Tag: Featured

As the heat rises this summer, so are the number of robocalls! Increasing by a billion from last quarter, we most recently found that in the second quarter of 2018, 5.9 billion robocalls were placed in the U.S. alone.

But along with the growing number of robocalls, was the Neighbor Scam that has now began spoofing not only the first six digits of a consumer’s phone number, but the first five, four and three digits. Compared to Q2 last year, scammers focused on the first five digits this past quarter which had a growth increase of 1675%.

Learn more about Hiya’s Robocall Radar findings for Q2 2018 by clicking the image below for the full report:

Robocall Radar Q2

 

 

Read Full Article

Members of the Hiya team gathered last week at Seattle Business Magazine’s Annual Best Companies to Work Celebration. Hiya was recognized as one of Washington’s 100 Best Companies to Work For, coming in at number 22 in the small companies category.

The evening was spent celebrating with 1200 industry leaders. Hiya, along with other companies received this prestigious award based on the employee satisfaction survey–which included questions focused on work environment, perks, work-life balance, recognition, and many other factors.

We were honored to have our employees there to celebrate, as they are what got us there! Hiya was recognized as one of the top small employer’s in the state – and we couldn’t be more thrilled! We’ll be back next year…

 

Read Full Article

Hiya!

In this post, we’ll be exploring the default blocklist provided on the native Phone app. We’ll discuss how apps can access the blocklist, restrictions on the blocklist and how it’s been implemented.

Baby got blocked 🎵

What is the default blocklist?

The default blocklist provides a light UI to add and remove numbers that you don’t want to receive calls or texts from. Users can add numbers by typing in a number, or by directly blocking/unblocking a number from the caller details page.

Some background

Prior to Android Nougat (7.0), Android users relied on downloaded apps to restrict calls and texts from nuisance phone numbers.

According to Google, “Many of those apps either do not work as desired or provide a less-than ideal experience because there are no proper APIs for blocking calls and messages.”

With the introduction of a BlockedNumberProvider in Android Nougat, users can add numbers to a list of phone numbers that they don’t want to receive telephony communications from (calls, SMS, MMS).

Perhaps there are finally proper APIs for blocking calls and messages! Let’s explore this further:

Accessing the default blocklist

Block phone numbers data flow

The diagram above shows the flow of how applications can access the default blocklist.

  • Any application can launch an intent to the Telecom UI to access the default blocklist. This Telecom UI is the same UI as shown in the screenshot above.
  • Only the default messaging app, default dialer app, or any carrier apps can access the default blocklist.

Huh? So only a few applications can read and write directly to the BlockedNumberProvider? Doesn’t sound like an open API to me. Let’s see if there are any permissions to circumvent this data flow:

Blocklist Permissions

In Android access to system APIs and user sensitive data usually requires permissions. Permissions are divided into several protection levels:

  • Normal: These permissions are granted automatically (accessing internet for example)
  • Dangerous: These permissions require explicit user approval (accessing the camera, or microphone)
  • Signature: These permissions are automatically granted, but only if the app that is using this permission is signed with the same certificate as the app that defines the permission. These permissions are typically not granted for apps that can be downloaded from Google Play.

After looking over the permissions overview on the Android developer site, there doesn’t seem to be a permission that allows an application to read/write to BlockedNumberProvider. However, according to the Block phone numbers data flow, there must be a way for certain applications to read/write directly to this provider.

Let’s dig deeper.

Down. Down. Down.

AOSP

The Android platform is open source. AOSP allows device manufacturers to implement their own custom versions of Android, tailored to their needs. This is why every Android device has a slightly different UI flavor. The underlying functionality for all devices is the same, but presented in a different way per device.

What does this mean?

We can browse the source code and figure out how only specific applications are accessing the blocklist.

Yes!

In AOSP, we can find a list of all the permissions on the Android platform. Here are the permissions to read/write to BlockedNumberProvider:

  • READ_BLOCKED_NUMBERS: A signature level permission
  • WRITE_BLOCKED_NUMBERS: A signature level permission

Huh. Usually, signature level permissions are only granted to apps that come shipped with devices by default, not downloaded apps.

It appears there is no way for us to get access to these permissions through normal means.

More Exploration

For exploratory purposes, let’s assume we can somehow get these permissions. What other capabilities can BlockedNumberProvider offer?

Since BlockedNumberProvider is a ContentProvider, we can use a ContentObserver to monitor the provider for onChange() events. These events are fired when the content provider changes, so that apps can perform actions based on the change.

One possible use case for ContentObserver is to show after-call notifications after a user ends a call. When the phone call ends, we can monitor CallLog.Calls.CONTENT_URI to receive an onChange() event indicating that a change has occurred. From there, we can query the ContentProvider for call logs and figure out the change and display the appropriate notification.

Can we receive onChange events for BlockedNumberProvider by monitoring BlockedNumbers.CONTENT_URI? Sadly, no we cannot.


