Scam Likely notification on T-Mobile connected smartphone

Robocalls are a scourge, leaving many people unwilling or afraid to pick up their phone unless they know the caller. If you’re waiting for a job interview or support callback, this is incredibly stressful—but now phone carriers are helping.

New Standards Will Unmask Spoofing

If you have T-Mobile service and a Galaxy S9, soon you will start seeing “Caller Verified” when calls arrive, if T-Mobile can verify the caller ID matches the real phone number. The Caller Verified message means that the call originated from T-Mobile, and they can confirm that no spoofing or intercepting occurred in placing the call.

Verifying calls relies on a new standard called STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs). Not to be confused with martini preparation directions, STIR/SHAKEN will allow phone carriers to determine if the number a call identifies with is real. Current caller ID technology doesn’t have any method to determine if the information provided is accurate and STIR/SHAKEN will solve that problem.

And as other carriers implement STIR/SHAKEN, they will work together so that phone calls verification occurs even when they come from a different carrier.

Additionally, T-Mobile, Verizon, and others are already offering blocking services that rely on crowdsourced blacklists. Robocaller blocking has been free on AT&T since 2016, free on T-Mobile since early 2017, and now Verizon has announced they will no longer charge for call filtering starting next March.

man wearing gray shirt use blue Samsung S9 plus
Noyna/Shutterstock

You May Already Have Some Spam Blocking

Crowdsource based spam blocking software is already ubiquitous, and chances are you can either subscribe to it from your carrier or download an app for your phone that will achieve the same goal. But the new STIR/SHAKEN standard will take longer to implement fully.

If you have T-Mobile and a Galaxy S9, you have the first stages of the technology right now and ‘more devices’ will receive STIR/SHAKEN in 2019. Meanwhile, Verizon and AT&T have promised to implement, but not specified an exact timeline beyond 2019. Sprint has made no such promises and instead questioned the cost and effectiveness.

Apple, Google, and other phone manufacturers haven’t commented on any plans to assist with the implementation of the standard. Microsoft supports SHAKEN/STIR and helped in its development. While they aren’t working on Windows Phone anymore, they do have an interest through Skype.

STIR/SHAKEN is Similar to HTTPS

With STIR/SHAKEN in place, when a phone call is made the first thing it will do is attach a certificate that verifies the number assigned to the signal. Then as it passes along, that certificate is checked against an encrypted repository for validity. If everything matches up correctly, the service marks the call as verified. When it doesn’t, then the carrier knows the number is potential spoofing.

What the phone carriers do next is their decision. They can mark the call as verified when appropriate, or show a possible scam message, or block the call.

If this sounds familiar, that’s because the process is very similar to how secure certificates work on web browsers. This also demonstrates a significant downside. Just as a security certificate doesn’t mean a website is safe, a verified caller message doesn’t prove the phone call isn’t a robocaller.

If the robocaller calls from a legitimate number that they purchased without any spoofing, then the call will show as verified. Hopefully, crowdsourced lists and blocking will finally become useful at this point, as the robocaller won’t just change their number with every call.

Close up of a man using mobile smart phone
Kostenko Maxim/Shutterstock

How to Block Spam Calls, Right Now

If you aren’t using a Galaxy S9 on T-Mobile, and you don’t want to wait on Verizon to offer their service free, there are options you can use today. You could subscribe to Verizon’s call filtering service until Verizon makes it free.

You can join the Do Not Call list for what it’s worth—which doesn’t seem to be much these days—and block numbers individually. On iPhones, you can download an app like Hiya that crowdsources blacklists to identify scammers, which you can then either flag or block. On Android, you have built-in options, and you can also use a similar app like Mr.Number or Truecaller.

These crowdsource blacklist apps can block legitimate calls, unfortunately, so keep that in mind if you frequently receive calls from unknown numbers.

This is Only a Measure of Peace

Unfortunately, true freedom from spam calls is entirely dependent on the carriers to solve the problem. Until now they’ve been more than willing to put through these calls, placing the blame on others and existing laws.

The FCC called them out on this, and that has made a difference. But until the cost to make scam calls is higher than the profits derived from them, spam callers will keep trying and hope you answer. Until better solutions arrive, the best thing you can do is ignore the calls.

Josh Hendrickson Josh Hendrickson
Josh Hendrickson has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smarthome enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code.
Read Full Bio »