Skip to content

About YouMail Protective Services

YouMail Protective Services™ is the enterprise services division of YouMail, Inc., a leading provider of solutions that protect your business and customers from harmful phone calls, text messages, and brand impersonation.

For more than a decade, YouMail has tracked and analyzed the results of billions of live calls to millions of real consumers. YouMail has accomplished this with the YouMail Sensor Network, which leverages telephone numbers across the full breath of telephone networks in the United States and Canada. This includes YouMail app users with telephone numbers that reside on the some of the largest global wireless communications companies including AT&T, T-Mobile and Verizon. Contact us to learn more

Prevent phishing and brand impersonation

YouMail PS leverages audio fingerprinting that identify patterns of good/bad behavior.

This and other patented YouMail technology involving proprietary AI and machine learning techniques are employed to identify and distinguish wanted calls versus unwanted robocalls. These technologies, coupled with expert curation and analyst services, identify the intent of unwanted robocalls. This approach dramatically reduces the incidence of false positives, especially pertaining to scoring of fraud and unlawfulness. These technologies, processes and procedures produce actionable, targeted services for mitigation and ongoing deterrence. These results may take many forms including multiple avenues for dealing with bad actors and enabling networks.

Takedown Efforts Require

Gathering evidence via live call data enables sourcing of the bad actor

Identifying the source with appropriate originator sourcing techniques depend on the campaign: STIR/SHAKEN Attestation, Number -> Carrier Lookup and / or Traceback

Takedown can then be accomplished with an organization’s Legal Department, YouMail Fastlanes, USTelecom / ITG or the FCC

Failing to Stop Unwanted Calls is Dangerous.

Unwanted robocalls represent communications attempts that consumers do not want receive, and operators and service provides do not want originating or transiting their networks. Absence of these protections may result in enforcement action that may hold CSPs liable for enabling unlawful communications to reach the public. Brands risk fraud, spoofing, and diminishing their brand.

Frequently Asked Questions

What is brand protection management?
A category of tools that help organizations preserve the value and integrity of their brand. It includes: Web scanning tools that detect misuse of logos, domain names and other assets; Reputation management tools that monitor user postings on social media and other sites; Phishing and voice phishing (vishing) detection tools that monitor use of brand names in attacks via email and phone calls.
What is brand impersonation vishing defense?

While brand impersonation may take place over various communications channels such as email (phishing) or text messaging (smishing), the voice channel is arguably the most engaging and therefore often exploited by bad actors in conjunction with unwanted robocall campaigns. Voice-based phishing (“vishing”) represents a major threat to brands, their customers, and consumers in general as bad actors impersonate brands with ill intent such as identity or credit card theft. Brand Impersonation Vishing Defense refers to a solution from YouMail to identify and stop brand impersonation over the voice channel. YouMail monitors its network of over ten million sensors to identify brand imposters and capture evidential proof in the form of audio from bad actor robocall campaigns. This information is used to inform authorities to stop existing campaigns as well as prevent recurrence from bad actors perpetrating these attacks. YouMail is the only solution provider that the USTelecom Industry Traceback Group (ITG) relies upon to perform tracebacks necessary to accomplish discontinuance of unwanted robocalls and removal of bad actors at the source of brand impersonation.

How do you protect your brand reputation?

Businesses use brand reputation management tools to monitor what is said about their brand on social media, chat sites, and other online media. These services are highly automated and include human and AI-based intelligence that identifies consumer perceptions. They enable the brand to spot trends and respond to any misperceptions.

What is robocall brand fraud?

Robocall brand fraud occurs when a bad actor misrepresents a brand name during a telephone conversation as part of a scheme to gain customer trust and commit fraud. For example, an agent or voicebot may say they are a representative of a recognized brand organization in order to gain access to the customer’s account.

How do you prevent robocall fraud?

Organizations can prevent bad actors from misrepresenting their brand by using content-based robocall analytics engines. These services detect robocall campaigns that misuse brand names and provide traceback data that can be used to shut down the bad actor.

What is a VoIP Gateway Provider?

The first U.S.-based intermediate provider in the call path of a foreign-originated call that transmits the call to another intermediate or terminating provider in the U.S.

What is Know Your Customer?

Know Your Customer (KYC) programs cannot predict the behaviors that an entity will demonstrate when they use a telephone number. Therefore, even the most rigorous KYC process, coupled with STIR/SHAKEN, must be supported by analytics to prevent unwanted robocalls. Given the limitations to KYC, it is important to note that most telephone number owners do not take advantage of registration and behavior monitoring.

What is required for safe voice communications?

Three important things are required to ensure safe communications: (1) Know Your Customer, (2) Authentication, and (3) Monitoring. It's often that last piece that is overlooked or performed sub-optimally.

What is phishing, smishing and vishing?

Phishing represents a tactic used by bad actors in which emails are designed to trick a human victim into revealing sensitive information. Phishing campaigns typically target many recipients at once with a generic, impersonal message, so attacks can be easy to spot. However, a special kind of phishing known as spear-phishing leverages social engineering to target selective people with phishing by sending their emails to specific victims.

Smishing represents phishing via the texting channel. In this type of phishing attack, bad actors attempt to trick unsuspecting victims into providing sensitive information via fraudulent SMS messages.