Usage of the API

The insert() method returns a modified URI, that is not the URI passed in as an argument. The notifyChange() is called with this modified URI.

The delete() method uses this same modified URI. The notifyChange() is called with this modified URI.

Therefore, it’s not possible to use a ContentObserver to monitor the BlockedNumbers.CONTENT_URI for onChange() events, which seems like an intentional decision to limit usage of the API to third-party apps.

Conclusion

For third-party apps, BlockedNumberProvider simply does not provide an open API for developers to block calls and messages, which is a shame considering the open source nature of the Android platform. Developers have been waiting for this feature for quite some time and although Google provides a solution, it has limited use cases and is not meant for other applications to use.

With Android P on the horizon, perhaps this will change. At Hiya, we certainly hope so!

Read Full Article

The Neighbor Scam is a tactic phone fraudsters use to mimic (also known as spoofing) the first six digits of a user’s phone number — the area code and the following three digits — to trick consumers into picking up the phone thinking it’s a neighbor or nearby business calling.

Since the beginning of the year, the Neighbor Scam has made up 56.7 percent of all phone scams that Hiya users have been flooded with in 2018. The number of spoofed calls keeps growing now that scammers have moved on to also spoofing the first five, four, or three digits in the hopes of getting consumers to pick up what appears to be a neighbor’s call.

The data we collected through May also identified the most common area codes being spoofed in the Neighbor Scam:

  1. 602 – Phoenix
  2. 214 – Dallas
  3. 832 – Houston
  4. 210 – San Antonio
  5. 404 – Atlanta
  6. 678 – Atlanta
  7. 704 – Charlotte
  8. 702 – Las Vegas
  9. 623 – Phoenix
  10. 407 – Orlando

Despite it being called the Neighbor Scam, it does not have it’s own particular way of scamming but is more so a technique used to make scam calls we’re all too familiar with (i.e. IRS Scam, Robocalls, Political Scams, Telemarketers).

 

Here are ways you can prevent yourself from becoming the next victim of the Neighbor Scam:

•Despite a number looking local, if you do not recognize it, don’t pick it up and send it straight to voicemail. Anyone who is trying to get a hold of you will leave a voicemail or text.

•If a caller demands immediate payment for services or debt collection that you are not aware of, do not share any personal or financial information and hang-up immediately.

•If an offer sounds too go to be true (i.e. free vacation, interest rate adjustments, refinancing debts), go with your gut feeling because it probably is.

•If you have been a victim or have been targeted by the Neighbor Scam, report the number to the FCC immediately.

 

Read Full Article

In the FCC’s mission to stop the scourge of robocalls affecting consumers across the nation, they’ve successfully issued a $120 million fine on one of the biggest robocall spoofing operations.

Despite the efforts to defend himself and the over 100 million robocalls he made over a time span of three-months, Adrian Abramovich, ran a vacation scam that tricked consumers into answering calls and listening to his sales pitch. The fine was based on 80,000 spoofed calls that the FCC was able to verify.

The FCC originally filed a complaint against Abramovich in June 2017, alleging that he had broke the Truth in Caller ID Act of 2009, which does not allow callers from spoofing information to disguise their identity with intent to defraud, cause harm, or wrongfully obtain anything of value.

 

Read Full Article

With over 300 million customer accounts for the picking, it’s not a surprise that scammers have been targeting Amazon sellers and customers.

Amazon Sellers Beware

Scammers are actively calling Amazon sellers to access their personal accounts. Sellers are asked to log into a fake site with their username and password. This then gives scammers access to their information and account. Scammers will have the ability to damage the seller’s name and reputation by listing fake products, changing their existing offers, and transferring payments to their own accounts.

Amazon Customers Aren’t Safe Either

A popular scam targeting customers, are fraudulent emails from Amazon Customer Service. Amazon customers will receive an email notifying them of questionable Amazon login activity. The email requests that they call an 800 number to reset their account. When the victim calls the number, the scammer directs them to a fraudulent website. The customer is then asked to enter their email address, a code provided in the email, and their Amazon login credentials. Unfortunately, this provides scammers access to the victim’s account, giving them the ability to make fraudulent charges and access to personal information.

Customers should also watch out for Google and Bing search results pulling up fake Amazon customer support phone numbers. When the victim calls the “so-called legitimate toll-free number”, a scammer claims to be an Amazon Customer Service agent. Similar to the fraudulent email scam, they will direct the customer to a malicious website and request they enter their email address, provided code, and Amazon login credentials.  Once again, the scammer now has access to the victim’s account and personal information.

