Spam or fraud call indication in Webex Calling
Overview of spam detection
Robocalls are calls that are made using autodialing software to deliver pre-recorded messages to the recipient. In order to obtain something of value from their victims, con artists will use robocalls that have a falsified caller ID.
STIR/SHAKEN is being implemented in the networks of service providers in order to protect customers against unwanted calls known as spam. In accordance with the rules established by the FCC, this is already in effect in both the United States and Canada. This assists in identifying suspicious calls, providing users with the confidence to take calls from numbers they are unfamiliar with. The caller-ID verification performed by service providers is beneficial to the end customers.
Understanding the STIR/SHAKEN standard
A framework of interrelated standards, Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) are also included in this framework. This ensures that calls that are traveling over interconnected phone networks have their caller IDs certified as legitimate by the originating service provider, and that the receiving service provider validates these signatures before the calls are delivered to the end users.
The following options are available to terminating service providers to choose from in order to express verification findings using the verstat parameter in the SIP P-Asserted-Identity header:
-
TN-Validation-Passed— Attestation to the calling number was given a result of A, B, or C, indicating that validation was successful. -
TN-Validation-Failed— There was a problem verifying the caller. -
No-TN-Validation— This could be the consequence of a failed verification for a number of different reasons. Take, for instance, the E.164 number, which is faulty.
Attestation levels A, B, and C for the SHAKEN protocol allow the originating service provider to validate their connection to the caller numbers.
-
A: The telecommunications service provider is able to vouch for the caller’s legal entitlement to use the phone number as part of the caller ID.
-
B: The service provider is able to vouch for the fact that the caller is authorized to use the phone number as the caller ID.
-
C: neither condition A nor B can be satisfied by this item. Take, for instance, a call made internationally.
Verstat value and attestation
The verstat parameter that is present in the incoming call is processed by Webex Calling, which then shows the Caller-ID disposition on the Cisco clients.
The following verstat information is displayed in this table for the purpose of driving caller-ID notice to clients:
|
Vertsat value |
Attestation level |
Value that is displayed on Cisco clients |
|---|---|---|
|
TN-Validation-Passed |
Not Provided |
Verified Caller |
|
A |
Verified Caller |
|
|
B |
Possible Spam |
|
|
C |
Possible Spam |
|
|
TN-Validation-Failed |
Any value |
Potential Fraud |
|
No-TN-Validation |
Any value |
Possible Spam |
|
No verstat Parameter |
Any value |
Possible Spam |
Verification of the on-net calls
In addition to calls made through the PSTN, the disposition of Caller-ID for calls made over the internet is carried out in accordance with the following rules:
- On-net call between two users of Webex who have both been verified (shown with an icon).
- On-net call from a user of Cisco Unified Communications Manager to a verified user of Webex Calling (with icon). Calls that originate from an on-premises Cisco Unified Communication Manager user are categorized according to the Caller-ID of the caller, looking for a match with the corporate dial-plan that has been defined.
- On-net call made by a user of Webex Calling to an on-premises user of Cisco Unified Communications Manager; On-Premises Cisco Unified Communications Manager client shows no evidence of the call.
The processing of the verstat value of the initial call leg is used to determine the Caller-ID disposition for mid-call services including Call Transfer, Call Park, Call Pickup, Call Forwarding, and Caller ID. This is done based on the Caller-ID disposition.
The verstat value in the incoming call request is used to determine the Caller-ID disposition when an inbound call to a Webex Calling user is forwarded and the calling number is altered.
Supported devices
Spam detection is supported on the following Cisco endpoints:
-
Webex App—Desktop and Mobile version 42.5 or higher.
-
MPP phones—Supports 6800, 7800 and 8800 MPP devices with firmware version 11.3.7 or higher.
Administrator Configuration
Provision user notification using Control Hub
An administrator has the ability to configure the sending of the user indicator for callers who have not been validated. It is possible for an administrator to set up a configuration that will prevent calls that have failed the STIR/SHAKEN validation. This prevents any potential fraudulent calls from being routed to the endpoint of the user.
Follow these steps in order to configure the organization-level settings for notifications:
1 To begin, go to https://admin.webex.com and then select Calling from the menu on the left.
2 To validate caller ID, go to the Service settings menu and scroll down to that section.
3 Make your selections for the following features by toggling the switch:
-
- Block calls that failed to be validated by the Caller ID system – If this option is activated, all calls that failed to be validated as per the STIR/SHAKEN validation are banned. These calls are not sent to the endpoints associated with the users. On the other hand, the called user’s call history will now include the caller number. This setting is disabled by default for this parameter.
- This option, which is enabled by default, will present calls from unknown callers in the same manner as normal calls. Any calls coming in from callers who have not been confirmed are routed directly to the endpoints without any notification.
- If the PSTN service provider for an organization has STIR/SHAKEN enabled in their network, then the PSTN service provider for the organization can disable this configuration. Calls from unknown callers are flagged as possible spam at the user’s endpoint if the verification feature is disabled.
Configure CUBE for spam indication
In order to ensure that the verstat information is transmitted to Webex Calling, businesses located in the United States and Canada that make use of an on-premises PSTN and are connected to Webex Calling through the utilization of Local Gateway or CUBE are required to setup these settings on CUBE.
For calls from PSTN, where the service provider supports STIR/SHAKEN:
If the PSTN service provider delivers the verstat parameter during the initial setup of a new call, configure CUBE as follows:
The Local Gateway Configuration Guide served as the source material for these tags, which you can see linked here.
Calls will not be adversely affected in any way by using this configuration even if the service provider does not send the verstat parameter.
voice class sip-copylist 300
sip-header From
sip-header P-Asserted-Identity
sip-header P-Attestation-Indicator
voice class tenant 300
copy-list 300
voice class sip-profiles 200
rule 50 request INVITE peer-header sip P-Asserted-Identity copy "(;verstat=[A-Z|a-z|-]+)" u01
rule 51 request INVITE peer-header sip From copy "(;verstat=[A-Z|a-z|-]+)" u02
rule 52 request INVITE sip-header P-Asserted-Identity modify "@" "\u01@"
rule 53 request INVITE sip-header From modify "@" "\u02@"
rule 54 request INVITE peer-header sip P-Attestation-Indicator copy "(.)" u03
rule 55 request INVITE sip-header P-Attestation-Indicator add "P-Attestation-Indicator: Dummy Header"
rule 56 request INVITE sip-header P-Attestation-Indicator modify "." "P-Attestation-Indicator: \u03"For calls from PSTN, where the service provider does not support STIR/SHAKEN:
If the PSTN provider does not send verstat information in the incoming call, the Present calls from unverified callers as normal calls setting on Control Hub should not have its default value changed. Users will notice an alert that they have received possible spam on their clients if the setting is turned off.