Last week, I looked at some technologies that can solve the increasingly pernicious problem of robocalls.
They work great for individuals, but these intrusions on our time and privacy present a different problem for people who work in offices.
“Of late, scammers have begun transitioning to corporate phone numbers because businesses live and die by their calls,” says Matthew Mizenko, a senior vice president at RoboKiller Enterprise. “They have to answer, thus exposing them to greater risk.”
Automatically blocking or screening unknown numbers is risky since businesses can’t predict who will call or why. There’s also little they can do to block calls that go to direct-dial numbers within the organization.
STIR/SHAKEN
But there are some steps business owners can take.
A simple one is to ensure that their VOIP provider complies with the FCC’s STIR/SHAKEN standards and protocols, as they were required to do at the end of June.
While not absolute protection against scammers, the technology enables called parties to verify that the calling number is accurate and has not been spoofed, assuming every carrier along the way is complying with the rules.
STIR/SHAKEN standards should become more effective over time, as the FCC’s database of robocalls grows.
Inside the corporate network, “Try to avoid using personal phone numbers for business. Get a separate, virtual SIM or ‘second-line’ phone product with a number that can easily be changed or discarded,” Mizenko says. Burner is an app that lets you create a temporary and untraceable phone number that you can then discard.
Switchup creates secondary phone numbers that you can use for business calls or during certain hours of the day.
You can use the alternative number in business correspondence and signature lines of emails to clients and prospects. In addition, they guarantee some protection against your business phone number being used to harass you after hours.
Limit direct-dial numbers
For outbound calls, Mizenko recommends that businesses configure their caller ID to show all calls originating from a single source – most likely the company’s main number – rather than from individual lines.
The risk of revealing directly to your members is that scammers can use them to infer other numbers within the organization.
“If someone knows your extension, it’s much easier for them to target other individual phone numbers,” he says. “They can use patterns to figure out extensions behind the firewall.”
Once they can do that, they can also configure their caller IDs to spoof another number.
Imagine a call to your finance department from a number that appears to be that of your CEO authorizing a large wire transfer to an anonymous address.
Mizenko also recommends that companies lock down administrative policies on corporate messaging apps, particularly those that accept inbound messages. Anything that comes from outside the company is potentially a path inside your network that can be used to spam you with calls.
Businesses should also educate their employees about how to recognize scam calls.
Warning signs include “robotic speech, callers refusing to verify themselves, calling from international or out-of-state numbers where you don’t do business and those that ask for sensitive company information,” says Nizel Adams, CEO of tech consultancy Nizel Corp.
Personally, I hang up if a caller takes more than two seconds to acknowledge my answer. That’s about how long it takes autodial systems to hand a call off to a human operator.
Could branded calling work?
An intriguing grassroots effort that several private firms are promoting is branded calling.
This technology allows organizations to display their brand name, logo, and reason for calling on mobile device screens.
Research firm The Fast Mode said its research revealed that while only 11% of consumers said they’d answer a call from an unknown number, that figure rises to 30% if the call has a name attached and 50% if it includes a name, logo, and reason for the call.
Uptake on branded calling by carriers has been tepid so far.
Mizenko believes they’ve had their hands full with STIR/SHAKEN and want to see how that will work out first.
In addition, “there’s no industry standard,” he says. “We aren’t playing in the branded calling space now but are looking for partnerships and trying to get an industry consortium together.”
I wish them luck, at least until the robocallers figure out how to compromise branded calling and attach their own fake identities.
In the cat-and-mouse game that is robocalling, it seems the rat is always the big winner.
Copyright © 2022 IDG Communications, Inc.
