Technology companies like Google and Apple should be doing more to protect users against phone scammers, says one security researcher.
David Glance, the director of the UWA Centre for Software Practice at the University of Western Australia, is all too familiar with the different types of scams that prey on users. One of the most common types of scams he’s seen are those annoying messages that arrive in users’ inboxes. Fortunately, spam filters and machine learning are getting better each day at identifying those ruses.
Not all scams are receiving that same level of attention, however.
One such neglected scam is the phone ploy, which according to Glance accounts for 45 percent of all scams in Australia. He explains as much in an article for The Conversation:
“… Very little has been done about phone and text scams. This is surprising given scammers have quite brazenly stuck to using the same number or area codes over significant periods of time.”
These numbers inevitably end up on sites like “reverseaustralia” when users submit complaints to the Australian Competition and Consumer Commission (ACCC), the Federal Trade Commission (FTC), and other government agencies. But because of the difficulty of dealing with customers, the ACCC’s ability to protect customers is limited to primarily providing information about scams.
Glance feels this doesn’t have to be this way.
On the one hand, he believes governments should take a more proactive approach to dealing with scammers directly:
“It would be relatively easy for government agencies globally to provide a centralised database of numbers associated with scammers. All mobile phones have software available to check phone calls and text messages, and could look up incoming numbers against this database and warn users if there was the slightest suspicion about the caller.”
The ACCC, FTC, and agencies could then make these databases available to technology companies like Apple and Google. In the very least, he thinks sharing users’ complaints that include details about scammy phone numbers with these tech giants would be a good idea.
On the other hand, he feels the big names in Silicon Valley should be doing more on their own:
“Google and Apple should, however, be able to do more independently of these agencies. With the advent of machine learning techniques being used to analyse emails, it will be also possible to apply the same technology to phone calls.”
Until the private sector and governments take a more active role, users can only do so much to protect themselves against phone scammers. There are a number of apps available that can help them screen calls for phone numbers commonly associated with fraudsters. Many Android users also now enjoy an updated feature that warns them if an incoming call is scammy.
But these measures aren’t exactly a “win-win” for scam protection and privacy. On the one hand, many call blocking apps collect scammy numbers from registered users’ contact lists, which means they could expose participants’ phone numbers. Similar risks would arise if governments and tech companies were to increase their efforts towards protecting users against phone scammers. If government agencies were to, say, compare users’ incoming calls against a database of known scammy phone numbers, what ELSE could those agencies do? And do we really want to give tech giants MORE access to our devices than they already have?
At the end of the day, caller ID spoofing makes it next to impossible to consistently block phone scammers. As a result, users should focus on strengthening their mobile device security by exercising caution around text messages and phone calls delivered from unknown numbers. They should never click on links embedded in text messages sent from suspicious numbers. Also, they could always let an unknown phone call go to voice mail and use that subsequent record to evaluate the number’s legitimacy.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.