Gajus - Fotolia

FTC calls out VoIP providers over coronavirus robocalls

The U.S. Federal Trade Commission warned nine voice over IP companies that 'assisting and facilitating' illegal robocalls related to COVID-19 is against the law.

The U.S. Federal Trade Commission called out several voice over IP firms for engaging with coronavirus robocalling scams.

The FTC sent letters to nine VoIP companies warning them that "assisting and facilitating" illegal telemarketing or Robocalls is against the law. "FTC staff have reason to believe that one or more of your customers may be involved in such illegal telemarketing campaigns" related to the coronavirus, the FTC letters state.

The VoIP companies who received the letter include: VoIPMax, SipJoin Holding Corp, iFly Communications, Third Rock Telecom, Bluetone Communications, LLC, VoIP Terminator, INC (also known as BLMarketing), J2 Web Services, INC, Voxbone US LLC and Comet Media, Inc.

There are two components to "assisting and facilitating" the coronavirus robocalls, said Ian Barlow, coordinator of the FTC's Do Not Call Program.

"The first component is providing substantial assistance. In the case of robocalls, providing VoIP and providing telephone number licensing services are both substantial assistance and support, along with numerous other types of support," Barlow said. "The second component is knowledge, or conscious avoidance of knowledge, that such support was being used for acts and practices that violate the FTC's Telemarketing Sales Rule. Some providers in letters we sent, they aren't providing VoIP, they are licensing numbers."

The FTC released the list on March 27, redacting cities, states and countries. On March 30, they reversed the redactions, making the information available. 

SearchSecurity contacted several companies for comment, but only received a response from SipJoin, a company based in Virginia Beach, Va., that offers in-house VoIP services to small and medium-sized businesses as well as wholesale and formed direct relationships with Level 3 Communications, Verizon and CenturyLink.

According to SipJoin COO Barry Augustinsky, the letter was the first they'd heard from the FTC about possible coronavirus robocalling.

"No one from the FTC reached out to say to us, 'Is this legit?' and instead posted a national message. The letter wasn't even a warning, it was more 'What are you doing about this and were you a part of this?' It certainly sounds bad for us," Augustinsky said. "I put a message out to all our vendors because the insinuation is we're doing something incorrect. The FTC only needs a few words to say we're doing something incorrect and it's believed until we can prove otherwise, so it's frustrating when we believe we are attempting to do everything on a legal basis. But I also understand where they are coming from because the amount of scam traffic that's hitting America is ridiculous."

Though Augustinsky says SipJoin gets scam attempts quite often, almost a daily occurrence, he said the company was not aware their service was being used for coronavirus-related robocalls.

"My response to the FTC was while we do things on a daily basis to attempt to prevent scammers, [but] they are coming up with new and creative ways all the time. If we shut them off because we found something, generally they'll find some other U.S. company to work for in the same day," Augustinsky. "It's a constant battle." 

According to Barlow, the fact that the FTC sent a letter does not necessarily indicate a violation of commission rule or statute. "It's a warning letter that their clients or customers are involved in transmitting calls we've identified as illegal. It's not saying 'We know you have knowledge [of the robocalling],'" Barlow said.

To block these illegal calls, SipJoin employs safeguards such as releasing names and internet addresses of scammers to similar companies, with a recording of the calls.

"The problem is some people we sell to are wholesalers and while we filter our customers, sometimes our customers aren't as diligent," Augustinsky said. "We do safeguard, if we find a specific media IP, we have a blacklist, we completely blacklist, so if calls are coming in from one specific customer, we blacklist them and make sure if they go to another customer of ours, it's still blocked in our system."

They block any inbound calls from the 202 area code (Washington, D.C.) from companies that are not tier ones, because this area code is often used for scam calls, and they filter traffic on a weekly basis to search for numbers that are in bulk, according to Augustinsky.

"I don't know if anyone has a safeguard to completely prevent it until it's noticed, then it's easy to say 'Yeah, it's fraud' and shut them down," Augustinsky.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing