In order to achieve their intentions, dishonest robocallers and criminals will take any means to make it look like your friendly neighbor is calling. They do this to mislead their prey or called-party. The purpose of this type of work is to gather valuable information, most of which is dishonest and unethical.
We are writing this article to inform you how to prevent spoofed robocalls with STIR/SHAKEN, which is an advanced certification followed internationally to prove the caller if read.
The illegal method of changing a calling number to a reliable telephone number is called spoofing. The chances of answering the automatic scam call increase through spoofing. Such deception may be more malicious in some cases.
For example, a scammer may try to steal tax refunds by pretending to be an IRS agent through spoofing.
Custom Spoofed Detection Switch
Monitoring Robocalls Switch System
Custom robocalls detection solution
Since 2014, FCC or Federal Communications Commission has been trying to develop a solution by encouraging the telecommunications industry. The solution must prevent spoofing and automatic scan calls.
The industry responded by developing a new technical standard. They are –
The standard defines how the STIR technology should be implemented by the telephone service providers so that it can make sure the calling numbers are not tampered with or spoofed.How to prevent spoofed robocalls with STIR/SHAKEN: The process
To measure the validity of phone numbers, a digital certificate based on common public-key cryptography is used by STIR/SHAKEN. To put it simply, a trusted telephone service certification authority gives this digital certificate to other telephone service providers.
The called-party can verify whether the calling number is accurate and has not been tampered with or spoofed.
The following illustration of the call flow diagram shows the workflow of STIR/SHAKEN –
Source: https://transnexus.com/
1) The originating telephone service provider receives a SIP INVITE
2) To verify the validity of the calling number the originating telephone service provider checks two things – the call source and the calling number.
3) A SIP ID header is generated by the originating telephone service provider. The service provider uses the authentication service that can be a software application integrated into a Softswitch or a session border controller (SBC) from a telephone service provider. It can also be a third-party service hosted in the cloud.
The following data are contained in the SIP Identity header –
4) The terminating telephone service provider receives the SIP INVITE along with the SIP identity header. Additionally, Out-of-Band SHAKEN can be used to send identification tokens over the internet on non-SIP call segments.
5) The verification service has received the SIP INVITE along with the Identity header
6) The public certificate repository offers a digital certificate to the original telephone service provider. Then, the certificate is delivered for verification service. Once it receives the certificate, it starts the multi-stage verification process. The calling number will not be considered spoofed if it successfully passes all verification steps.
7) The results of the verification service are received by the SBC or the terminating service provider’s Softswitch.
8) After everything, the called-party will end the call.
Telecom companies use STIR/SHAKEN is a provider-based caller ID authentication standard. This can be used to verify that the incoming call has not been spoofed and is indeed from the number specified in the caller ID. In the end, this can reduce the number of fraudulent calls.
Telecom companies make their customers confident that the caller ID information they receive is more accurate. Telecom companies use STIR/SHAKEN technology to update their spam detection algorithm with real-time call filtering. This can reduce the chances of a call being blocked mistakenly or identify “good” calls as “potential spam”.
For many years, the industry has been trying to curb phone infiltrators. From the announcement in 2019, the largest telecom suppliers like Verizon, TMobile, and AT&T are experimenting to address spoofing problems with tools such as STIR/SHAKEN or applications such as Robokiller.
However, the scam calls didn’t stop coming.
All network providers including the smaller regional networks have gone through various networks, between callers and recipients. Therefore, F.C.C. (Federal Communications Commission) hoped for uniting these network providers to reduce the spoofing problem. Because it will be much easier to verify scam calls for these network providers.
In June 2021 around 4.4 billion robocalls were made to consumers inside the United States. From the total robocalls, around 573 million were about health and auto warranty-related scams. This data was collected from a call-blocking company named YouMail.
This indicates that – some robocalls are legal indeed. Yes, that is true because most political campaigns and school closing robocalls are legal as industry estimates.
You should also note that – scam calls often come depending on the seasons or events. On Friday, Miami-Dade County Attorney Catherine Fernandez Randall warned people that the charity took the initiative to call, claiming to help the victims and families of Champlain Tanan, which is a partially collapsed house in Surfside, Florida.
We have already mentioned before,
STIR/SHAKEN is basically a method to verify the original phone number of a phone so that the voice service provider who is receiving the call knows that the originating phone number is correct.
The FCC works with the telecommunications service providers to respond to robocalling, fraudulent calls, and unsolicited telemarketing calls. One strategy used by these people is to forge the originating telephone number to make the call look more likely a number to be the recipient of the call. STIR/SHAKEN suggests to the voice provider that the call is coming from the originating number.
We can expect the implementation of STIR/SHAKEN by June 30, 2021. This is almost certain and announced by the FCC.
Since your outbound calls to the 8×8 service use STIR/SHAKEN, the voice service provider will not treat your calls as unauthenticated. Also, the calls won’t be blocked on the receiving end due to a lack of STIR/SHAKEN authentication.
However, the FCC also approved voice transmission. By default, the service provider will label or block possible robocalls or unwanted traffic based on appropriate analysis. Therefore, it is possible that the voice service provider marks the received call as spam or blocks it, even if the originating call is signed with STIR/SHAKEN. You should contact 8×8 support if you think your outbound calls are mistakenly marked as spam or blocked by the voice service provider.
We hope you understand how to prevent spoofed robocalls with STIR/SHAKEN. Along with this, we are guessing you have learned many things about the STIR/SHAKEN method. There will be many updates for the rules and policies in the future depending on the accessibility of several facts. It also depends on the region and their governmental rules for preventing scam calls or robocalls. The scammers will not sit back and they will look for innovative ways for spoofing. Therefore, the authority should always remain concerned about updating the STIR/SHAKEN accordingly.