What's with all the phone spam?

I've had the same phone number forever, and had been living in a state of grace where I would get a robocall or SMS spam maybe once every couple of months. Until about a year ago, when it ramped up to 3 to 5 per day.

I never give out my number to businesses (except for 2FA), and rarely even give it to co-workers. Any time I fill out a form, I use the DNA Lounge infoline, 415-626-1409.

But halfway through lockdown, the robots found me, so obviously my cell number is out there in some database now. Do I have any effective recourse?

I have been using Abine DeleteMe for years, and it works pretty well, especially for reducing physical spam. The only glossy garbage that appears in my mailbox is from politicians and realtors. (Realtors: the cockroaches of commerce.) But it's certainly not helping at all with this phone situation. And we know the Do Not Call Registry has always been a joke.

Infuriatingly, the ACLU just sent me a text message, and I am 100% certain that in my decades of donating to them, I have never once given them this phone number.

So somehow they purchased it and correlated it from some other database, and I am offended.

I never answer the phone, least of all from unknown callers, but it's still annoying. Especially the texts.

Previously, previously, previously, previously, previously.

Tags: , , , , , , ,

50 Responses:

  1. random local number says:

    Hello. We've been trying to reach you regarding your expiring car warranty.

  2. o.o says:

    I hate to be one of those "Following." d-bags, but here we are. I'm in the same boat and it's driving me crazy. No, I don't really care about random shady house party, thanks. I recently switched from Android to iPhone, and at least with Android I could report spam texts. If there's something to do that would actually help, I'm all ears.

  3. Mark Gardner says:

    STIR/SHAKEN was supposed to at least curtail spoofed robocalls. I don’t know what the telemarketers are doing now, and it doesn’t appear that the protocol addresses SMS.

  4. saxmaniac says:

    I blame the 2FA. A few years ago, I realized everybody and their mother wanted my cell phone for this. So I went back and scrubbed my number from nearly every account I had, replacing it with a Google Voice number. Sure enough, that’s where the spam shows up. GV has a spam blocker, too.

    Anyway, too late, yeah, I know. Still recommended to sanitize any future lines. Also saved my ass when I lost both my phone AND wallet. I could 2FA by logging into GV.

    So, now.

    One easy move is nomorobo, which saved my landline from being a fetid pile of spam. Free service, but they charge for mobile. And no help for SMS. Then clean up your 2FAs as above for future proofing.

    Last option is to GVize your cell number by porting it over, and get a new physical cell #. Then, use their spam blocker and let it forward to your new number. That’s likely the only workable solution, and you still own your number and can (theoretically? Still?) port it elsewhere.

  5. MattF says:

    I use Nomorobo, which catches about half of my landline robocalls. Most of the remaining calls leave no message, leaving a couple of fake Amazon ‘someone just charged $599.99 to your account’ warnings.

    • jwz says:

      My voicemail has been "the customer you are calling has not configured their voicemail" for at least two decades.

  6. Unxmaal says:


    I played the "Intercept" Special Information Tone (the tone before "this number has been disconnected or is no longer in service") twice at the beginning of my voicemail greeting.

    I've gone from spam calls 4-5 times a day to once or twice a week.

    • jwz says:

      Yeah but there's no way to have an outgoing voicemail greeting and also disable the ability for people to record messages, and I absolutely do not want people to leave voice messages for me ever. That's what SMS and email are for.

      • Duality K says:

        But if you fill up your own mailbox with messages, your mailbox will be full, and no one can leave you messages, leading to the same outcome...

        (Eddie Murphy tapping forehead gif)

      • Aristotle says:

        Yeah, I came to suggest just letting the voicebox fill up, too, that’s if it isn’t configurable as to whether to take messages. If you have configurable limits on it, dial them all the way down to make it fill up sooner. And to avoid any legitimate caller ever leaving a message and assuming you’ll hear it (even within the first handful of calls until it runs full), leave yourself the 20 long messages or whatever it takes to stuff it.

      • saxmaniac says:

        I think GV let me set my greeting to 5 minutes of silence. Haven’t checked in 8 years. If someone is that patient then maybe they can leave a message.

      • Ingvar says:

        Once upon a time, I had a phone answering machine on my landline that basically stated "not available, if you have the mobile number you can try calling that" and then hung up (it had a "answer, but don't take a message" mode). It is disappointing that mobile voicemail services have not yet reached this level of feature-parity.

        • Benjy says:

          We never use our landline (I only keep it as a platform for broadband). None of the phones even ring. And the outgoing message says something like "We don't take calls on this number, call our mobiles". Works well!

      • Adolf Osborne says:

        There is, though. Sort of.

        Conditional call forwarding. On VZW, it's *71+number. This forwards calls that you don't answer to a number of your choice instead of dumping them into your carrier's own voicemail system.

