While brand impersonation may take place over various communications channels such as email (phishing) or text messaging (smishing), the voice channel is arguably the most engaging and therefore often exploited by bad actors in conjunction with unwanted robocall campaigns. Voice-based phishing (“vishing”) represents a major threat to brands, their customers, and consumers in general as bad actors impersonate brands with ill intent such as identity or credit card theft. Brand Impersonation Vishing Defense refers to a solution from YouMail to identify and stop brand impersonation over the voice channel. YouMail monitors its network of over ten million sensors to identify brand imposters and capture evidential proof in the form of audio from bad actor robocall campaigns. This information is used to inform authorities to stop existing campaigns as well as prevent recurrence from bad actors perpetrating these attacks. YouMail is the only solution provider that the USTelecom Industry Traceback Group (ITG) relies upon to perform tracebacks necessary to accomplish discontinuance of unwanted robocalls and removal of bad actors at the source of brand impersonation.

Businesses use brand reputation management tools to monitor what is said about their brand on social media, chat sites, and other online media. These services are highly automated and include human and AI-based intelligence that identifies consumer perceptions. They enable the brand to spot trends and respond to any misperceptions.

Robocall brand fraud occurs when a bad actor misrepresents a brand name during a telephone conversation as part of a scheme to gain customer trust and commit fraud. For example, an agent or voicebot may say they are a representative of a recognized brand organization in order to gain access to the customer’s account.

The first U.S.-based intermediate provider in the call path of a foreign-originated call that transmits the call to another intermediate or terminating provider in the U.S.

Know Your Customer (KYC) programs cannot predict the behaviors that an entity will demonstrate when they use a telephone number. Therefore, even the most rigorous KYC process, coupled with STIR/SHAKEN, must be supported by analytics to prevent unwanted robocalls. Given the limitations to KYC, it is important to note that most telephone number owners do not take advantage of registration and behavior monitoring.

Three important things are required to ensure safe communications: (1) Know Your Customer, (2) Authentication, and (3) Monitoring. It's often that last piece that is overlooked or performed sub-optimally.

Phishing represents a tactic used by bad actors in which emails are designed to trick a human victim into revealing sensitive information. Phishing campaigns typically target many recipients at once with a generic, impersonal message, so attacks can be easy to spot. However, a special kind of phishing known as spear-phishing leverages social engineering to target selective people with phishing by sending their emails to specific victims.

Smishing represents phishing via the texting channel. In this type of phishing attack, bad actors attempt to trick unsuspecting victims into providing sensitive information via fraudulent SMS messages.

Vishing represents phishing over the voice channel. Similar to email phishing and smishing, vishing typically involves brand impersonation. In addition, bad actor campaigns typically involve a sense of urgency, compelling their would-be victims to take action lest they suffer some form of financial loss and/or legal issues.

When does 1 + 1 + 1 = 5 (or maybe as much as 10)? This crazy math makes sense regarding the combined effect of domain spoofing, phishing, and vishing. Advanced threat actors increasingly use a multi-modal attack technique in which same or similar messaging is used in coordinated phishing, smishing and vishing campaigns. Industrial psychologists have discovered through reinforcement learning research that humans are more apt to respond to something familiar to them, especially if they have seen and heard the same thing repeatedly.

The voice channel is arguably the most immediate and intimate mode of communications. As opposed to phishing attacks in which the target has time and ability to verify domain and email address, there is a great sense of urgency with vishing and one can typically only base verification on what a bad actor is communicating in real-time.

Everything considered equal, someone receiving an unwanted robocall that leverages brand impersonation and other illegal vishing tactics is much more likely to be tricked than someone that has time and context to scrutinize an email or text message.

While there are many companies that protect enterprise from domain spoofing and DMCA violations, and many others that protect consumers and business against phishing, there is only one company that effectively protects consumers from vishing-based fraud and enterprise from brand impersonation. That one company is YouMail.

STIR/SHAKEN is effective for its intended purpose, but on its own will not stop unwanted robocalls. It has great efficacy for intended purpose but should not be relied upon for anything else. It was never intended to take the place of optimized KYC.

The spirit and intent of the Truth in Caller ID Act must be applied to non-“spoofed” calls. This is especially important regarding the need to monitor the behavior of leased telephone numbers.

Telephone numbers that successfully receive identity verification, attestation and validation may still be used in conjunction with unwanted (even unlawful) calls. This concern pertains to telephone numbers that receive B-level (or even A-level) attestation. This is a concern for intermediate network operators (FCC compliance with order to not originate or transit unlawful calls) and terminating service providers in terms of end-user protection

Party A (the telephone number owner) sometimes leases directly to Party C (the call originator) and sometimes to the business that is responsible for the robocall campaign (Party "B"). Sometimes Party B and C are the same entity. In either scenario, calls receive STIR/SHAKEN, treatment, yet all too often are associated with illegal calls (e.g. violate the spirit and intent of the Truth in Caller ID Act, even though they are not using spoofed numbers). This is why there is a need for content-based analytics to supplement STIR/SHAKEN and bolster suboptimal KYC and number administration policies. 

Reputation is typically manifest in scoring based on how analytics engines see telephone numbers based on what has occurred in the past. Behavior monitoring is future-oriented, focused on observations and analysis associated with telephone number user intent.

All AEs rely upon deterministic data, such as identification of malformed numbers, non-NANPA numbers, or numbers that do not pass the allocation test. All Analytics engines may also rely upon crowd-sourced data to some degree, which can skew results as may be the case with some instances such as calls involving telemarketing or debt collection.

YouMail Inc. leverages AI, machine learning and content-based analytics to determine normal calls vs. robocalls, legal/wanted calls vs. unwanted/illegal robocalls, and algorithmically score telephone numbers. This information is used by communication service providers, enterprise, and government segments for business optimization as well as unwanted robocall mitigation and enforcement.

Nobody offers what YouMail Inc. has in terms of evidential proof (e.g. ground truth) of what is actually occurring with respect to unwanted robocall campaigns from bad actors, which often rotate through telephone numbers very quickly. This tactic makes it prohibitively difficult to catch illegal calls based on event-based analytics alone.

In the battle against illegal robocalls, it is important to note that analytics approaches may be defined by two broad categories: (1) Event-based analytics and (2) Content-based analytics.

Content-based communications analytics focuses on what is delivered in the media layer such as audio clips left behind as voicemail by unwanted robocalls. This is in contrast to event-based analytics, which relies upon inferences gained from the signaling layer, such as SIP messages, or other call related data such as answer seizure rates or call hold times.

In contrast to event-based analytics, which relies upon inferences gained from the signaling layer, such as SIP messages, or other call related data such as answer seizure rates or call hold times, the content-based approach is definitive whereas event-based method is arguably sub-optimal because it relies upon largely a probabilistic approach, which can lead to an inordinate amount of false positive and false negatives.

The results from YouMail’s content-based analytics and analysis provides definitive proof of unwanted robocall activity. This is relied upon for evidential proof of wrongdoing necessary to mitigate bad actors (e.g. remove them from networks), and in some cases, support legal actions against bad actors.

In terms of the combined effect of domain spoofing, phising, and vishing, people that see (logos), read (narrative), and hear (robocall audio) with consistency and frequency are arguably much more inclined to find the messaging credible.