If you missed part one, read it here:

https://www.facebook.com/paronichlaw/posts/1236850969980560?__cft__%5B0%5D=AZUIzUtIp6-ircD46-qZQ4uGhgEmyTWcXrjCKZENpiADSzsw_Fx8YbXlpMQ_1-3VnCLz8YBB6e5552c9ZVjMzZ8IoHBL7t8v0yFieHl0jmc2GkpZcpbjb_yrJ6O19654ubZjjCi1HWsy4gG6zNarJGdEL0x1P7LiXIO54cjCWWBMug&__tn__=%2CO%2CP-R

PART TWO

BEFORE YOUNG TASKED him with running down the robocaller, Garvin had not taken much interest in the practice. Robocalls have been around since at least the 1980s, when someone first thought to attach a tape deck to a phone. In the analog age, the hardware was clunky, expensive, and difficult to operate. The tapes had to be rewound, and they eventually wore out. Still, the technology improved, and telemarketers kept promoting their wares. By the early 1990s, Americans were so sick of telemarketers and prerecorded messages that when US senator Fritz Hollings lamented on the Senate floor that the calls were “the scourge of modern civilization,” few challenged the assertion, despite the competing scourges of war, say, or the spread of  AIDS.

Hollings was the sponsor of the Telephone Consumer Protection Act, and he seemed to draw upon personal experience during the legislative debate on the bill: Automated calls “wake us up in the morning, they interrupt our dinner at night, they force the sick and elderly out of bed, they hound us until we want to rip the telephone right out of the wall.” The law was signed by George H. W. Bush in 1991 and limited how and when telemarketers could place calls, focusing mostly on landlines, the dominant technology of the time. Cell phones, still relatively new, were treated like emergency lines and bestowed with special protection.

Then over the next two decades came the internet, cheap data, voice-over-internet protocol, and the deregulation of the telecommunications industry—all a boon to consumers and robocallers alike. Even big, well-known companies got in on it, launching robocall campaigns as a form of mass marketing on the cheap.

Not surprisingly, people complained about being inundated with calls, and in 2009 the Federal Trade Commission enacted the “robocall rule,” which banned most pre­recorded telemarketing calls. There were exceptions, though, for things like political campaigns, charities, and debt collection, meaning your bank can still pester you about unpaid bills and candidates can beg for your vote.

But the law was quickly outpaced and overshadowed by the rapid evolution in technology. Today, a single person in a modestly equipped office can make millions of calls a day by renting some server space, installing off-the-shelf autodialing software, and paying a VoIP provider to transmit calls. Some of the software is open source, and VoIP carriers often advertise a month of free service as a way to entice potential customers. Software companies offer everything you need in one package—a robocall starter kit, available for anyone to buy.

Best of all, it’s cheap: VoIP services cost three-fifths of a penny per minute, and that’s only if the call is answered. Unscrupulous carriers openly advertise their services to those looking to make “dialer/short duration termination calls”—the jargony euphemism for robocalls—and databases of consumer phone numbers are easy to buy. “The technology has gotten so inexpensive that any person can become a robocaller overnight,” says Ian Barlow, who coordinates the FTC’s Do Not Call program. “It’s easy, it’s accessible, and there are no barriers to entry.” Once the software has been programmed to control who to call and when, the robocaller doesn’t even need to press a button to start making calls each morning. The same technology also makes scammers hard to identify and track down.

Little wonder, then, that the United States is awash in robocalls. According to YouMail, a maker of robocall-blocking software, Americans received a record-breaking 47.8 billion robocalls in 2018. That works out to nearly 200 per year for every adult. Unwanted calls are the most common consumer complaint lodged with the Federal Communications Commission, and the trend shows no signs of slowing, despite the pile-on of laws and regulations—the Telemarketing Sales Rule, the Truth in Caller ID Act, and the Telephone Consumer Protection Act, among others—outlawing the vast majority of auto­dialed calls or prerecorded messages, at least those used for marketing purposes. With more than 100 million calls placed every day, robocalling might well be the most ubiquitous, most hated, and least punished crime in the country.

GARVIN SET UP shop in a quiet corner on the third floor of TripAdvisor’s headquarters, flanked by whiteboards and a bay of screens, preparing to track down the mystery robocaller. Garvin is in his early forties, with dark, spiky hair, a soft face, and darting eyes. In conversation, he is calm and self-possessed, even formal, but he buzzes with a tightly wound energy. 

Garvin scoured the web, looking through blogs, forums, and social media for any mention of a similar call. He didn’t have to look very far. Dozens of people were grumbling—or worse—on TripAdvisor’s own forums. “IF I EVER GET A CALL LIKE THAT AGAIN, I WILL CONTACT THE FCC AND I WILL OPEN THE GATES OF HELL ON TRIP ADVISORS,” one person wrote. “NEVER NEVER NEVER NEVER CALL ME LIKE THAT AGAIN. EVER. GOT IT.”

