What Are Phantom Calls?
The phone rings, you answer, and there’s no one there. Just dead air — and no voicemail message. At its most basic, that’s a ghost call or phantom call.
(These calls differ slightly from silent calls, which tend to involve telemarketing organizations with no agents available to speak to when an automated call has been placed.)
Examination of the caller ID log often reveals an unusual pattern of incoming numbers that include area codes or prefixes such as 100, 1000, or 1001. Because such numbers don't exist in reality, their presence in a call log is almost always an indication that the call originated from a phantom source.
Whatever the source, ghost calls can happen at any time throughout the day, with the most annoying ones often materializing in the middle of the night. They’re annoying, time-consuming, and can be costly.
What Causes Ghost Calls?
There are a number of reasons for phantom calls. At one end of the spectrum are simple “pocket dials” — we’ve all probably done that a few times — or someone accidentally pressing a preset on their cell phone, and then hanging up.
Some ghost calls are due to auto-dialers used by telemarketers and bill collectors. The Federal Communications Commission (FCC) places restrictions on how long auto-dialers can be permitted to ring. A call will automatically disconnect once that FCC time limit is reached, resulting in dead silence on the calling end if the phone is answered.
Finally, ghost calls can come from something called port scanning, which tests for the presence of SIP (Session Initiation Protocol) ports — the central points through which information flows between a program or the internet and a device or another computer in the network — and determines which ports are open and can receive or send data.
Why Should You Be Worried About Phantom Calls?
Because even the most innocent ghost call can cause some headaches.
Let’s start with the most serious threat, port scanning. In 2007, a free popular port scanner was introduced called SIP Vicious. Scary name, but SIP Vicious serves a legitimate purpose. For example, IT administrators and QA teams use it to verify or check their network security policies. Unfortunately, hackers have adopted SIP Vicious to search for potential vulnerabilities in a phone system.
If an attacker figures out how to exploit your system, they can cause a lot of damage. For example, they can clone the phone system they’ve targeted, allowing them to make calls that will be billed to the scanned phone number, while the actual caller remains undetected and, of course, is not billed for any calls they make using the victim's phone number.
Beyond making international calls that can cost you tons of money, these cybercriminals can also disrupt legitimate calls you’re trying to make and/or receive on your system, thus hurting your ability to do business. And scariest of all, they can access passwords and even have a path to attack other devices on your network.
Less spooky are cases where a local number shows in the caller ID. However, when answered there’s a noticeable delay, and then you’re connected to a call center that tries to sell you something — some offer legitimate products, some are scam operations. Talk about a jump scare!
What about the ubiquitous, non-scary pocket dial? Even they can and do cause an inordinate number of 911 calls each year and can also eat up a lot of your time.
How Can You Prevent Ghost Calls?
There are several options open to you to fight or avoid ghost calls, working with your internet service and telephony providers.
First thing is to notify your VoIP service provider immediately, as there are things they can do to help you stop receiving the calls. The phone adapter or SIP port can be changed by the end-user from 5060, the default setting. (It’s important to check with your business phone provider to ensure the SIP messaging option is supported.)
You can disable the “Direct IP calls” setting. And because of its ability to filter port scans from legitimate sources of traffic, using a firewall is a reliable way of blocking ghost calls. Plus, port scan alerts and firewalls can be used to monitor traffic to your ports and ensure malicious attackers do not detect potential opportunities for unauthorized entry into your network.
Quick Note: Beware of This Phantom Call-Related Scam
It’s called the “one-ring cell phone scam,” and it’s been around for years, ebbing and flowing in popularity. In this scenario, overseas scammers use auto-dialers to call primarily cell phones in the U.S. with only one ring. The hope is that the person receiving the "missed call" will be curious and call back right away.
The number is an international toll number that appears as a charge on the recipient’s phone bill. The scammers then receive a cut of the cost of the call. The FCC has issued alerts on this scam since 2014 and regularly issues updated warnings when scammer activity escalates.
Who You Gonna Call?
Definitely not the Ghostbusters — Egon, Venkman, and the gang with their proton packs can’t help with phantom calls.
Vonage Business Communications has systems and solutions in place that focus on these frightful behaviors, like security teams with multiple tools to monitor, mitigate, and address port scanning and other concerns, as well as a fraud team that monitors for scams.
In addition, our product team is working on a robocall mitigation solution, where we look at trust scores based on industry data to flag potential spam. Customers will have the ability to choose what action they want to take — do nothing for calls when they’re relatively confident of the legitimacy of the source; send calls to voicemail so they can be checked; or block calls that are clearly nefarious.
And since VBC is a hosted solution, customers don't need separate products — it’s all built right in. To learn more about how we work to protect the data of both our customers and their customers, contact a Vonage representative.