Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Play next
Hang Up on Fraud: Tackling Robocalls and Scam Calls, A conversation with Alex Quilici, CEO of YouMail image

Hang Up on Fraud: Tackling Robocalls and Scam Calls, A conversation with Alex Quilici, CEO of YouMail

S1 E18 · Scam Rangers
Avatar
529 Plays1 year ago

In this episode we shed light on the rising issue of robocalls and scam calls, untangling the complex web of technology, regulations, and telco motivations. Explore the advanced tools and methods employed to detect and thwart these deceitful calls, while understanding the vital role regulations play in enabling effective action.

But the battle doesn't end there. Dive deeper with us as we uncover the alarming evolution of scammers, who now utilize targeted lists obtained from data breaches, equipping themselves with personal information that makes their calls distressingly effective. Gain valuable insights into the motivations driving telco providers to combat this ever-growing problem, and arm yourself with knowledge and strategies to protect against phone scams.

This podcast is hosted by Ayelet Biger-Levin https://www.linkedin.com/in/ayelet-biger-levin/  who spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. She has created this podcast to talk about the human side of scams, and to learn from people who have decided to dedicate their lives to speaking up on behalf of scam victims and who take action to solve this problem. Be sure to follow her on LinkedIn and reach out to learn about her additional activities in this space.   Also check out https://scamranger.ai if you had received a message that you suspect is a scam

Recommended
The Australian Formula for Tackling Scams: A Shared Responsibility Approach, A conversation with Toby Evans, Head of Economic Crime, Australian Payments Network image
The Australian Formula for Tackling Scams: A Shared Responsibility Approach, A conversation with Toby Evans, Head of Economic Crime, Australian Payments Network
S1 E35 · Scam Rangers
00:45:12·1 month ago
Empowering Customers Against Scams: The Power of Storytelling, A conversation with Kathelijne Swaak and Niels Vink, Fraud prevention leaders at ABN AMRO Bank image
Empowering Customers Against Scams: The Power of Storytelling, A conversation with Kathelijne Swaak and Niels Vink, Fraud prevention leaders at ABN AMRO Bank
S1 E34 · Scam Rangers
00:46:14·2 months ago
Sextortion: The Evil Scam Targeting our Teens in Their Bedrooms, A Conversation with Paul Raffile, Senior Intelligence Analyst image
Sextortion: The Evil Scam Targeting our Teens in Their Bedrooms, A Conversation with Paul Raffile, Senior Intelligence Analyst
S1 E33 · Scam Rangers
00:42:09·5 months ago
Getting in Front of the Scam: How to Build Trust With Your Customers, A conversation with Hailey Windham, a Credit Union Fraud Fighter image
Getting in Front of the Scam: How to Build Trust With Your Customers, A conversation with Hailey Windham, a Credit Union Fraud Fighter
Scam Rangers
00:43:54·6 months ago
Coordinated Action: The Key to a National Strategy Against Scams, A conversation with Ken Westbrook, CEO and Founder of Stop Scams Alliance image
Coordinated Action: The Key to a National Strategy Against Scams, A conversation with Ken Westbrook, CEO and Founder of Stop Scams Alliance
S1 E31 · Scam Rangers
00:40:20·7 months ago
Is Fraud Prevention the New Customer Service? A Conversation with Karen Boyer, SVP Financial Crimes and Fraud Intelligence, M&T Bank image
Is Fraud Prevention the New Customer Service? A Conversation with Karen Boyer, SVP Financial Crimes and Fraud Intelligence, M&T Bank
S1 E30 · Scam Rangers
00:41:58·9 months ago
Will Regulation Drive Action? Reimbursement and Liability in Online Scams, A Conversation with Ken Palla, Retired Director, MUFG Union Bank image
Will Regulation Drive Action? Reimbursement and Liability in Online Scams, A Conversation with Ken Palla, Retired Director, MUFG Union Bank
S1 E29 · Scam Rangers
00:53:42·10 months ago
Online Scam Awareness That Sticks: How to Get Marketing on Board, With Gabriel Friedlander, CEO of Wizer - Free Security Awareness Training image
Online Scam Awareness That Sticks: How to Get Marketing on Board, With Gabriel Friedlander, CEO of Wizer - Free Security Awareness Training
S1 E28 · Scam Rangers
00:41:54·11 months ago
Crypto Investment Scams: How it started. How it's going, with Cezary Podkul ,Reporter at ProPublica image
Crypto Investment Scams: How it started. How it's going, with Cezary Podkul ,Reporter at ProPublica
S1 E27 · Scam Rangers
00:35:31·11 months ago
Identity Theft Forever - The Real People Behind Fake Profile Pics, with Bryan Denny, Co-Founder, Advocating Against Romance Scammers image
Identity Theft Forever - The Real People Behind Fake Profile Pics, with Bryan Denny, Co-Founder, Advocating Against Romance Scammers
S1 E26 · Scam Rangers
00:42:48·1 year ago
Standing Boldly Against Romance Scams: Empowering Victims on the Path to Recovery, with Cecilie Fjellhøy and Anne Rowe, Co-Founder of LoveSaid image
Standing Boldly Against Romance Scams: Empowering Victims on the Path to Recovery, with Cecilie Fjellhøy and Anne Rowe, Co-Founder of LoveSaid
S1 E25 · Scam Rangers
00:47:01·1 year ago
Hearts Exposed: Navigating the Boundaries of Free Speech and Scam Crimes, with Kathy Waters, Executive Director and Co-Founder, Advocating Against Romance Scammers image
Hearts Exposed: Navigating the Boundaries of Free Speech and Scam Crimes, with Kathy Waters, Executive Director and Co-Founder, Advocating Against Romance Scammers
S1 E24 · Scam Rangers
00:30:25·1 year ago
Mind Games: The Psychology Behind Scams, A conversation with Alan Castel, Professor at UCLA Psychology, Expert in Memory, Cognition and Aging image
Mind Games: The Psychology Behind Scams, A conversation with Alan Castel, Professor at UCLA Psychology, Expert in Memory, Cognition and Aging
S1 E23 · Scam Rangers
00:39:21·1 year ago
Defying Romance Scams: Cracking the Seductive Script, A conversation with Ruth Grover, Founder of Scam Haters United image
Defying Romance Scams: Cracking the Seductive Script, A conversation with Ruth Grover, Founder of Scam Haters United
S1 E22 · Scam Rangers
00:42:04·1 year ago
Unveiling Deception: Business Email Compromise Crusaders Unite., a conversation with Ronnie Tokazowski , founder of the BEC Working Group image
Unveiling Deception: Business Email Compromise Crusaders Unite., a conversation with Ronnie Tokazowski , founder of the BEC Working Group
S1 E21 · Scam Rangers
00:43:48·1 year ago
Scam-Proofing Social Media: The Good, The Bad, and The Reality , A conversation with Assaf Kipnis, ex-Facebook Integrity Team lead image
Scam-Proofing Social Media: The Good, The Bad, and The Reality , A conversation with Assaf Kipnis, ex-Facebook Integrity Team lead
S1 E20 · Scam Rangers
00:48:46·1 year ago
The eLegal Challenge of Online Scams - Fighting New Crimes with Old Laws - A conversation with Erin West and Alona Katz, District Attorneys and scam fighters image
The eLegal Challenge of Online Scams - Fighting New Crimes with Old Laws - A conversation with Erin West and Alona Katz, District Attorneys and scam fighters
S1 E19 · Scam Rangers
00:47:49·1 year ago
Untangling the Scam - A Fraud Specialist's Mission (im)Possible, A conversation with Tiffany Paulsen, Fraud Specialist image
Untangling the Scam - A Fraud Specialist's Mission (im)Possible, A conversation with Tiffany Paulsen, Fraud Specialist
S1 E17 · Scam Rangers
00:30:36·1 year ago
Insights from the E-Fraud Global Forum on Online Scams and Countermeasures, with Uri Rivner, CEO, Refine Intelligence image
Insights from the E-Fraud Global Forum on Online Scams and Countermeasures, with Uri Rivner, CEO, Refine Intelligence
S1 E16 · Scam Rangers
00:36:24·1 year ago
Fighting Scams on a Global Scale - Collaborating to Win, With Jorij Abraham, Global Anti Scam Alliance image
Fighting Scams on a Global Scale - Collaborating to Win, With Jorij Abraham, Global Anti Scam Alliance
S1 E15 · Scam Rangers
00:31:04·1 year ago
Transcript