        Put the tones (or whatever) at the beginning of the DNA Lounge Info Line, or some other number that only plays outgoing announcements.

  7. Eric says:

    What I want is some kind of phone-based chatbot where I could forward these calls to waste their time.

  8. Not Frank says:

    While I am certain not all of what you receive is such (e.g. ACLU annoyance), I'm pretty sure they're brute forcing numbers as well, both for SMS and calls. Definitely they seem to have started abusing the email-to-SMS gateways for very random spam (that still largely gets flagged).

    • Ben says:

      Prompted me to do the math: there's 320 area codes, so about 3,200,000,000 phone numbers. There's about 300,000,000 cell phones in the US. So any random number has a 9% chance of being an actual person's actual phone, which is an incredibly high hit rate.

      • bmj says:

        We can probably assume that there is a service that does this dirty work, and simply sells valid phone numbers to spammers, right?

      • Eric TF Bat says:

        In keeping with the American tradition of doing things first and doing them worst (see also: electricity, health system, credit cards, interstate commerce, taxation, democracy) the US seems to have some pretty horrific flaws in its phone numbering system. Australia, of course, took the opportunity to learn from the example of other nations, and now has a much more predictable system: if your phone number starts with 04, it's a mobile (cell) phone; otherwise it isn't. That means picking a random number for text spamming is as simple as printf("04%08d",random(0,1e9-1)). Wikipedia will even helpfully tell you which subranges of numbers are still unallocated.

        I had a look, and you guys are totally stuffed when it comes to predictability of phone numbers. I thought maybe you could improve on the 9% by applying a bit of logic to weed out landlines and unallocated numbers, but it looks like that's all Too Hard.

        But that utterly whacked system where you pay to receive texts in some cases means there's no downside really to just randomising.

        • Ben says:

          Yeah, I currently live in Cyprus and they have a similar system. All Cyta (government telecom) cell numbers are in the 99 area code, so you can easily tell when you're being called from a cell. But the number after the area code is six digits long for a country of less than a million people. So even with a cell-phone-only area code the odds of randomly hitting a mobile are slightly worse than in the US.

          If by electricity you mean ERCOT etc, I agree, though it's less stupid than Japan's grid. If you mean the voltage/frequency/plug, it's drastically better in the US than it is here with the UK setup.

      • PJ says:

        ...and the actual number of phone numbers is less than that because in 'NXX', the N can't be 0 or 1 (it'd break 7-digit vs 10-digit dial detection for old phones). Which makes it ~2.56e9 phone numbers, which gets the odds close to 12%. Which is, indeed, incredibly high.

        • jwz says:

          There are also far fewer than 1000 area codes, and there are a bunch of other exceptions on the last 4, some of which vary regionally, but yeah. Oh, and since the security on caller ID is still at the "Razor and Blade present Hack the Planet" level of security, sometimes I get calls from my-area-code + my-prefix + random-4. I guess they think that if you see something that looks similar to your own number, it will trigger recognition?

          • Not Frank says:

            I will simply say that I have received a spoofed call where the spoof pops up as someone my-area-code + my-prefix in my contact list... while standing next to them, with their cell out but not in use. I showed it to them, of course, because it was pretty funny.

          • Joe Luser says:

            yes. mobile family plans are often a sequence of numbers. spammers hope you will think it's your kid/parent calling

    • Seamus says:

      Brute forcing within a valid number range that was allocated to a mobile operator I'm thinking. Doesn't the FCC publish this information? Communications regulator in my EU country does.

    • Matt says:

      As somebody that works in a room with about 50 land-line phones with consecutive numbers (555-123-1801, 555-123-1082, etc.), I can confirm: they often just iterate through all 10,000 line numbers in a given exchange, one after another. No smarts at all, no list of harvested phone numbers, pure brute force.

  9. Jered says:

    Same, same. No solid answers, only informed speculation:

    1) AT&T customer records were leaked; I get personalized and aggressive "we're going to close your account due to too much spam" messages which have breadcrumbs referring to an AT&T subscriber list.

    2) The model has changed from "annoy people to buy semi-legitimate product or service" to full-on scams and fraud. This spam has a lower activation energy.

    3) Fraud content disables the only semi-useful tool that existed: the private right of action under the TCPA. I collected a few thousand dollars in small claims court from spammy businesses back in the day.

    4) Twilio (etc) remove the only remaining friction to fraud spam content by providing flood-level access to text messaging with zero customer verification. Most of the spam messages link to sites registered via Namecheap and hosted via Cloudflare. All of the vendors who see "zero traceability = moar profit" are deep facilitators of this problem. (This is a double-edged sword.)

    5) The carriers don't care. They don't have to... they're the phone company. AT&T will gladly SELL YOU spam blocking for an additional $4.99/month (if it works).

