Full Report
Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.
Analysis Summary
# Main Topic
The intelligence report details the mechanics, actors, and necessary countermeasures associated with the rise of phone scams, specifically focusing on understanding and responding to incoming calls labeled as "Scam Likely" by mobile carriers. The core theme is the increasing sophistication and financial impact of voice phishing (vishing) and robocalls.
## Key Points
- The "Scam Likely" label is applied by carriers based on internal analysis, including customer reports and network analytics (e.g., identifying rapid, high-volume calls to numbers on Do Not Call lists or use of specific VoIP services).
- Global phone fraud and spam reached all-time highs in 2023, with 28% of unknown calls categorized as fraud or spam. Average consumer losses increased by 527% annually to $2,257.
- Voice communication remains a high-risk vector because human susceptibility to social engineering is high when interacting verbally, minimizing decision time.
- Scammers acquire target phone numbers through scraping, data breaches of third-party providers, phishing, or purchasing data from brokers.
## Threat Actors
- **Unspecified Scammers/Criminal Groups:** Responsible for unsolicited calls, functioning often via organized crime ecosystems involving telemarketers, "lead generators" (who supply phone lists), and VoIP companies facilitating illegal robocalls.
- **Motivations:** Primarily financial gain, as evidenced by the high average loss reported by victims.
## TTPs
The report outlines several common phone scam methodologies:
- **Impersonation Scams/Vishing:** Pretending to be government agencies, tech companies, banks, or police to demand payment or sensitive verification data. This includes convincing victims their funds are at risk, requiring transfer to a "safe" account.
- **Remote Access/Tech Support Scams:** Convincing victims to grant remote access to their computers under the guise of resolving non-existent malware issues, allowing the attacker to install real malware or steal credentials.
- **Investment Scams:** Soliciting funds for fake, high-return investment opportunities.
- **Prize Draw Scams:** Claiming the victim won a prize contingent upon paying a small "tax" or providing personal identifiers.
- **Robocalls:** Automated calls used to disseminate potential scams or telemarketing pitches.
- **Data Acquisition:** Scrapers, data brokers, and phishing techniques are used to populate contact lists.
## Affected Systems
- **Communication Infrastructure:** Mobile phone networks that apply carrier-level spam filtering and labeling features.
- **End-User Devices:** Personal mobile phones (iOS and Android devices) used to receive and process incoming calls.
- **User Systems:** Personal computers targeted for remote access exploitation.
## Mitigations
Defensive measures focus on individual user action and utilizing carrier/system features:
- **Leverage Carrier Labels:** Heeding warnings like "Scam Likely" and avoiding interaction.
- **Registry Opt-Out:** Registering phone numbers on national Do Not Call registries where available.
- **Data Broker Opt-Out:** Contacting data brokers directly to request removal from their lists.
- **Device Blocking:**
- **iOS:** Block Caller functionality found in the Recents call log via the info icon.
- **Android:** Utilize Call history, tap the three dots, and select Block / report spam.
- **Security Software:** Implementing call filter features available in mobile security solutions.
- **Awareness:** Never sharing personal/financial information or authorizing remote software downloads over unsolicited calls.
## Conclusion
The proliferation of high-volume, low-cost phone scams continues to pose a significant financial threat driven by the effectiveness of voice-based social engineering. While regulators are imposing fines on bad actors (including VoIP providers), the primary defense remains user vigilance, proactive blocking of known numbers, and utilizing carrier-provided "Scam Likely" indicators. Users must treat unsolicited calls with extreme skepticism and rely on established offline verification methods before disclosing any information.