Introduction to Scam Lifecycle and Key Entities

00:00:00
Speaker
When we talk about the scam life cycle which is essentially all the steps that a victim goes through when being scammed we often talk about the unwitting accomplices along the way starting from telcos social media companies other interactions that victims have when they
00:00:17
Speaker
are looking to report scams, and of course, financial institutions, which we talked about a lot.

Guest Introduction: Alex Qualici, CEO of UMail

00:00:23
Speaker
In today's episode, I would like to focus on telcos. Today's scam ranger is Alex Qualici. He's the CEO of UML, which has a mission to stop scam and spam calls. Scam Rangers.
00:00:41
Speaker
a podcast about the human side of fraud and the people who are on a mission to protect us. I am your host, Ayere Figur Levine, and I'm passionate about driving awareness and solving this problem. Hi, Alex.

Ayere's Interest in Fraud Prevention

00:01:00
Speaker
Welcome to the podcast. Thank you for having me on.
00:01:04
Speaker
It's great. I can't wait to hear about your journey and how you started with Umail and how you got into this industry. And I want to say that my background is kind of more banking fraud and transactions and account takeover fraud. And I'm really curious to get the telco perspective in this conversation with you. But let's start from

Alex's Journey: Academia to Entrepreneurship

00:01:25
Speaker
the beginning. Tell us how your journey in this space started and how you got to Umail.
00:01:31
Speaker
What's your background? Sure. So I'm a serial entrepreneur. My background is a PhD in computer science with a focus on AI.
00:01:39
Speaker
When I got done with that, I was working as a professor and one day I was in a store and I said, I wish I knew what the price of this bike was. And this was before smartphones. And I realized that what I want to do is call my girlfriend at the time and have her look it up on the internet. And I thought that's silly. I should be able to just say what I want and have it tell me over the phone and I can decide if this is a good price and a good bike.
00:02:02
Speaker
And that started our journey on building essentially what was Siri over a 1-800 number before smartphones. That ended up getting sold to AOL very quickly within, I think, 18 months or so.