Vishing represents phishing over the voice channel. Similar to email phishing and smishing, vishing typically involves brand impersonation. In addition, bad actor campaigns typically involve a sense of urgency, compelling their would-be victims to take action lest they suffer some form of financial loss and/or legal issues.

When does 1 + 1 + 1 = 5 (or maybe as much as 10)? This crazy math makes sense regarding the combined effect of domain spoofing, phishing, and vishing. Advanced threat actors increasingly use a multi-modal attack technique in which same or similar messaging is used in coordinated phishing, smishing and vishing campaigns. Industrial psychologists have discovered through reinforcement learning research that humans are more apt to respond to something familiar to them, especially if they have seen and heard the same thing repeatedly.

Why is vishing a greater concern than other forms of phishing?

The voice channel is arguably the most immediate and intimate mode of communications. As opposed to phishing attacks in which the target has time and ability to verify domain and email address, there is a great sense of urgency with vishing and one can typically only base verification on what a bad actor is communicating in real-time.

Everything considered equal, someone receiving an unwanted robocall that leverages brand impersonation and other illegal vishing tactics is much more likely to be tricked than someone that has time and context to scrutinize an email or text message.

While there are many companies that protect enterprise from domain spoofing and DMCA violations, and many others that protect consumers and business against phishing, there is only one company that effectively protects consumers from vishing-based fraud and enterprise from brand impersonation. That one company is YouMail.

Why is STIR/SHAKEN not enough to prevent unlawful robocalls?

STIR/SHAKEN is effective for its intended purpose, but on its own will not stop unwanted robocalls. It has great efficacy for intended purpose but should not be relied upon for anything else. It was never intended to take the place of optimized KYC.

The spirit and intent of the Truth in Caller ID Act must be applied to non-“spoofed” calls. This is especially important regarding the need to monitor the behavior of leased telephone numbers.

What is the leased telephone number problem?

Telephone numbers that successfully receive identity verification, attestation and validation may still be used in conjunction with unwanted (even unlawful) calls. This concern pertains to telephone numbers that receive B-level (or even A-level) attestation. This is a concern for intermediate network operators (FCC compliance with order to not originate or transit unlawful calls) and terminating service providers in terms of end-user protection

Party A (the telephone number owner) sometimes leases directly to Party C (the call originator) and sometimes to the business that is responsible for the robocall campaign (Party "B"). Sometimes Party B and C are the same entity. In either scenario, calls receive STIR/SHAKEN, treatment, yet all too often are associated with illegal calls (e.g. violate the spirit and intent of the Truth in Caller ID Act, even though they are not using spoofed numbers). This is why there is a need for content-based analytics to supplement STIR/SHAKEN and bolster suboptimal KYC and number administration policies. 

How is telephone number reputation different than behavior monitoring?

Reputation is typically manifest in scoring based on how analytics engines see telephone numbers based on what has occurred in the past. Behavior monitoring is future-oriented, focused on observations and analysis associated with telephone number user intent.

What is unique about YouMail PS?

All AEs rely upon deterministic data, such as identification of malformed numbers, non-NANPA numbers, or numbers that do not pass the allocation test. All Analytics engines may also rely upon crowd-sourced data to some degree, which can skew results as may be the case with some instances such as calls involving telemarketing or debt collection.

YouMail Inc. leverages AI, machine learning and content-based analytics to determine normal calls vs. robocalls, legal/wanted calls vs. unwanted/illegal robocalls, and algorithmically score telephone numbers. This information is used by communication service providers, enterprise, and government segments for business optimization as well as unwanted robocall mitigation and enforcement.

Nobody offers what YouMail Inc. has in terms of evidential proof (e.g. ground truth) of what is actually occurring with respect to unwanted robocall campaigns from bad actors, which often rotate through telephone numbers very quickly. This tactic makes it prohibitively difficult to catch illegal calls based on event-based analytics alone.

What is content-based analytics?

In the battle against illegal robocalls, it is important to note that analytics approaches may be defined by two broad categories: (1) Event-based analytics and (2) Content-based analytics.

Content-based communications analytics focuses on what is delivered in the media layer such as audio clips left behind as voicemail by unwanted robocalls. This is in contrast to event-based analytics, which relies upon inferences gained from the signaling layer, such as SIP messages, or other call related data such as answer seizure rates or call hold times.

Why is content-based analytics better than event-based analytics?

In contrast to event-based analytics, which relies upon inferences gained from the signaling layer, such as SIP messages, or other call related data such as answer seizure rates or call hold times, the content-based approach is definitive whereas event-based method is arguably sub-optimal because it relies upon largely a probabilistic approach, which can lead to an inordinate amount of false positive and false negatives.

How is information from YouMail used to support enforcement?

The results from YouMail’s content-based analytics and analysis provides definitive proof of unwanted robocall activity. This is relied upon for evidential proof of wrongdoing necessary to mitigate bad actors (e.g. remove them from networks), and in some cases, support legal actions against bad actors.

Why is vishing a greater concern than phishing?

In terms of the combined effect of domain spoofing, phising, and vishing, people that see (logos), read (narrative), and hear (robocall audio) with consistency and frequency are arguably much more inclined to find the messaging credible.


In just 15 minutes, we can show you the potential risks currently facing your brand and how to remediate the potential damage or reduce risks from fines (or worse) to carrier networks.