Spam calling and texting, once dismissed as merely a nuisance, is now creating exponential losses for Canadians. Based on reports submitted to the CAFC, Canadian Anti-Fraud Centre, last year's losses were calculated at $383 million, a steep increase from $160 million reported losses in 2020 ¹. It is important to note that only 5% of victims report to law enforcement or the CAFC, putting total losses immeasurably higher ². Currently, it is estimated that up to 25% of all calls made across mobile networks in Canada are spam or fraud calls, putting Canadians at serious risk³.

The top five types of scams in Canada

Scammers have evolved to pursue a multitude of avenues and detailed schemes in order to stay ahead of antispam measurements. Here are the five largest scams in 2021, ranked by monetary loss to Canadians:

1. Investment scams costed Canadians $70 million⁴. Victims view accounts of individuals posing as subject matter experts, advising others to invest in particular cryptocurrencies. Unfortunately, victims are directed to fake websites and lose their investment.
2. Romance scams costed Canadians $42.2 million⁵. Criminals create fake profiles on dating sites and even social media platforms to build virtual relationships with people. At times, they take years to build trust, and eventually solicit money out of their supposed partners.
3. Spearfishing scams costed Canadians $38 million⁶. Scammers' use illegal caller ID spoofing, posing as a government agency or a reputable business. Spammers have been able to successfully spoof several government agencies including but not limited to: Service Canada, Justice Canada, the Federal Court and Department of National Defence.
4. Merchandising scams costed Canadians $5.6 million⁷. Criminals create classified ads or fake websites to sell a variety of items such as concert tickets, puppies, vehicles or even rent out apartments.
5. Service scams costed Canadians $4.8 million⁸. Here, scammers offer services such as credit cards, insurance or phone plans in an effort to gain access to their victims' credit cards or bank accounts.

The technology behind telecommunication scams

Scams and frauds rely on a multitude of advanced technology to outsmart fraud prevention. Below are the five most prevalent advancements in technology that are leveraged in scams.

1. Wangiri: Wangiri is a Japanese term directly translating to "one ring and cut"⁹. Like the translation suggests, the victims' phone will only ring once, often at odd hours, when calls are less likely to be answered. When victims return the call, it will get rerouted to a premium-rate number overseas for which they will get charged by their telecom provider.
2. Caller ID spoofing: CNAM, is the Caller NAMe, and CID, is the Caller ID or phone number that is displayed when receiving a call. While call centres may have permission to duplicate their clients' CNAM and/or CID, it is illegal to replicate and imitate a CID without permission. Spammers either utilize the numbers of reputable companies or individuals within the same area code of the victim to gain their trust.
3. Short stopping: In this scheme, a hacker hijacks a call before it reaches its target destination by working with a rogue carrier on the call's path. The hacker then redirects the call to an international phone number, allowing hackers to surcharge their victim. Sometimes, the caller will hear a false ring tone or a doctored network message such as The person you have called cannot be reached. Please try again later. The hackers and rogue carriers share the revenue generated by these calls, which are either billed to the customer or another carrier in the routing flow.
4. Call Stretching: This scam is run by fraudulent carriers to charge more money directly from legitimate carriers. A portion of live conversation is recorded from an active call, which is played to one caller, after the other caller is dropped. The time it takes for the second caller to realize that the call has been disconnected and hangs up is time that the fraudulent carrier has successfully added to the duration of the call. Legitimate carriers measure pay out according to the duration of the call, and so they end up paying more to the fraudulent carriers than they actually owe. While this may only add seconds, when conducted on a massive scale, this technology can generate significant revenue.
5. PBX Hacking: One of the most common and significant types of telecom fraud is PBX Hacking. A PBX, Private Branch Exchange, is a private telephone network within an organization. It connects the business to an external network, allowing users to share outside lines while reducing the number of lines needed. When one hacks into a PBX, they can run up a big bill initiating international calls, resulting in unauthorized charges for the PBX/business owner.

What the government of Canada is doing to fight fraud

The CRTC, Canadian Radio-television and Telecommunications Commission, will be overseeing the implementation of STIR/SHAKEN, in efforts to deter illegal caller ID spoofing. STIR, Secure Telephony Identity Revisited, and SHAKEN, Signature-based Handling of Asserted information using toKENs work separately to authenticate caller information.

However, Canadians are a far way from being fully protected from caller ID spoofing. The CRTC is only in the beginning stages of implementation and is currently exploring mandated readiness assessments from carriers ¹⁰. Once STIR/SHAKEN is implemented, numbers can only be verified if the device is compatible, and both carriers of a call have adopted the guidelines. While STIR/SHAKEN provides guidelines for authentication, no third party management exists to monitor the CID validation process, leaving each carrier to implement their own standards. Additionally, a majority of CID spoofing occurs when an individual is hacked. Calls made with this stolen ID will still be validated by STIR/SHAKEN as it is unable to identify the caller behind the phone number.

How SIPSTACK fights fraud

Using the latest machine learning (AI) technology, SIPSTACK's systems validates callers' phone numbers in real time, which can provide enhanced security information to allow recieving callers to make informed desiscions about a phone call. When a carrier implements SIPSTACK's Risk Rating Score, they are able to customize a threshold for calls to pass through, based on their specific needs. At SIPSTACK we take an active role in ensuring we are building a secure connected tomorrow. Contact us today to learn how you can protect yourself from spam or visit Whois by SIPSTACK for real time lookups against phone numbers.

References

^{1 https://www.antifraudcentre-centreantifraude.ca/index-eng.htm}

^{2 https://www.rcmp-grc.gc.ca/en/news/2022/fraud-prevention-month-raises-awareness-a-historic-year-reported-losses}

^{3 https://toronto.ctvnews.ca/best-possible-news-relief-from-annoying-robocalls-soon-on-the-way-1.5669152#:~:text=According%20to%20the%20Canadian%20Radio,ever%20get%20to%20your%20phone}

^{4,5,6,7,8 https://toronto.ctvnews.ca/these-are-the-top-five-scams-canadians-fell-for-in-2021-1.5718580}

^{9 Arafat, Mais, Abdallah Qusef, and George Sammour. "Detection of wangiri telecommunication fraud using ensemble learning." 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT). IEEE, 2019.}

^{10 https://crtc.gc.ca/eng/archive/2021/2021-123.htm}