UMail's Evolution: From Carrier to Consumer Focus

00:02:13
Speaker
And we built a bunch of telephony services at AOL. So AOL has this long ago service, but it was the first service that had voicemail to email going to over a million people. It had a number of other really cool speech recognition offerings we did. And I did that for a while.
00:02:29
Speaker
And then I was leaving, I was going to take a year off, and I got a call from someone and said, hey, there's this little company called Umail that's trying to reinvent voicemail. I thought, well, that's telephony. Let me go take a look. And one thing led to another, and I've been doing Umail for quite some time. Wow. So you joined Umail and you said voicemail telephony, but I think the company pivoted a little over time. So tell us a little bit about that journey.
00:02:56
Speaker
So the core idea of Umail was that we could build a much better voicemail that was out there, one that people would actually find useful and like to use and do some cool things. And it turned out that the carriers who we wanted to sell to just weren't interested and we couldn't get enough traction. And so the company pivoted actually to first become a consumer voicemail platform instead of focusing on carriers.
00:03:17
Speaker
And in our consumer voicemail platform, we had this really cool feature, which was it could play an out of service message to certain callers. So certain phone numbers would come in and they'd hear, do, do, do, this number's out of service. The obvious intent to that feature was somebody met somebody and didn't want them calling them anymore and you could fool them into thinking your phone was out of service. Well, you know, that feature grew and a lot of people used it. We were looking at the data and one day we discovered, wow, there's a lot of people that are blocking 800 numbers.
00:03:45
Speaker
hey, there's a lot of people blocking the same number. And so when we looked at that, we realized after a little bit, people were using this to block spam calls. And so that pivoted us into, well, let's help us, that's the primary use case of our service now, let's help people really do that well. And then once we got into that, we realized, hey, it's not enough to just block them at the consumer device level, we have to block them when they're starting. And that's how we got into scam fighting.

Impact of Spam Calls on Businesses

00:04:10
Speaker
So that's really interesting. So you started with a service that was intended to kind of help people avoid the people they don't want to talk to, but then you realize that's happening, but the larger scale is really unintended cause people just, you know, spamming them robo calls and getting harassing them. And I can say as a, as a consumer,
00:04:35
Speaker
I see a huge decline over the years. I remember all those car warranty calls and the IRS calls. And it's not that there are no calls today from unknown numbers that are probably not going to help me.
00:04:50
Speaker
But I can just imagine being a business user and how hard it is when you are getting many calls from unknown numbers. But these are legitimate calls. At the same time, there are also a lot of spam calls and robocalls. So how do small businesses deal with this problem? So small businesses have it the hardest because they really want to answer every call that comes in because it could be a prospect. It could be a current customer. They want to answer the phone.
00:05:20
Speaker
The problem is that for a while, the odds were if you answered the phone, you were talking to a scammer, not a customer. And so it's a huge waste of time for these businesses. And often some of the scam calls that the businesses got were, hey, we've pre-qualified you for a loan. We just need some information. That seems really appealing. And so these businesses were getting scammed. So it's been really rough for what we would call the very small business, the one, two, three, four person business, because they would live and die by their phones, by calls and texts. Wow.
00:05:50
Speaker
In 2012, 2013, 2015, I would say we still got a lot of these car warranty calls, IRS calls, different calls from agencies, quote unquote. How did those decline? What happened? Well, so overall, robocalls have only declined a bit, but some of the campaigns you've mentioned, like the car warranty stuff, we were behind getting rid of it.
00:06:15
Speaker
And so one of the things we do is we realize stopping the calls of the consumer's device is important, but it's too late. You want to go find out who's making the calls and shut off their access to the telephony network. And so we can't shut off their access to the telephony network, but we can collect data on what they're doing, use that to work with others to find out where they're making the calls and then have the full power of the regulatory environment and enforcement come down on them.

Scam Stages and Entity Roles

00:06:42
Speaker
So the car warranty guys, there was data collected from our huge batch of email users that showed the volume of those calls, where they were being made. They were traced back to the source. The government put together a case, went after them, all the carriers had to shut them off, and there goes a billion of those calls. Same with student loan calls. We all used to get those student loan calls. We were behind getting rid of those. The health insurance calls, we were behind getting rid of those, the health insurance scam calls.
00:07:07
Speaker
So it's been a bit of a cat and mouse game of going after the largest scale campaigns using our data, our carrier relationships, and the power of the government to take this illegal behavior that they see at scale and do everything they can to shut it off. That's really interesting. So it's a mix of
00:07:26
Speaker
regulatory process and technology. It sounds like there's almost not too much desire from the telcos to do it. It's more like the pressure that they have that's driving the action here. And that brings me to a different topic, which is the scan life cycle. And I often talk about the scan life cycle that starts with the call coming in or a text message, and then the emotional manipulation happens.
00:07:54
Speaker
And the individual, the consumer is tricked into transferring money to the cyber criminal, giving them personal information, giving them other things. And then they realize they transfer the money, they might realize it's a scam, they go to report hopefully to authorities to their bank and try to get
00:08:16
Speaker
to recovery if that happens, that's great, but in most cases it doesn't. And then there are other issues. And then when we talk about this, I also talk about the unwitting accomplices across the scam lifecycle. So you have those that are enabling the text messages and calls to come in, namely the telcos, and then you have the social media companies that are allowing all the traffic to happen on their sites, the marketplaces.
00:08:41
Speaker
you have the banks that are in charge of the transfer itself for the credit card companies and others and then you have law enforcement regulatory all these. That are kind of.
00:08:53
Speaker
I would say players, none of them I believe wants to help the scammers, but we're also enabling right now. And I think all of these players that I mentioned need to think about what they can do, and the only way to solve this is really to have everyone. So I think in previous episodes, we talked a lot about banks.
00:09:15
Speaker
I would love for you to shed some light around the telcos here and what their role is and what they've tried to do and what the regulators are pushing them to do.
00:09:24
Speaker
So I think telcos is not a monolithic thing. I think there's the telcos that we know who provide our cell phones, right? T-Mobile, AT&T, Verizon. Those telcos want robo calls to go away. It's not helpful for them, right? They get complaints for the consumers. They've had to spend a ton of money trying to block calls when they get to the handset. They've had to implement something called Shaken and Stir, the regulators have wanted, which has been really expensive to try to authenticate

