Georgia Tech Researchers Bring Transparency to Telephone Blacklists

We've all gotten that call offering us something too good — or too terrifying — to be true: a free cruise, payday Ioan deals, an IRS audit. All they want is your credit card number.

Voice phishing is when scam calls are used to defraud victims through the telephone channel, and it has only increased since the rise of the Internet. While many of us don’t answer calls from unknown numbers or can detect a scam from the minute an operator “adjusts the headset,” senior citizens and new immigrants are often victims.

There is no central regulating agency that keeps a blacklist against these telephone scams. Users must rely on for-profit apps to keep their number safe, but only have their word these blacklists are comprehensive and effective. Georgia Tech researchers are bringing a new transparency to the industry by sourcing their own blacklists and evaluating how effective they were at blocking malicious calls.

“Everyone faces these problems because people are more likely to trust a phone call than an email,” said School of Computer Science Ph.D. student Sharbani Pandit.

The research was presented in the paper Towards Measuring the Effectiveness of Telephony Blacklists at the Network and Distributed System Security Symposium in San Diego from Feb. 18–21. It’s the work of Pandit, SCS Professor Mustaque Ahamad, Tech adjunct and University of Georgia Associate Professor Roberto Perdisci, and phone security start-up Pindrop data scientist Payas Gupta.

The researchers found four data sources similar to what commercial apps use to create their blacklists:

  • user-reported complaints to the Federal Trade Commission, totaling 1.56 million complaints regarding 300,000 phone numbers over a five-month period
  • complaints crowdsourced from the internet, up to 600,000 complaints filed by users over a six-month period
  •  a call detail record (CDR) honeypot that tracks what number a bad call was made from, when, and to which number, resulting in calls from 200,000 source numbers to 58,000 destination numbers over a five-month period
  • honeypot-based call audio recordings, featuring 19,090 audio recordings from 9,434 source numbers during a four-month period

Honeypots are collections of compromised phone numbers dropped by previous users because they were receiving too many bad calls. Pindrop, a startup founded by SCS graduates, built the honeypot used in this research.

The four data sources can be used to automatically learn long-running telephone scam/spam campaigns and create phone blacklists. The data sets were used to generate five blacklists in total.

Once created, the blacklists were evaluated for how effective they were at blocking bad calls. The blacklists were successful about 55 percent of the time, with only a .01 percent false positive rate for blocking calls from legitimate numbers. The blacklist is updated daily, ensuring the numbers are current.

This is just the beginning of this research. Next, they want to block the call before it even reaches the user. In order to do this, they have to learn about the content of the call, which is usually only apparent after the user has picked up the bad call.

“Even if you know a spam call is coming, your phone keeps continuously ringing and you’re bothered,” Pandit said. “So now we’re trying to figure out how to stop that from the content and not just the caller ID.”

The research has shined a light on an industry that was as in the dark as some of the numbers it was trying to block. Yet with more knowledge, the fake free cruises should dwindle.

Core Research Areas: 

Tess Malone, Communications Officer