A machine learning tool could soon detect scam calls as they are happening and alert vulnerable Australians that the caller is not to be trusted.
Researchers from Macquarie University have trained a system that can recognise scam phone calls in real-time based on the structure of the conversation, the language employed, and the attempted appeals to emotion used by professional scammers.
Phone calls are the most common method of scam delivery, according to ScamWatch, with Australians reporting total losses over $100 million in 2021 alone.
Professor Dali Kaafar, Executive Director of Macquarie University’s Cyber Security Hub, said the scam call problem is only getting worse and that our existing telecommunications infrastructure is limited in how well it can filter out calls at the source.
“In Australia we receive about six scam calls per individual per month, which is slightly above what you see in certain European countries,” he told Information Age.
“The financial incentive for scammers is huge because the value for effort is really big for them.
“Even if the filters are blocking some of their calls, and they are hung up on with a lot of the calls that go through, there are still enough people falling victim to the scam to make it worth their while.”
No one is safe
You may think you are immune to scam callers. After all, when people calling from unrecognised numbers say there is an emergency with an account from a bank you don’t even bank with, it’s pretty easy to hang up and go back to your day.
But eventually you might get caught out.
Earlier this year, US information security professional and blogger Natasha L shared a story about being scammed despite her in-depth knowledge of how scams work.
“My own personal takeaway [from this experience] is a humbling reminder that everyone can get scammed, and no one is immune to deception, not even the self-proclaimed experts,” she concluded.
Similarly, Professor Kaafar knows of a post-doctoral cyber security researcher who lost $8,000 in a phone scam.
To help combat scammers, a research team led by Professor Kaafar started downloading the audio of scam calls uploaded to YouTube by scambaiters – accounts like Kitboga and Jim Browning – who deliberately engage scam callers to waste their time and turn the tables on them.
They ran more than 100 hours’ worth of scam calls through an audio transcription platform and parsed the text through language processing programs to clean it up.
They listened to a selection of audio samples in order to categorise different aspects of the scammers’ speech like the pretence that they are an authority figure or their appeals to a victim’s emotions.
Around 500 categories were identified and used to train a machine learning system on exactly what a scam phone call looks like.
Anatomy of a scam
When that system went over the rest of the recorded scam calls, a surprising pattern emerged: the scammers always followed a routine that transitioned through four distinct stages.
“First is the set-up of the trap,” Professor Kaafar told Information Age.
“This varies depending on the subject and strategy, but ultimately every scammer comes with an aggressive or hostile tone and tries to create the impression you are talking to an authority figure.
“In the second stage they immediately switch in terms of emotions and try to impose themselves as someone who is helping you – they use rapport-building conversational language, and very polite social protocol.”
Regardless of how the victim responds, so long as they are still on the phone the scammer moves onto stage three.
“Here they ramp up emotions and reinforce the threat that, if you don’t take immediate action, there will be negative consequences,” Professor Kaafar said.
“This threat stage is completely independent from whatever you are saying.”
Stage four is the payload; this is where they try and extract payment or get a victim to download malicious software – it’s less clearly scripted than other stages but is just recognisable by a machine trained to recognise the hallmarks of a scam.
Professor Kaafar suggested the system could be developed into an app that sits on people’s phones listening to calls.
“It would run completely on your device – this is not about having something on your phone that would be sending data out,” he said.
“You could have this exact model pushed to your device, detecting those known topics and strategies used by scammers to raise flags.
“If it alerts one user who doesn’t know there is a scammer, if stops one call from going further and saves thousands of dollars, that’s a win.”