Shaken and Stir Technology: Pros and Cons

00:09:51
Speaker
calls.
00:09:51
Speaker
The telcos would love if there's a magic wand those telcos would love if there's a magic wand and this all went away. The there's another set of telcos though who actually whether they want to or not or aware of it or not benefit from the robocalls because when you have to put a phone call on the network it's called originating the call.
00:10:10
Speaker
You pay for that privilege. And every carrier that has the as a piece of that call as it gets from the start to the finish, they get paid for the privilege. And so with robocalls being in the five billion ish amount every month,
00:10:22
Speaker
They're a material source of revenue for a lot of these telcos. So while they may not want to go get rid of this, there's a risk to them of revenue going away. Plus, there's an expense to try to work with other companies to find out who's making these calls. And so there's a lot of resistance to doing much more than the minimum, at least at first.
00:10:45
Speaker
A lot of them try, but it gets really complicated. It's really hard to shut some of this stuff off. Others are just, I would say, their whole business model is based on short duration calls and calls from robocallers. And they probably are a little more actively working with the robocallers. And we've seen enforcement actions shut some of these down when there's evidence of that. Wow. So tell me a little bit about chicken stir. What problem did it try to solve? And how does it work? And is it successful?
00:11:15
Speaker
So Shakenster was supposed to, and the problem it's trying to solve was to stop spoofed calls. So the idea was that when an automated dollar makes a call, it just fills in whatever number it wants. That's spoofing. So for example, if I see a number that looks like my bank and the number is at the bank of my card, it might not be my bank actually because it's a spoofed number, right?
00:11:37
Speaker
Exactly. So sometimes they spoof an existing number because they'll be more likely to get through. Other times they spoof a number in your neighborhood of phone numbers. So it looks like another number in your city. So you're more likely to answer. Other times they just randomly pick numbers so that every time they call it's a different number and it's harder to block them because you can't have a block list that's that's infinite.
00:11:56
Speaker
So that was a problem that Sir Shaken was designed to solve. The carrier making a call had to basically swear a sign that they know who made this call and it's really their number. And then the call, when it finally gets to a destination, that carrier looks and says, okay, this call was signed. We know where it came from. It's legit. I can put a little green check mark. How can they trust that it's a legitimate number? How does the carrier identify that?
00:12:20
Speaker
in the beginning carrier. So the originating carrier is supposed to know their customer. So they're supposed to have done some diligence. So if I work with a call center, this call center says that it validates all the companies using it. It's Chase, it's Bank of America, et cetera. So they do some diligence to know who their customer is. At least that's the theory. They've got evidence of who it is. And so they can authenticate the call. And there's different levels of knowing your customer. So an authentication level A is, I absolutely have a relationship. I know who these guys are.
00:12:48
Speaker
a B might be have a relationship with someone who's vouching for it. And you know, there's other other tiers. But that was the idea was, okay, at least now everybody's got to sign their call. And so you can't just make up numbers was two problems. One is it's not ubiquitous. Yes. But presumably that'll get solved. Everybody will have put shaken and stir in place. But the second problem is kind of more insidious is that the bad guys use shaken and stir, they get real numbers, they authenticate them, and then they appear to be
00:13:14
Speaker
you know what they can get that get the green check mark appear to be verified and take advantage of that. I got a call a few days ago from Netflix. It's not Netflix. It was just somebody who's got a sim somewhere and filled in the caller ID or caller name to be Netflix and is calling people. So that was kind of the problem there. So it solved one problem but kind of created another.
00:13:38
Speaker
So in that example of Netflix, what happened? What do you think could have happened? Did they register the company under Netflix with something that's not an I but an L? How could they pass the Know Your Customer validations that the telco was doing for us?
00:13:55
Speaker
But believe it or not, T-Mobile and some of the other carriers have a web form where you can put what name you want, right? So some people eliminate their last name for privacy or they'll fill in whatever name they want. It's a legitimate thing their customers want, right? So somebody gets a real T-Mobile phone or SIM or whatever and says, I decided I'm gonna be the IRS or I'm gonna be Netflix and they just fill it in. And so it's not much more complicated than that in this particular case, as far as we could tell.
00:14:24
Speaker
So as a consumer, how do I know that a phone was verified? Or do I need to know if a phone was verified with stir-shaken? And I think there might be some differences between iOS and Android here.
00:14:34
Speaker
Well, in general, the phone is supposed to give an indication that this was a stir shaken call, an authenticated caller ID. So it's really that number. And the fact is, it really is that number making the call. The question is, what about the caller name and everything associated with that call? That's the harder part. And so I think shaken and stir has been successful in reducing the number of spoof calls. I think it's made it a bit easier to trace back some calls to the source because the
00:15:01
Speaker
The call when it gets to its destination now says what carrier put it on the phone network. So there's some help there. But it's just not a solution.

