Shaken And Stirred

Shaken and Stirred

The plan to block scam phone calls

Hacks and scams often depend on gaining the trust of the mark. This is easier if the scammer can appear to be someone or something that they are not. Within telecoms (including mobile and SMS) the initial means of identification is the caller’s number. First corporate switchboards and now many private phones operate through VoIP telephony. At some point these Internet messages enter the public phone networks and must be assigned a ‘regular’ phone number.

Scammers will exploit the existing technology to give their telephone and SMS messages a believable source. A call would then be seen as a legitimate company number tempting the mark to give out confidential information. Simply appearing as a local number rather than international or ‘caller id withheld’ will improve the chance of the mark picking up the call or message.

Without trust in the origin of a phone call or SMS message there is little that the recipient can do. Messages can be blocked from all automatic dialling sources but this will include sources such as health appointments or from a legitimate employer. Numbers can be blocked or reported to BT but the scammer can change all their numbers to new unblocked numbers with relative ease. Many potential recipients simply refuse to answer a call unless one is expected. With fake calls often originating from overseas centres local authorities are unable to shut them down.

OFCOM has ordered UK telecoms providers to implement methods to block spoof calls originating from abroad. STIR/SHAKEN is a set of protocols adopted by the USA’s FCC in June 2021 to limit the use of spoof phone calls. The acronyms had been deliberately chosen to reflect on James Bond’s preferred Vodka Martini; shaken not stirred.  STIR (Secure Telephony Identity Revisited) is used on VoIP networks adding a digital certificate to call data enabling the call’s origin to be verified.  SHAKEN (Secure Handling of Asserted information using Tokens) describes how STIR can be implemented within telecom networks.

Unfortunately the UK telecoms infrastructure is not yet developed enough to implement STIR/SHAKEN. The UK cabled phone network is not expected to be fully digital and IP based before 2025. Within the existing digital telecom systems the UK (amongst other countries) relies on the SS7 protocol to identify where a call comes from and to route it to its destination. The latest revision of SS7 dates to 1993 and is not sophisticated enough to cope with current number spoofing systems. There have even been reports of SS7 exploitation to spoof the destination phone number and use that to intercept and confirm to 2 factor authentication messages.

More from Privacy & Security

13/05/2024

eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post

08/05/2024

Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post

23/04/2024

UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post

25/03/2024

Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories