Personal and Small Business Technology
This plot of spam calls over time shows the number of spam calls is increasing, but NCID helps to block many calls.

Stopping Robocalls from Rachel at Cardholder Services

Over 80% of the calls on our home phone are spam marketing calls of one type or another. Our home phone line gets frequent calls from “Rachel at Cardholder Services” with a social engineering scam to get your credit card number. Sometimes her name is Carmen or some other name. Of late, the caller ID information has been spoofed--a felony punishable by a $10,000 fine for each violation. Blocking unknown callers doesn't do any good, because most of the scam calls have caller ID information--though the caller ID is bogus. In some case the scammers calling our number have spoofed United Parcel Service, while in others they spoofed a number a few digits off that is used by a residence a few blocks away, and occasionally our number itself. It had gotten to the point that my wife and I were starting to use our cell phones to call one another at home, so I started looking at some solutions, and ended up with a three-layer system that now catches most of the spam calls. The first layer is call blocking at our telco, the second is a service called NoMoRobo, and the third is a low-power computer running a program called Network Caller ID. The article that follows talks about how to implement this and other topics on telephone spam:

Turning on Call Blocking at Telco

The first step was logging on to our telco and searching through the features on our account to find call blocking; our telco allows us to block up to ten specific numbers, or block anonymous calls, but not both. Since most of the calls were coming from spoofed numbers, I checked the box for blocking a specific list and started filling in the numbers off of our caller ID. This step cut the volume of scam calls from 10 per day to 2 per day. The remaining scam calls were mostly ones that were anonymous and did not spoof the caller ID.

For this call blocking, it is probably best to put in at least your own phone number, since this spoofing attack is not likely to be widespread enough to end up in one of the blacklists described below.

Google Voice

In the Google Voice interface, you can block individual phone numbers that have called your Google Voice number. This is an important step, as many of the “Google Listing” spam appears to use Google Voice directly as a way to avoid having Google Voice forward to your external phone numbers.

Change to a Telephone Provider that Supports NoMoRoBo and Other Call Blocking Features

If your telephone provider does not support NoMoRoBo or provide any other call blocking features, consider switching to a provider that does provide call blocking features. Strictly for cost reasons ($30/month) we switched to voip.ms, a voice over IP service (VOIP) that supports NoMoRoBo. Voip.ms also provides a lot of call blocking features that Verizon/Frontier did not offer; it is not as robust as the NCID solutions that I describe later, but it does allow 500 block numbers instead of the 10 or 20 that Verizon/Frontier allowed, and it has the capability to do “regular expressions” for evaluating the caller ID line. The cost will be about $5/month for our typical use, with about $85 in initial costs for hardware and setup.

To make this work on all of the phones in our house, I installed an Obi202 box (about $70 of the $85 total cost)to connect the VOIP line to our home phone wiring. Setting this up requires some technical skills. You should be comfortable configuring IP addresses and opening ports on a router before you attempt this.

There are three caveats to going to a VOIP service:

  • They don’t claim to provide telco level reliability for 911 calls. You can set it up, but you should not go this route unless you have a backup approach for calling 911–a cell phone will do fine.
  • Setting up your outbound caller ID takes some doing, and requires a one-time $10 charge.
  • If you are on Frontier, when you port your number, they will close all of the services on your account including Internet and TV, and the customer service people do not know that two months in to the transfer from Verizon to Frontier. Getting Internet working again will require several calls.

All said, the transfer to VOIP has worked well, and it appears to do a better job of spam call blocking; I think voip.ms is transfers calls to NoMoRoBo faster than Verizon/Frontier, as the hang-up occurs midway through the first ring most of the time, and I think it may actually hang up before the first ring in some cases.

Sign up with NoMoRoBo

The second step was easy and fairly effective. Because the robo-dialer scam problem has gotten so bad, some business have started to help address the problem. Nomorobo is one such service. I’m not sure how they make their money at this point, but I suspect that they will start offering subscriptions or will offer the service through telcos at some point. In any case, my wife signed us up and it works similar to the Network Caller ID (NCID) system described below, but it is much easier to set up. The service is currently limited to phone lines that can ring simultaneously in two places–primarily VOIP. The phone rings once and then Nomorobo looks at the caller ID and hangs up if the number is on their list.

In practice, Nomorobo has hung up on some calls from numbers that were not in my NCID log yet, and in other cases, it hung up on phone calls that were legitimate; there is no way to white-list numbers that I can find. Fortunately, the NCID log is easy to use, so I could recognize the number and call it back.

Not all telcos support NoMoRoBo; in particular Google Voice and MagicJack do not at this writing. See the NoMoRoBo Supported Carriers list in the sign screen to check for yours.

Political Robo Calls

The legislation that requires legitimate telemarketers to honor the Do Not Call list exempts charities and political robocalls. Because NoMoRoBo is an opt-in service, NoMoRoBo has the option to block political robo calls, but you must check off an item in your profile to do so. In practice, it isn’t all that effective at blocking political robo calls, and may be the subject of some manipulation. In a recent primary, NoMoRoBo did not stop many (if any) of the robo calls from PACs on one side of the contest, but it did stop the second and subsequent in-person calls from a resident of my town who was a volunteer for the other candidate. As I maintained my NCID blacklist, it was reasonably effective at blocking the PAC robo calls, b

File a Complaint with FCC

The third step initially felt like a waste of time, but has turned out to be quite important; you should file a complaint on the FCC web site. This may not do anything in the short run, but will help in the longer term; the FTC has actually sponsored a contest for solutions on dealing with “Rachel Robocalls” and now publishes a list of phone numbers associated with complaints. The list is updated monthly, and is very useful; since I installed it on the Network Caller ID server described below, it has caught almost 100% of spam calls. There are Android apps that appear to use this list as well. Filing a complaint with the FCC is an important part of fighting robocalls.

Using Call Tracing to Prepare to Turn over to Law Enforcement

The next step took a little bit more research, and may cost me some money. After a scam call that used a spoofed caller ID (a felony), I pressed *57 which initiates a telephone company trace that is kept for 90 days and which the telco can turn over to law enforcement. Some sites indicate that telcos charge for this while our telco web site is silent about any extra charges for traces. It will take a while to find out whether or not this does anything, and whether or not there is enough information to pass on to law enforcement.

Alternatives for Blacklisting Devices

There are both commercial and open source software devices that will allow you to blacklist specific phone numbers or in some cases patterns. The commercial devices are easier to set up, but don’t necessarily allow you to specify patterns while the open source devices (Network Caller ID) are more flexible but are also more complex to set up. The next sections describe both some commercial devices and an open source device that I am using successfully.

Commercial Devices

I have not used these devices, but they have been recommended in other reviews, and the features are features described are features that I have found to be useful in my NCID set up.

Open Source Devices

Open source software is available for doing call blocking. These can be configured to run on a Raspberry Pi, an old laptop (especially if it has a modem) or any computer that is left running. The adventurous might even be able to get it running on an old router or Western Digital NAS device.

Network Caller ID (NCID)

Network Caller ID (NCID) is a great open source package for setting up sophisticated call blocking. The remainder of this article is dedicated to setting up NCID on a Raspberry Pi low-power server.

Installing Network Caller ID Package and Enabling Blacklist Hang-up

Network Caller ID (NCID) is much more technical than all of the previous solutions, but is by far the most flexible. For users that are comfortable with using the command line, this is pretty easy, but it will be difficult for users that don't regularly use command-line utilities. The open source program Network Caller ID (NCID) allows you to hook up a modem to a phone line and then automatically hang up calls that match rules in a blacklist file. This program will address anonymous calls and repeated spoofed calls simultaneously--something I can't do at through the telco web site. Call blocking at my telco won't allow me to block numbers that have a leading 1, as in 1-xxx-xxx-xxxx where the caller ID spoofers put a 1 in front of the area code. NCID will allow me blacklist these numbers.

NCID is available for Linux, Mac and Windows. To find installation instructions for your particular platform and/or distribution, search on ncid, ncid-client, ncid-mythtv, and ncid-pop. For the most recent versions of Ubuntu, this may be part of the standard repository. There is a binary available on the NCID web site for Cygwin, so it should be possible to run NCID on an old Windows laptop if you don't want to load a Linux distribution, though I have not tried this.

NCID has an app for Android that allows you to send caller ID and SMS text information from your cell phone to NCID and then to your computer display, allowing you to know when your cell phone rings when it isn't right next to your desk. I haven't configured this feature.

NCID won't completely block the call, but will automatically hang up after the first ring if the call matches one of the rules in your /etc/ncid/ncidd.blacklist file.

Installing NCID on a Raspberry Pi Server

For my NCID installation, I used a TrendNet TFM-561U modem which was about $25 at a local computer store. I attached it to a Raspberry Pi low power server that I use for a few utility functions that aren’t computationally intensive. NCID was’t available in the standard Raspian repositories, but I was able to get useful instructions from the NCID web site, but these have subsequently been deleted..

The first step is to download the .deb packages for your architecture from Sourceforge and then use dpkg or gdebi to install the .deb packages:

gdebi ncid_1.8-1_armhf.deb gdebi ncid_gateway_1.8-1_armhf.deb

or

dpkg -i ncid_1.8-1_armhf.deb dpkg -i ncid_gateway_1.8-1_armhf.deb apt-get install -f

Originally, I ended up having to use the gdebi package to install NCID, but have successfully used dpkg. Gdebi attempts to do more resolution of package dependencies than dpkg, and has a reputation for doing a less brute-force job than apt.

Configuring NCID

To use NCID, you have to configure /etc/ncid/ncidd.conf to make a couple of changes to turn on blacklist call hangup and configure your modem:

  • Uncomment the line for set ttyport = /dev/ttyACM0 to enable the TrendNet modem. Which line you uncomment or change will depend upon your platform, distribution and modem type.
  • Uncomment the line for set hangup = 1 to cause NCID to hang up on calls that match a black list.
  • I did not need to modify the init string for the modem, but one article reader had to add AT+VCID=1 to the modem initialization.

Configuring the NCID Blacklist

To start hanging up on anonymous and blacklisted numbers, I made the following changes to the /etc/ncid/ncidd.blacklist file:

  • Added the following rules to block anonymous calls that we had received:
    ^UNKNOWN ^unknown ^Unknown ^No Caller ID ^OUT-OF-AREA ^UNAVAILABLE ^CONSUMER SVCS ^DMCR ^RING ^000

    "OUT-OF-AREA" has blocked some legitimate calls from Google Voice numbers. I had to add these numbers to the /etc/ncid/ncidd.alias file.

  • To block specific spoofed numbers, I added those as a number format without spaces:
    9999999999 19999999999

    Make sure to include numbers both with and without the preceding 1 for long distance.

    • If you have problems with NCID hanging up on ALL calls, look in your ncidd.blacklist for something like

    ^"any string"

    as this appears to cause it to hang up on all calls.

    You should download and format the FTC complaint list as described in the related article Download and Format the FTC Robocall Complaint List for NCID. This list has caught almost 100% of robocalls since I installed it on my NCID server in early November, 2015.

    Installing and Configuring NCID Clients

    Although we now have caller ID on all of our phones, I wanted to have it display on my computer terminal. For this I downloaded and installed the NCIDPop package for Mac OS X. The first time it came up, it brought up a configuration dialog where I had to put in the IP address of the Raspberry Pi server that had the modem attached to it. NCIDPop also has a feature where it can use the say text to voice command to read the phone number to you. In some cases, this is annoying, but in others it is useful.

    The NCID Android application can optionally transfer calls on your Android phone to the NCID server. This can be useful in keeping track of robo callers and adding them to the black list. There are a number of other features that I'm not using at this point.

    It was nice to be able to put caller ID on all computers using only one modem.

    Results from Installing NCID

    After installing Network Caller ID, it took me a few days of adding rules for various marketing robo dialers. After five months, I probably spend about two minutes per day adding new spam phone numbers to the ncidd.blacklist file.

    At this point NCID is automatically hanging up on about 50% of all robo dialer calls and is allowing almost all legitimate calls through. NoMoRobo catches a few that NCID does not, and both miss about 10-20% of the spam calls. NCID hung up on two legitimate calls that I can't figure out what rule caused the hangup. I have programmed it to hang up on all calls that come in without caller information including "OUT OF AREA"; this is a problem for Google Voice and other voice over IP (VOIP) telephone numbers and has blocked a small number of legitimate calls. You can avoid this for specific numbers by putting the number in the /etc/ncid/ncidd.alias file.

    Results from NCID and NoMoRoBo

    ## Error in `[<-.data.frame`(`*tmp*`, combinedDf$NCID_Action == "Allowed Call Through" & : missing values are not allowed in subscripted assignments of data frames

    As calls come in during the month, I add all spam calls that got past NCID into the NCID blacklist. The number of valid calls can be calculated by joining the NCID blacklist file with the NCID call log on the phone number as shown in Figure 1. The average numbers are annoying:

    • About 2.9 calls per day are valid.
    • About 0.098 spam calls per day are stopped by NCID based upon the local blacklist phone number (after November 1, 2015).
    • About 0.15 spam calls per day are stopped by NCID based upon the FTC complaint list (after November 1, 2015).
    • About 0 calls per day are spam calls that are either blocked by NoMoRoBo or get through to ring multiple times.
    • After February 2015 83% of calls were valid, while 17% were spam calls.

    It is important to note in Figure 1 that many of the calls are labeled as “NoMoRoBo or Pass-through Spam” are stopped at one ring by NoMoRobo. Unfortunately, I don’t have a way to identify these; I may eventually look at the NCID code to see if there is a way to identify calls that only ring once, and use a different code in the /var/log/cidcall.log file.

    In early 2016, the phone line was ported from Verizon to a VOIP provider. This broke the NCID installation, but also caused NoMoRoBo to be more effective; the VOIP ring was delayed a few tenths of a second, allowing NoMoRoBo to block the call before the VOIP line rings and NCID blocks the call. The increased effectiveness of NoMoRoBo was a disincentive to fix NCID, and thus much of the data for 2016 is missing.

    Because specific numbers were calling frequently, it became worthwhile to block a small set of numbers in the VOIP provider’s filter. The dramatic drop in call volume on October 24, 2018 is due to this block list. The logging capability in NCID was extremely useful in coming up with the list to block.

    Figure 1. Call history showing effectiveness of NoMoRoBo, FTC Complaint List and local blocking with NCID.
    Figure 1. Call History Illustrating Blocked Robot Dialer Calls After Installing Network Caller Identification (NCID)

    Related Articles

    For additional information, you may be interested in other articles on NCID and stopping phone spam:

    Details
    Category: Personal and Small Business Technology
    Hits: 114368