Scammers' Evolving Tactics

00:15:09
Speaker
If a bad guy can go get 100,000 phone numbers and start making calls that look authenticated, you haven't done much but put a big speed bump in front of them. You made their life a little more difficult. And at the same time, you might have helped them because now they look a little more real when their calls get to consumers.
00:15:24
Speaker
And it's fairly easy. You don't actually need to necessarily go to a telco to get a phone number. You can go to like Tulio or other companies where they offer phone numbers in different ways as well. Exactly. There's 5,000 ish registered carriers in the US that fill out an FCC, I think form 999. So that they're a carrier, they can get phone numbers, they can do carrier services. And if any of those aren't behaving, then you're going to get people using their services to go make robo calls that they should.
00:15:53
Speaker
So with stir-shaken, it's just another hurdle for small one, speed bump you said, for cyber criminals, but actually they just found a way around it. And so what was the next step? So how do we, despite that fact, as an industry, as a telco industry, try to fight these bad calls from bad people? Well, I think there's,
00:16:21
Speaker
I think one of the biggest things is that carriers have to know their traffic. It's one thing to know your customer extensively. I'm working with this call center. I've got this business. We need to know what the traffic is they're actually putting on the network. Are they the Red Cross or somebody is making calls for the Red Cross soliciting legitimate donations and providing help in an area and suddenly making lots of calls.
00:16:41
Speaker
Or are they some scammer in a foreign country pretending to be some company you have a relationship with telling you, hey, your subscription canceled, or you have a new subscription, call me to fix it? And so everybody's got to know their traffic. And so I think that's where Umail has fit into this whole picture in that we have a huge user base, which is like a giant sensor network of what traffic is coming from what numbers. And so we see that illegal traffic. And once you see the traffic, you know there's a problem.
00:17:11
Speaker
And so I think it's you mentioned all these different sources. I think you've got regulators trying to put pressure to do carriers in the industry to do certain things. I think the carriers are starting to move toward know your customer a bit more. The next step will be knowing their traffic and the last step will be acting on it. So you know I think some of these carriers probably in their hearts know they're carrying bad stuff and they're
00:17:31
Speaker
They're told, hey, here's a phone number that's carrying bad stuff. They blocked that phone number. They aren't going and saying, well, who's the customer that provided this phone number and made calls from 500 other phone numbers? I'm just blocking the one. No, no, no. You've got to block them all. And I think as you see that, you'll start seeing the raw traffic numbers starting to decline. So there won't be these guys who make 100 million calls in a month anymore. That's going to become really difficult.
00:17:56
Speaker
What you are going to see is extremely targeted efforts, and we already see it, where they go find a data breach. So now they've got a list of numbers. They've got a list of identity information used to convince people that's who they are. And they're going to make a much smaller set of calls. So now you get a batch of real numbers. You make a smaller set of calls. You're going to have a much higher, quote unquote, click through and conversion rate for the scams. And so that's where it's heading.
00:18:21
Speaker
So let's talk about that for a second. So in the past, what these cyber criminals did was they would cast a wide net. They would just call random numbers and hope that a robocall was effective enough in trying to get them to, you know, dial one, call back.
00:18:38
Speaker
and then they would scam them. And what they're doing now is they're actually leveraging data from data breaches that is much more targeted, much more effective in building rapport with the victim because they have additional information that could be used to verify some information about them, which is much more effective in manipulation into actually transferring money. And we also see a mix now of text messages and scam calls where
00:19:05
Speaker
it actually starts with a text message and a call back number and then they get the user to or the victim to call them back and the most effective way is really the human talking and persuading and answering the questions and finding a way around the red flags that the victim might have.
00:19:25
Speaker
Tell me a little bit about how it's possible to tackle that combination of text messages and phone calls. So one of the interesting things that we see is exactly what you said. It's basically multi-channel efforts to get to consumers. So Robo call them, Robo text them, email them.
00:19:41
Speaker
All of these things with sometimes a phone number or an action that's requested, call back or press one. The key thing here is collecting a lot of data to be able to see the patterns. Okay, where did this number and this scam we recognize? Here's a text message, it's got a phone number. Where did they get that number? Who got it? What was the behavior of that number? Because then you can really quickly start watching other numbers for similar behavior. So is there a new number? And all of a sudden it's getting thousands of calls.
00:20:08
Speaker
