, of course, protect you from all the scams that we know about, but also to analyze any calls or texts that are coming in that look like they might be scam and scams that stopped them from reaching you at all. For TextKiller, of course, you’re maybe thinking, “What about—are you reading my text messages?” That is not the case.
When you block spam texts with TextKiller, you allow us only to analyze texts that come from not your contacts. We're only looking at those unknown numbers that are texting you. We do also, before we even look at your text messages, automatically anonymize any PIIs. Remember looking at that. We really try to build that with privacy in mind, and the same for spam calls, so a little bit different.
Is there an advantage to using third-party services like yours versus what's provided by carriers?
Do you want the political answer or you want the real one?
Both. Obviously, as a commercial product provider, yours is better. I can come up with lots of reasons why it is because you're looking at a wider range of users.
Yes, yeah. There's some benefits to trying to work with your carrier through some of the services that they provide. Some of that's just through being able to report a call or text by just forwarding it to your carrier. Some carriers also offer apps as part of their services. Most of them do come at an additional fee, which we try to remind people.
It is also kind of dealing with a third-party service that offers free or premium blocking. Most of these carriers do offer a premium service as well. I think there are some incentives for third-party blockers to be a bit more focused on solving this problem. Of course, carriers are huge enterprises. There's a lot they need to be focusing on.
Of course, they are doing what they can to stop the spam call problem. RoboKiller and TextKiller's full-time job is to do this. I think what we're able to do is really dedicate a maximum effort to coming out with and continuing to evolve technology that really is cutting edge.
I think, at least for me, there's always that little bit of cynicism of, “Well, how much is some lobbying firm paying my carrier to allow their texts and calls to go through that they're not going to be paying to you guys?”
Yeah, I'll leave that up for interpretation. The thoughts crossed my mind. I can't tell you about that. I think I did see one review from a RoboKiller customer back in the day that I'll never forget.
We'll just put a disclaimer on this that we don't believe this here, but I did think this was funny. Just from our consumer perspective standpoint, they said, “Carriers are like the mafia. They create the spam call problem and then make you pay to stop it,” which is pretty funny. We got a little laugh to that one.
The perspective does exist. We talked a little bit about it. With email, people say, “I can report it to the FTC. It's not like when I get a text message, there's a report button in the corner.” On most platforms, probably, there isn't. What kind of reporting options when people do have spam messages are there? Or is it only through kind of the third-party services or carrier services that you can report them?
You can mostly through your carrier or the third-party service. Again, that unfortunately won't mean that you'll never get that scam again. That will help others just notify your carrier or that third-party blocking service that that number is doing some sketchy stuff, and look into it, and possibly shut down. Any blocking service carrier or third-party does use that information.
You can also report scams to the FTC. The FTC actually does publish data on all types of reported scam losses on a quarterly basis—email, text message, robocall. Again, similarly, that will just let the FCC and FTC know what's going on. Of course, they won't protect you. But we at RoboKiller do look at that data—that’s very helpful to understand from a macro environment.
Of course, we have about 900,000 active users. We're just a percentage of the US population. Providing that data is definitely useful in protecting others and helping services like us really understand the bigger picture. But again, that does still leave you vulnerable, unfortunately.
I know one of the fears that people have, even if it's the carrier services, is the same fear that people have with spam filters of false positives. What do you guys do to reduce the risk of false positives but still block spam?
Yeah, definitely. I get this question all the time. First and foremost, I think RoboKiller's algorithm is definitely a big factor in that. I mentioned us trying to be a little bit more predictive. Any phone number we're looking at has a certain confidence level associated with it. It's kind of similar to attestation.
First and foremost, we first, of course, check our database to see if we have any other records of this call or that phone number doing good stuff, doing bad stuff. We're able to look at that in real time. We're also looking, of course, at certain types of metadata while that phone call is being placed. Is it calling at a weird time of the day? Has it called you three times in a row? That type of stuff.
We have a kind of proprietary logic that's really able to say, “Is this call that's not saved in your contacts list a spoof?” If not or if yes, do we think it's safe? To add one extra layer of protection with RoboKiller, we actually recently launched a feature called call screening. Some people call it caller ID. I want to call it caller justification.
If you would like, RoboKiller can actually intercept what we determine as safe unknown calls, actually ask the caller to introduce themselves before your phone rings, will prompt that transcription of the caller saying why they're calling, and then you actually get to decide whether or not you want to answer all before you actually answer the phone.
What that allows you to do is make sure that you don't have to deal with unknown phone numbers. RoboKiller will handle it for you. But you also won't miss that call from your doctor that it's impossible to call the doctor back if you miss it. I know that feeling. It’s dreadful. That's really how we're handling that.
I won't get too specific in the details, because I want it to continue to work. At least for my work line, I tweaked the message around in such a way, and length, that for whatever reason, the way the message is structured, almost all of the automated calls end up dropping before ringing through to me. Only real users end up getting to me. I occasionally get the, “Hello, hello, hello” from the overseas call center, but very seldom that call actually ever gets through to me just by a long outgoing message.
Patience is not something that scammers have or robocallers have. Unfortunately, fortunately, I'm not sure.
Maybe they're listening because all calls are recorded for quality assurance.
I haven't had a quality telemarketing call probably ever in my life, so I'm not sure. They could probably take that disclaimer out.
I know, at least early on in the iPhone days, Android from the beginning, I believe, supported the services that you guys do. An iPhone, iOS now does support it. Are there platform differences where you have better interoperability, I think is the right phrase, where your product works better because of the OS on the phone?
