“From the headquarters which will get expired in next 24 working hours.”Ray Tsang
As if political campaigns, shady telemarketers hawking home security systems, and the rest of the usual suspects aren’t generating enough automated phone calls, three separate groups have used April tax paranoia to fuel fraudulent robocalls claiming to be affiliated with the Internal Revenue Service. Using calls masked by US phone numbers, these fraud campaigns seek to get anxious taxpayers to fall for their schemes by claiming to be directly from the IRS or from organizations seeking to collect on the IRS’ behalf.
The scams hit millions of phone numbers over the past few weeks.
Thanks to voice-over-IP technologies and cheap robocall systems, fly-by-night telemarketing operators are able to flaunt “Do Not Call” list laws and saturate blocks of numbers with calls that push products both real and fake.
Ars hunted down one scam last year that used an outbound voice response system that attempted to convince call recipients that they were talking to an actual person, funneling them toward a fake magazine sweepstakes scam.
The Federal Trade Commission has been searching for technology to help fight robocalls for years.
There have been some promising technologies developed to help fight them, such as Robokiller—a cloud service that won last year’s FTC “Robocalls: Humanity Strikes Back” contest—but those technologies have thus far failed to materialize in a form that can help the average consumer. Robokiller’s development went on hiatus late last year as the team behind it was pulled into other projects.
In the meantime, scammers have now started posing as agents of the IRS using robocalls.
According to call “fingerprinting” performed by Pindrop Security, the wave of calls can be traced back to three distinct groups operating outside the US. When victims respond to the calls, they are funneled back to overseas call centers where individuals gather personal data and prompt them to wire money to avoid further fines or prosecution.
Here’s a transcript of one of these calls from a voicemail left on a personal cell phone recently.
A female digitally synthesized voice said:
This is the IRS regarding your tax filings, from the headquarters which will get expired in next 24 working hours.
And once it gets expired, after that you will be taken under custody by the local cops, as there are four serious allegations pressed on your name at this moment. We would request you to get back to us so we can discuss about this case before taking any legal action against you.
The number to reach us is 206-[redacted].
I repeat 206 [redacted].
According to reverse-lookup data, the Seattle number making the call comes from a group of numbers originally associated with Broadwing Communications LLC, a telecommunications provider acquired by L3 Communications in 2009.
But phone numbers are easily moved around and spoofed, so identifying where the call actually comes from is difficult. However, according to “phoneprinting” data from Pindrop, the number masks an overseas line.
That’s the same scenario for the numbers associated with two other groups, according to security researcher Terry Nelms.
Pindrop set up a telephone honeypot for robocalls and then recorded live calls of the scammers taking responses from “victims.” The audio was then processed with Pindrop’s neural network analysis software that is trained to pick out elements of the call audio to identify its origin.
The technology was developed to help bank call centers and other enterprise customers catch potentially fraudulent calls from people posing as customers to gain access to accounts, Nelms said. (Audio of one call follows below.)
“We can tell if it’s an international caller, over a land line or voice over IP call, uniquely fingerprinting the device that they are using to make the call from artifacts extracted from the audio,” Nelms explained. “Using that information, we can create a signature, a phoneprint.
The fraudster can change the phone number, or the voice, but still be identified.” When a call comes into a call center, the audio of the call can be used to quickly assign a risk score to the call, allowing call center workers to elevate security in cases where there’s a high probability that the person on the other end isn’t who they claim to be.
Pindrop has met with the FTC and the Federal Communications Commission to discuss its findings. Nelms said that the agencies are “looking for ways to track down fraudsters, since there are such a small number of them. We’re looking for a way in the future to use phoneprints to help consumers detect these calls.”