OK, that's already inherently suspicious behavior. And then you can kind of look and say, OK, what text messages are mentioning this number? Well, those are spooked. OK, that's super suspicious. We have enough information to shut that number down. Right. So if that number appears in a context where there's a problem, you can start shutting it down. So you find it that way. You know, honeypots get the emails or the text messages or whatever. And here's the number. But it's also important to look at the behavior of phone numbers on the inbound side, not just on the outbound side.
00:20:37
Speaker
And so tackling that problem is pretty difficult. The good thing is that they need to send out a lot of messages with that phone number in it in order to drive the calls back to it, whether it's texts or voicemails or emails. So you can look at that data and start going, okay, where am I seeing new phone numbers that are in the context that that's a problem? Okay, now I can shut it down. Whereas a carrier, I've given a new number to this small business that's, I don't know, claiming it's a gardening business and now it's got 7,000 calls in a day.
00:21:04
Speaker
Okay, that's probably the world's best gardening business. So it's about knowing your traffic. Yeah. So tell me a little bit about honey pots and how effective they are in kind of detecting these bad activities. So honey pots, the whole idea behind a honey potter, they're just numbers that are out there solely for the purpose of hoping to get a call or a text from a spammer or a scammer.
00:21:27
Speaker
They're really good at catching large scale things very quickly. So they're casting the wide net of, like we talked about earlier, like just send mass sending of messages or calls or verbal calls. So they're good at catching them. You'll find those. They'll find those. You also find the stupid people who are just doing a smaller scale thing, but just calling all these funky numbers in a particular area. And if your honeypots are large enough, you'll catch some of those too.
00:21:53
Speaker
So honeypots are a great tool, but the real tool you need is actual consumers with real voicemail and real phone numbers because those are the ones that are getting called by the breach data. Those are the ones that are being targeted. And so we focus on both. We have a ton of honeypots and the many millions of honeypots and we've got many millions of consumers. So we're trying to collect everything.
00:22:15
Speaker
So maybe that's a good plug to talk about the impact of data breach, because often we think about, okay, in a data breach, our username password is compromised, so good thing they implemented multi-factor authentication, all the services, so we have the texts or other authenticators available. But the impact of data breaches, and we know that
00:22:35
Speaker
the data that's using data breaches, cyber criminals use that to emotionally manipulate or build rapport with the customers. But based on what I'm hearing from you, there's another use of that data from data breaches. So talk a little bit about that. So basically, the data breach gives you a target list, right? So if you want to try to do a scam on account takeovers for banks, and you have a bunch of phone numbers of people who are at a given bank,
00:23:05
Speaker
That's a really great target list. You're not calling everybody hoping to find, say, a Chase Bank customer. Here they are, right? And so you can even be more targeted. You go, well, here's all the ones in Pacific Palisades, California, and I'm going to use the Chase branch number in Pacific Palisades, California, and call them.
00:23:20
Speaker
right? Or do whatever manipulation I'm going to do. So data breaches are actually really, really dangerous for people. Not just identity theft is going to take over their identity right away. I think that's less of a concern. More of a concern is enough information to convince people to give them other information or do things. And that's the real harm. That's really an interesting thought because often when I think about data breaches, and I know
00:23:45
Speaker
Data breaches can happen to any companies about how you react and how you protect and what you do with it. But at the same time, if you think about financial institutions or retail organizations where you have essentially username phone number, then any size company will yield pretty good return on investment for cyber criminals. So if you're a large financial institution, you probably have
00:24:10
Speaker
A lot of controls in place, you invest in cybersecurity, you make sure, you know, if you're a smaller one, of course, you invest as much as you can. But even if you're a very small credit union, it's really important to make sure that you protect that data very, very, you know, in a robust manner, because you're essentially producing a hit list for, for these cyber criminals.
00:24:34
Speaker
Absolutely. I'll give you one example. If you've got customers of say a credit card and you know they have a particular mastercard from somebody, and you've got the list of their phone numbers, you've got a list of maybe their names, you've got this stuff. What you can then do is call the credit card company
00:24:54
Speaker
as if you've got their caller ID. And now there's certain things you can do without any real authentication, right? Oh, we see this number is calling. Would you like your balance? Press 1. Oh, there's my balance. OK, now I know somebody's balance. I know their name. I might know the social security number. I know their account number. I know their balance. I can send them a text saying, hey, I'm really this bank. Here's your balance to confirm I know who you are, that I'm real. I need you to do something. And then it's just natural click, and then you're down a rabbit hole.