Actually, it's very dependent on the carriers. It's more about how we're working with the phone networks, which we have been, frankly, at the mercy of, mostly just because each network, they're slightly different systems. Sometimes they're making changes to their networks that they might not know impact systems that are integrated with them.
We're always trying to provide that feedback. But like I said, those are big organizations and it takes a lot to make changes. We're just a little call blocker and text blocker.
With Android and iOS, actually, not as much. Like you said, iOS has kind of evolved and understood that this is a problem and been able to really kind of come out with a few solutions that, in our opinion, might be a little aggressive. If you followed the silence unknown callers feature that just came out, that was like taking a sledgehammer when you get a hammer to the problem, but it has definitely evolved.
I think if anything, the privacy stuff that Apple is coming out with, I think, helps to make sure people feel confident in the permissions that they're giving us, of course, or designed with privacy and safety in mind. That, I think, has been helpful for RoboKiller. We've always been built with that philosophy, but some apps just are bad apples. If you have one bad experience, it can be kind of hard. That's been, I think, a positive evolution for us as well.
Yeah, that's always going to be the challenge with third-party services on our devices. You have to trust that provider and what they're doing to maintain your privacy as much as you benefit from the service that they provide.
Yeah, and we've gotten some questions like, “How do I know you're not just robocallers?” I'm just like, “Oh, that just hurts my heart to hear.” I'm just saying, I'm sweating over here trying to make sure you're protected from the spam calls. You can trust us where we're not robocalls.
I guess two questions about where do you see the future going in terms of the types of spam text messages and calls. What's the next platform that you're integrating with in terms of WhatsApp, messaging apps, and WeChat? If we've gone from emails to phone calls, text messages, what's the next iteration of this?
I'm laughing because of more reasons. Very early in the year, I made a joke. We were talking to some industry folks and I made a joke about the next wave of phone scams being in the Metaverse. I think the next week, there was a headline on a scam in the Metaverse. I was like, “I really wish that I was wrong with that.”
I think, certainly, depending on whether or not we welcome the Metaverse with open arms, I'm sure scammers are thinking about that. That’s, I'm sure, what the bigger horizon that they're interested in.
I think spam texts really are a relatively new problem. I think that that will definitely continue to evolve. What will happen with spam calls, I think, is yet to be seen. I think, really, the next 12 months with a lot of the focus with the FCC and FTC, on the caller ID spoofing frameworks, as well as getting these international providers on board, really will be, I think, a pretty determining factor.
I think just pushing the telecom industry into more of a unified kind of approach to some of these protections is definitely important. Of course, being a little bit on the outside of that with RoboKiller and TextKiller, and being independent, we don't have carrier partnerships. We’re really doing all this technology development on our own, trying to be more collaborative with these platforms, and really coming up with a solution that gets everyone who can be helping to protect consumers from these scams is really important. I think the evolution of that will be whether or not we win or don't win against this fight in the current mediums that we're seeing this.
The one thing that I think is interesting recently, and actually I just finished my last point, of course, too, with that unified front, we do need to get spam text into the mix there right now. That focuses just on spam calls and caller ID spoofing, which there's been some mumblings at the government level of some interest there. No kind of word beyond that on what that looks like or what the timeline is, but definitely interesting.
Last, and the other thing I was going to mention was that there was actually a few lawsuits recently by Marriott, I want to say Amazon or another big brand, on trying to sue some telemarketing companies for using their name and likeness in a way that was harmful to the brand and harmful to the people that received those calls. The free cruise, free vacation scams, that has definitely been.
Brands are starting to take this problem head-on really for brand equity and trust with their consumers and customers. Having more brands really pay attention to, “How is my brand being used to really harm these customers?” We have a lot of statistical estimates, not only on the number of phone scams and both text and call that we see for Amazon, but we can also estimate how much do we think that consumers that are familiar with Amazon are losing to these scams.
As a brand, that's super important to kind of be out there and saying, “Hey, this isn't benefiting us in any way other than protecting you and really trying to put a stop to some of these shadier people who might be using this for harm.” That's been an interesting evolution that we're definitely excited about.
I think that consumers should be excited when brands are interested in taking legal action, because you or I are not going to be able to find out who this entity is who has the Costco vacation giveaway, but you bet Costco has got deep enough pockets and good enough lawyers that they can figure it out and make somebody's life miserable. It's nice when the corporations are—when our interests and the corporation's interests are aligned—is good for us.
I think, personally, we're trying to get a sense from our user bases of just how much that means to customers by kind of talking to them. I know for me, personally, if I saw that Amazon was out there doing that for us, that is something that means something to me. That does benefit the brand with trustworthiness, loyalty, which in these days of capitalism, there's a lot of options. Anything we can do to kind of establish that also benefits these brands as well.
Yup. You've got some great information for us. How can people find out more about the products and services you guys offer and find you on social media?
Thanks so much for asking. TextKiller doesn't have a website currently, so you can go to robokiller.com to learn more, both for our call-blocking services, as well as our spam text blocking services. RoboKiller is available on the iOS and Android app stores as well.
We offer free services, as well as premium. Both cost around $5 a month, and we do offer a seven-day free trial for you to check those out, risk free. I think that probably is the best way you can learn a little bit more. We are on social media if you want to follow us there. I do some blogs as well on our site.
Awesome. Thank you so much for coming on the Easy Prey Podcast today.
Thanks so much for having me.