Avoid Becoming A Scammers Next Victim

Here are a few tricks and tips to help you from becoming a victim of any of these Amazon scams:
•Confirm that you are calling a legitimate Amazon number
•If you receive an unexpected call from Amazon requesting personal information, do not give out your Amazon password, credit card number, or financial information.
•If you receive an unsolicited email, do not reply with personal information.
• Never use Amazon.com Gift Cards for payment outside of Amazon.
•Do not provide any gift card details (like the claim code) to anyone you do not know or trust.
•Avoid payment requests for Amazon.com Gift Card claim codes.
•Avoid payment requests to guarantee transactions.
• Avoid offers that seem too good to be true.

 

Read Full Article

Political robocalls fall into two categories legal and illegal. Unfortunately, both types are still on the rise. From candidate mudslinging to requests for donations to survey prize offers, it’s becoming more difficult to differentiate what is and is not legitimate before it’s too late. Scammers will use any tactic to obtain personal information to steal your identity and money.

Quarter over quarter (Q1 2017 to Q2 2018), we’ve seen a 3250% increase in political spam calls. Here is a list of those most common political spams hitting consumers and here’s how you can avoid becoming their next victim:

  1. When you receive a call requesting campaign donations, do not offer-up personal information until you have confirmed the caller is with a legitimate organization.
  2. Callers that offer incentives to take campaign surveys shoudl be seen as a red flag, especially when they request credit card information.
  3. To make sure the political call is legitimate, request they send you information by mail.

 

Read Full Article

Despite how much we’d like to see the number of robocalls drop, the data and trends from our quarterly report say otherwise. Hiya’s quarterly robocall radar report finds that consumers have received over 4.9 billion robocalls on their mobile phones in the first quarter of 2018, with user reports increasing by 10% from Q1 2017 to Q1 2018.

To get a deeper look at Hiya’s Robocall Radar findings for Q1 2018, check out the full report by clicking the image below:

Read Full Article

We are making our way to D.C. on Monday to showcase our many solutions that help consumers combat unwanted robocalls. Hosted by the Federal Communications Commission and the Federal Trade Commission, the Stop Illegal Robocalls Expo will take place on April 23, 2018 from 10 a.m. to noon in the Pepco Edison Place Gallery in Washington D.C.

In addition to Hiya, the expo will feature other technologies, devices and applications that help consumers minimize or eliminate the number of illegal robocalls they receive. The event is free to the public so if you’re in the area, please come by with any questions and comments and we’ll be more than happy to chat with you!

 

Read Full Article

WHO:
Charlotte residents and folks with a 980 area code, have you been receiving a lot of scam calls recently? If you have, you’re not alone. Phone scams continue to plague the nation, and Hiya, the global leader in phone spam protection, recently found a high level of phone scam activity to phones with the 980 area code.

Based on Hiya’s analysis of more than 5.3 billion spam calls each month, scam calls to the 980 area code have increased by 69% in the past month.

WHERE:
In addition to mobile users whose area code is 980, Hiya identified the top cities in the area that are plagued by these scams:

  1. Charlotte
  2. Concord
  3. Huntersville
  4. Kannapolis
  5. Matthews
  6. Monroe
  7. Salisbury
  8. South Gastonia
  9. Statesville

WHAT:
Phone fraudsters use various angles when calling their victims. According to Hiya’s data, the most common types of scams that fraudsters are using to reach Charlotte-area residents are:

  • Fundraising Scam – Scammers focus on specific causes to play on your generosity. Urgent requests for recent disaster relief efforts are especially common on the phone. Others will claim to call on behalf of local police or firefighters.
  • Mortgage Scam – These scams are designed to steal your money or personal information. The scammers ask for an upfront fee, and after the customer pays the fees, the companies usually do not get mortgage loan modifications. People lose money – and in some extreme cases, their homes too.
  • Car Insurance Renewal Scam – Scammers call and make offers about extending the factory insurance for your vehicle. During the call, they ask for personal information. The scammer may have specific information about your particular car and warranty, which makes it easier to think this is a legitimate caller.
  • Financial Debt Scam – These scammers claim to be debt collectors. They have a lot of personal information about the victims. The scammers can be aggressive and pretend to be with a law firm, government agency or police department.
  • IRS/Credit Card Scam – Scammers will call and say they are from the IRS and will ask the victims yes/no questions such as: “Can you hear me?”, “Are you the person responsible for paying the telephone bill?”, or “Are you the homeowner?” If the victim answers “yes,” it is recorded and may be used by the scammer to authorize bogus charges on a credit card.

STAYING SAFE:  
For tips to avoid these calls and what to do if you answer them, check out the Hiya blog. Hiya provides a valuable solution by helping consumers determine whether or not to pick up the phone. This includes identifying legitimate numbers by name as well as identifying and blocking known spam and scam numbers. Hiya provides an industry-first solution available on both its iOS and Android apps to protect consumers from phone scams. Hiya users on Android can manually set up a block for the first six digits of their phone number.

Hiya is available for free on iTunes and Google Play. To learn more about Hiya visit www.Hiya.com.

Read Full Article