UMail's Partnership with Carriers

00:25:21
Speaker
So the breaches allow a lot of the, you don't wanna put too much security on someone retrieving a bank balance, right? It's super convenient to just have it from their phone that called in, but that can be used as part of a bigger scam. And people are like, well, who else can know my bank balance? It's not that hard. So it sounds like you guys have good visibility into the consumer aspect, kind of what's going on in that world. And you have the ability to leverage that data in order to kind of get things to shut down.
00:25:50
Speaker
Tell me about the collaboration on the telco side and what are some challenges in collaborating with different stakeholders and what do you see in terms of trends and openness to collaboration with organizations like yours? So it's really interesting. When a carrier gets in trouble with the regulators, they generally come running to us to help them fix the mess.
00:26:13
Speaker
because we have the data, we know what's going on, we can help them see where they're carrying bad traffic and they can clean it up. So when there's real regulatory or enforcement pressure, we're their carrier's best friend. I think in other places, it's a challenge, right? Where those guys are collecting data that they don't mean to be bad and we're showing they've got a problem.
00:26:33
Speaker
And so we're trying to actually help the carriers in multiple ways, not just be the guys that shut down the fraud, but also the guys who help the legitimate calls get through. So there's a huge problem now where you get spam likely and it's your doctor's office. My home phone number is scam likely now. I can assure everybody I'm not scamming anybody.
00:26:52
Speaker
But my wife was trying to call me and my son and my daughter to try to get ahold of us to bring something over the hill where we were. And all of us were busy. Nobody was answering the phone. She just kept calling. All of a sudden, scam likely. And so that's happening at scale, the call centers. And so we actually have data that, hey, this guy is behaving, not violating the TCP. These calls are legitimate.
00:27:14
Speaker
And so you should be letting them through, and you can go and pressure other carriers to make sure they get through. So knowing your traffic is not just know the bad stuff, it's also understand the good stuff that should be getting through that's not. And so we're trying to build services, and we're starting to successfully work with carriers, selling them a whole package. Here's how we can help you get rid of some of the fraud. Here's how we can help you get some of the stuff through. And over time, you build trust that we don't want to put carriers out of business. We want to put scammers out of business.
00:27:40
Speaker
And once we all start understanding that and we try to optimize our offerings and our help, it's going pretty well. So we're signing more and more of these carriers at all levels. And we're also helping the carriers realize as we partner with enterprises, hey, that's actually a scam call. Do you really want to be carrying a bank imposter scam call? And when it's put that way, none of them want to be doing that. And we can help them clean up their network so they can say, hey, we got rid of this. We helped the bank. And so then it's a positive.
00:28:09
Speaker
Right. And you mentioned TCP. So I know that there are a few kind of regulations that not necessarily are on scams, but just around bad calls and the misuse of communication. So can you walk me through just a few examples? I know there's TCPA and TSR and other guidelines. Can you kind of give me maybe more a general outlook of their goal rather than specifically what each of them is?
00:28:33
Speaker
So the goal is to make sure you're not calling a consumer without the consumer's consent and that you're clearly identifying yourself, the purpose of the call, and making it easy for consumers to opt out. That's the core of it, right? So if a consumer puts their number on a list because they're shopping for a car, at some point they're like, I bought a car, I don't need any more cars from car dealers, they should be able to opt out easily and stop getting them, you know, automated calls. That's kind of the goal.
00:28:57
Speaker
Turns out it's complicated. Different states have different rules. And it's easy for a legitimate caller to get caught by those things, even if they don't mean to. And so we can help show them, hey, this call is getting blocked because you're violating TCPA even if you didn't realize it. But there's this section, or you called people in New York after 9 o'clock, or whatever it is you did. And that's really helpful to them because a lot of them really, they don't, there's no point in calling people that they're just annoying for a lot of the legitimate telemarketers.
00:29:25
Speaker
So I bet all the legitimate companies tried to adhere to those, but the cyber criminals obviously don't care about all these rules. It's actually interesting, right? We're seeing scams that look very legitimate. In fact, some of the cyber criminals take the exact same audio from a particular bank calling about fraud alerts, do the exact same one. So completely compliant calls, everything else, but it's fake.
00:29:52
Speaker
Right? So they're watching what everybody else does and trying to replicate

The Profitability of Robocall Scams

00:29:56
Speaker
it. So the scammers don't want their calls blocked, right? And so they're going to figure out, well, how do I get my call through it? First, it was use the bank's number, but now that's not going to work because the search is shaken. Then it seemed like I'm the bank.
00:30:10
Speaker
It's really interesting because one thing is, you know, scammers are, I just wish they would use all their knowledge for good because they are very creative. They're intelligent in manipulation. They know the regulatory requirements in order to navigate through their way in the industry.
00:30:29
Speaker
It's really that supply chain of very heavy knowledge that they need to bring to the table in order to perform these activities. And it's just scary.
00:30:43
Speaker
It's, they're marketers in the wrong profession, right? Like their whole job is to get through to consumers and get the consumers to convert. That's a marketing problem. And they, they, and one of the things that we did, I think, or made it easy for them was it's really cheap to make huge numbers of calls. So even a bad banner ad will convert if everybody sees it and they realize they can just do a bad scam. And if I call enough people, I'm going to get enough people to make it worthwhile. I mean, you can call every single person in LA for 2000 bucks, maybe.
00:31:12
Speaker
And that's probably not shopping around much. So get five million people for 2,000 bucks. Some portion are gonna just answer. You're gonna confuse some. And it's probably a pretty good return. What do you need to scam one or two people successfully and you got your money back, everything else is golden.

Cross-Industry Collaboration Against Scams

00:31:27
Speaker
And so it's just extremely profitable for these guys. Yeah. I wanted to ask you about cross industry collaboration. Again, I've been talking a lot about banking and credit unions and
00:31:38
Speaker
I'm wondering if there's conversation in kind of the telco industry about cross industry collaboration and I'm asking in particular because in the recent reports by UK finance in
00:31:53
Speaker
I think it was last year and the year before they, they, they have this kind of promo before, before the report itself. And they talk about the fact that the financial industry can't fight this war alone, that they need, we need cross functional or cross industry collaboration. And they definitely mentioned telcos as one of those verticals that needs to step up and step in the game. And I'm wondering if there are any kind of industry conversations around that.
00:32:21
Speaker
I think it's companies like us that are the glue that's tying the two together, right? The telcos are not in the business of blocking scam calls and trying to put scammers out of business. That's not their job. Their job is to facilitate communication.
00:32:34
Speaker
And the banks are not in the telco world. They use telco services to call customers, text customers, but that's not their expertise either. So you need companies that are in between that understand the scams, that can understand data given from banks, can understand data from telco consumers, and put that together to be able to investigate and shut this stuff down.
00:32:54
Speaker
So like a lot of industries, you end up with the bridges. So the bridges are the ones that understand both in a particular vertical area like fighting scams. And we're one of those companies that that's kind of what we specialize in, being able to go to a bank and show them, here's what's happening with your brand out there. Here's the calls and the texts that are out there and what's happening.
00:33:13
Speaker
be able to help them connect that to, oh, that's why we've got all these customer support calls. That's why we're doing recompense. They're starting this way. And really importantly, we show them here's how you stop it, we can stop it for you. Here's how we're going to do it. And we make that a service that we can then sell to the banks and leverage our carrier relationships. And you know, we've done stuff like we shut down a CEO impersonation scam, they've been going on for seven months, we shut it down in two hours.
00:33:37
Speaker
And so the bank could never do that, right? But we had all the right relationships. We could see where it was coming from. We talked and we showed the evidence of

Looking Forward: Technological and Regulatory Optimism

00:33:45
Speaker
it. They shut down the scam. That's amazing. I think the scammers are probably pretty shocked, like what happened to what we've been doing for seven months. Those are one of the most effective scams and lots of money because financial, sorry, because large organizations have the ability to make those large transactions unnoticed almost.
00:34:03
Speaker
So I wanted to conclude with a question about kind of the future and what you're hopeful about. You've seen the evolution of kind of robocalls, casting the wide nets to becoming more efficient, more targeted, larger return on investment for cyber criminals.
00:34:20
Speaker
regulatory pressures and the need to protect customers. What are you hopeful about with everything that's going on? And the level of sophistication of cyber criminals is increasing, but yet I really wanted to kind of shine a light on some hope. I think my hope is that U-mail becomes an insurance company. That we solve the problem working with everybody else and calls still happen, but we're able to shut them down quickly.
00:34:50
Speaker
So that's what I'm hopeful that we'll get to. I think we're going to get there in stages. So the first stage is nuisance calls are mostly going to go away over the next few years because it doesn't pay to just call people randomly. It's going to be very targeted. That's bad because it's targeted, but it's good because your phone rings less. So I'm hopeful for that. I'm hopeful for some of the things in the industry will bring back a little more trust and consumers will be able to at least answer certain kind of calls. There'll be enough technology in place that you can know that this really is your bank calling.
00:35:19
Speaker
Like, for example, you make an appointment with your bank to call at a particular time. The scammers aren't going to know that. The bank calls. You see the number. It's got some kind of thing that says, hey, this is the call at your appointment. You can answer the phone. So I think there's a whole bunch of technology that's going to organize communications better. I'm hopeful that consumers get more educated so they don't fall for this stuff. I mean, you know, we spend a lot of time with our kids, like, look, just don't answer the phone, unless it's, you know, us or whatever. Don't answer the phone.
00:35:46
Speaker
Call them back. You know, voicemail is your friend. Look at the voicemail. See what it says. It says something about your debit card. Well, go get your debit card. Look at the number of your debit card and call it. It's more work, but you're in control. So never give your information out. I think consumers, if no consumers gave information out, there's not really a problem anymore, right? So we have to train consumers. Don't give information out unless you initiated the interaction.
00:36:10
Speaker
And so I think there's a set of things in terms of changing consumer behavior, improving technology. I think enforcement's getting more aggressive. And I think regulations are getting smarter. You put all that together, it will make a dent.
00:36:24
Speaker
But as we can see, email has been around for a long time and there's still email scams left and right, right? Right. So you need all those things happening to just lessen the impact over time. And for me, my goal is instead of, you know, what is it, 10 billion in scam dollars going out in the past year or 30, depending on the estimate. In the US. In the US, just getting that into the hundreds of millions would be a huge win for everybody and then move it down from
00:36:51
Speaker
I'm hopeful. I think there's enough people working on enough technology. We'll make progress over time. It's never instant, but it's a war that can be won. Great. Well, thank you so much. It was a pleasure to have you on the podcast and I'm looking forward to see how things evolve. Thank you. I really appreciate being on the podcast. It was a lot of fun.
00:37:11
Speaker
I hope you enjoyed this episode. In the next two episodes of Scam Rangers, we'll talk about the challenges that our legal system is dealing with, as well as a perspective on social media. For more information about scams, follow me on LinkedIn, A. L. Bigger Levine. And by the way, if you ever get a text message or an email or something on social media that looks suspicious, you can always verify on scamranger.ai. Let me know what you found.