One of his early gambits was simply calling a number that had placed a robocall. When he tried that, though, he found a human on the other end of the line, perplexed as to how their phone number had been used for prerecorded marketing. Eventually he figured out that the robocaller was engaging in a practice called neighbor spoofing—making the calls look as if they were coming from someone living near the intended recipient. For Garvin, it was a dead end.

Hoping he might get lucky and receive one of the robocalls himself, Garvin began answering every suspicious call and spoofed number that lit up his cell phone. He heard dubious alerts about student loan forgiveness, unclaimed lottery windfalls, and tax debt. “I was the only person you will ever meet who was excited to receive a robocall,” he says. He was getting several a day and answering as many as he could, all the while hoping for one that would lead back to the TripAdvisor scam.

The irate stories on TripAdvisor forums seemed like promising leads, except that the details didn’t line up. People who got the same prerecorded pitch on the same day were transferred to live operators who offered different vacation packages at different prices. Garvin and Young felt as if they were “chasing ghosts,” Young said.

Those posts did offer a few clues: The calls came over VoIP and seemed to be a classic bait and switch. If you were on the line, you’d hear a recorded female voice saying that you’d received TripAdvisor credits that could be redeemed for a vacation. The “credits” might be for $999 or $2,000—the amounts differed—but you’d be instructed to press 1 to take advantage of the incredible offer and then be transferred to a live operator. Neither the credits nor the name Trip­Advisor would be mentioned again. Instead, the operator would pitch an unrelated offer: a cruise, a resort, an all-inclusive stay at a beachfront hotel.

Drawing from angry postings and tips on the TripAdvisor forums, Garvin put together a list of all the companies pitching their wares through the fraudulent robocall. He checked the domain registrations and IP addresses of their websites and realized that they all had identical content, shared web hosting servers, and listed the same contact information. They all showed the same white sand beaches and featured images of the same beautiful, sun-dappled tourists. And they all traced back to the Yucatán. Cutting and pasting in Google Translate, Garvin trawled through Mexican business registration documents, time-share websites, and social media postings, mapping out an ecosystem of companies—some legitimate, some less so—that he had never known existed. Now, he thought, he was getting somewhere.

His internet wanderings led to a booming call-center industry in Cancún and surrounding areas connecting American customers with local time-share and resort companies. If these centers were involved in the robocall trade, Garvin wanted to learn as much about them as he could.

Facebook proved a useful investigative tool. One employee posted a photograph of himself posing in the call center. On the wall behind him was a piece of paper listing some sort of information. Garvin zoomed in and could just make out the business name and website address that the center’s operators were to use that day—a lead for observing the scammers in real time. Over the following months, Garvin watched on Facebook as the man in the photo transitioned from employee to manager to entrepreneur, posting ads soliciting staff for his own newly opened call center. Garvin was down the rabbit hole now, snooping from afar on individual employees as they went about their business. He wasn’t sure if these call centers were the ones responsible for the TripAdvisor scam, but the only way to find out was to keep tracking them.

Garvin picked up another clue: TripAdvisor was not the only brand being flogged. The calls also touted exclusive deals for loyal customers of Marriott, Hilton, and Expedia—a “who’s-who of travel companies,” Young says, none of which were actually offering the deals. In his conversations with jilted customers, Garvin found that the trips on offer were probably real but difficult to redeem. When someone tried to book a trip they had purchased, suddenly there were no dates available, or the contact information the business had provided was invalid. The customers who made it through that gauntlet were welcomed to their vacation destinations with long sales pitches for expensive local time-shares. The brand names had drawn people in. “They couldn’t just say, ‘Hey, you interested in a very questionable Mexican time-share situation?’ ” Garvin says.

Garvin managed to recruit some of the irate customers into his army of amateur sleuths. One woman, a nurse from Massachusetts named Kim, was getting 10 or more calls a day for months on end. “I was, oh, I was beyond, beyond irritated,” she says. Finally, fed up, she found the phone number for TripAdvisor’s president and CEO and called to complain. He called right back. “This is not us,” he explained. “This is somebody pretending to be us.” Then he put her in touch with Garvin, so he could debrief her and add the phone numbers she’d collected to his own burgeoning database.

The investigation was moving along. Young and Garvin, along with Amy Rubin, an attorney who was the third constant member of the investigation team, were starting to see where the calls ended up and how people were getting scammed. But they still didn’t know who was making the robocalls—or how to stop them. After more than three months of digging, they decided to ask for help.

https://www.wired.com/story/on-the-trail-of-the-robocall-king/

Stay tuned for part three tomorrow…