  10. Eric TF Bat says:

    This has been a thing in Australia for the last three or four months, making it into dead tree news articles and generally causing resigned sighs. Verdict here seems to be that they're just randomising phone numbers, since all mobile numbers in Oz start with 04 and then eight digits. Wikipedia even has a helpful article about which number range matches each provider.

    US numbers are less predictable, yes? Is it nevertheless possible that they're just randomising? What happens there if you send a text/SMS/etc to a landline number?

    • freiheit says:

      Despite the 10 digit thing, US phone numbers are still quite predictable. First 3 digits are a zip code, that translates to a region, and is super widely available. Second 3 digits are sets that go to "central offices", narrow down to a city, can tell you whether a number is a landline or a cellphone, and only a little harder to get a complete list. Then the last 4 is where they'd have to be guessing in.

      • jwz says:

        Your info is from the 1960s. It's "area code", not "zip code", and that actually translates to "where you lived when you were 13". These days next 3 are allocated essentially randomly, except for certain digit restrictions. And there's no way to tell land line from cell apart by the number alone. Number portability has been a thing for decades. My cell number started its life as a land line.

  11. CdrJameson says:

    It could just be random number spam, and once they think they have a hit it goes on a list.

    One of the UK consumer organisations (Which??*) ran a test recently where they got a fresh phone from each network and never used it. Half of them got spam texts within a few days.

    *I can't find a link to it, because functioning internet search is sooooo 2005.

    • phuzz says:

      About twenty years ago I was skint so I did a couple of shifts at a place selling double-glazing in the UK, and their phone lists were just brute forcing every possible number. 01234 123 123 followed by 01234 123 124 etc.
      Probably easier to do with landlines, I'm guessing a lot of mobile numbers belong to devices with mobile connections, although come to think of it, maybe phoning someone's Tesla about it's own extended warranty would cut out the middle man?

  12. GhostInAJar says:

    I've started a psyop to wear down their morale. Every call "What's your vehicle year and model?" Me: "Why it's a 2010 What would your mother think about what you're doing for a living?" or "How do you sleep at night making people miserable all day?" or "There's never been a better time to get a legitimate job, everyone is hiring." Funny thing is no one seems to appreciate my advice...

    • Joe Luser says:

      they're in a "shithole country" and probably doing the best they can. not making excuses for anyone -- there are certainly people who need to be hung from their thumbs and beaten with iron bars -- but it's not the people who are on the phone with you

  13. Carlos says:

    I, too, get random-number voice and text spam.

    I've never given this number to anyone except it's on an internal corporate wiki page for on-call contacts, and is only ever (rarely) dialed by a human hand in the ops center. It's not in anyone else's contact lists because I don't use it for anything but work pages.

    So they probably get every number, at least in the NANP, eventually.


  14. SKSSF says:

    same here with the ACLU on my business line, which can accept texts, but cannot send responses to SMS short codes. so for YEARS i've been trying to get off the ACLU's text list with no luck. also, thanks RingCentral for not enabling texts to SMS short codes!

  15. Nick Lamb says:

    Where are you needing SMS 2FA? Everything about that is awful. Inconvenient to use, useless or worse than useless against many threats, reveals a contact method you'd rather not give out, I can see why Facebook liked it but I can't see why you'd choose to put up with it. I think in most cases if it's SMS 2FA or nothing I'll take "nothing" thanks.

    • jwz says:

      These days there are very few sites that I use that still only take SMS 2FA, but there was a good four year stretch there where it was very common, and so the damage is done. Those fuckers all have my number now, and we know they never delete anything.

      I think the last holdout that I actually care about that still does not support TOTP is my fucking bank.

      Oh, and eBay. They only support non-SMS 2FA via their custom iOS app, and fuck that spyware shit.

      • Not Frank says:

        That your bank -- like just about all of them -- doesn't support TOTP is that delicious combination of incredulity and lack-of-surprise that characterizes entirely too much of the last twenty years.

        • tfb says:

          If your bank has leaked your phone number you probably have ... more serious problems than phone spam. Yes, TOTP is better, but probably they're not what's leaking this.

          • jwz says:

            Well the point is that you'd sure like your bank account, of all things, to be protected with something that isn't susceptible to SIM hijacking.

            • tfb says:

              Yes, absolutely you would. But it's likely that they aren't the root of the phone spam, is all.

              (Ebay has less excuse though: banks are entirely made of legacy crap, ebay really shouldn't be.)

  16. Infuriatingly, the ACLU just sent me a text message, and I am 100% certain that in my decades of donating to them, I have never once given them this phone number.

    This year, I finally got fed up with the nagging and various dark patterns and dramatically cut back on my ACLU donations. I wish they would be more like the EFF, who sends me a hoodie, a receipt, and damn near nothing else.

  17. Casaubon says:

    "Sell us your house! We'll pay you $200,000 to sell us your house!"

    NO. Fuck you.

  • Previously