Beware the “Dirty Dozen”
When I hear “The Dirty Dozen,” I remember the 1967 World War II classic movie starring the likes of Lee Marvin, Ernest Borgnine, Charles Bronson, Telly Savalas, and Donald Sutherland. However, when I clicked on a link in my town’s recent weekly email update, the “Dirty Dozen” is actually a running list of the top tax scams as reported by the Internal Revenue Service (IRS). Specifically, my town was passing along an IRS press release from February 2, 2016 that warns taxpayers of phone scams, and that such aggressive and threatening calls by criminals impersonating IRS agents remain a major threat. The IRS has seen a surge of calls from criminals impersonating IRS agents in recent years and especially during the annual filing season. Phone scams, in fact, top the “Dirty Dozen” list for 2016. A few others on the list include phishing, return preparer fraud, and offshore tax avoidance.
For most of us, filing season is hectic and stressful enough, and unfortunately these tax scams are primarily designed to steal money from victims. The Treasury Inspector General for Tax Administration announced in January that, since October 2013, they alone have become aware of over 5,000 victims who have collectively paid over $26.5 million as a result of tax scams. Of particular interest here is how phone tax scams occur and, most importantly, what can be done to prevent them.
Besides using IRS job titles and fake badge numbers to appear legitimate over the phone, scammers may use the victim’s name, address, and other personally identifiable information (PII) to make the call seem official. To gain access to the phone network, scammers exploit various security risks. In many cases, access is gained through a shared network based on the Internet Protocol (IP). Once access is gained, a scammer can alter the calling number and name to make it look like the IRS or another legitimate agency is calling. A scammer can also leave urgent callback requests using robocalling (or automated calling software) technology.
In their February 2, 2016 release, the IRS offers taxpayers a range of ways to protect themselves. However, wouldn’t it be better if the taxpayer can know with confidence that the person calling is actually from the IRS? Research indicates that 97 percent of calls from businesses to consumers go unanswered. This is due in large part to the lack of trust we have in a displayed calling name and number, unless the caller has previously been added to a consumer’s contact list (which is unlikely in the case of most businesses). However, the encouraging news here is that the phone network and device technology evolution has also afforded opportunities to the industry to bring comprehensive solutions to the market. These solutions can redefine the call experience and empower call recipients to make more informed decisions about answering calls, as well as restore trust in the caller identity information displayed. Although no silver bullet has yet to be defined, a comprehensive solution can include a combination of mitigation techniques.
Some key practices believed to be part of any comprehensive solution design include:
- Be adaptable. Scammers have been observed to be quite creative in their use of technology and tactics. Solutions need to be flexible as new approaches are attempted.
- Employ real-time, sophisticated data analysis. Better insights can be uncovered through as broad a range of caller data as possible. This, in many cases, will require sharing commitments across a larger ecosystem of participants.
- Incorporate trusted, authoritative identity data. Mechanisms to “certify” the caller and the communications session across a voice network need to incorporate sources of authoritative identity data—but, of course, in a way that protects the privacy rights of users.
- Empower users with call-handling options. In most cases, the receiver of a call is in the best position to determine how they want to handle that call. Ultimately, there needs to be coordination between the network and the device to redefine this experience from where we are today.
- Be cost effective and efficient. There needs to be realistic expectations on what can and cannot be done, based both on the limitations of current technology and on cost implications. At this time, the deployment of such solutions typically needs solid internal justification of the business case.
- Be deployable and interoperable (based on certain industry standards/agreements). Being in product management for over twenty years has taught me that price and ubiquity are the two most important ingredients to product success once its utility has been validated. To achieve these, there needs to be some common industry foundation on which to build market differentiation as may be required in this area.
- Be easy for consumers to use. My personal experience to date supports that some of the existing mitigation techniques available today are either not easy to use or not well understood by the market channel that’s selling or representing them.
- Protect phone network assets. There are techniques today that can be quite effective in identifying some fraudulent calls. Such calls, especially when done using robocalling technology, need to be proactively blocked when detected.
Although there are various point solutions available today, there is much more that the industry can do to better battle phone scammers and hopefully make phone communications as secure and trusted as earlier generations can attest to.
Neustar is doing its part to address some of these challenges by developing innovative, next-generation Caller ID solutions for mobile devices. These solutions benefit both the called and calling parties—whether consumer or business—with enhanced and verified Caller ID functionality. We believe that the technology underpinning these solutions has the power to revolutionize the calling experience, and reshape how the industry sees mobility, identity, and security.