Collaged figures conversing over phone
  • Scammers are spoofing the Centers for Medicare & Medicaid Services' toll-free hotline number to swindle unsuspecting seniors.
  • The calls appear like they're coming from 1-800-MEDICARE, but are actually coming from overseas swindlers.
  • The problem, in part, can be stopped but it's up to the government to take action.

"Hello, this is Jennifer calling from the Medicare office," began a scammer using Medicare's phone number in one recording from a honeypot. "How are you?"

"Do you have a Medicare health insurance card," another asked before later adding, "What's your card number?"

Neither of these calls actually came from Medicare. In fact, they likely originated from scammers operating overseas — in January alone, an estimated more than 36 million Medicare robocalls were sent to US phone lines. The influx of these calls may seem relatively benign, but they're a part of a larger scam to defraud taxpayers and the federal government.

Defrauding the system

Aaron Foss is the CEO and founder of Nomorobo, a premium service that screens users' calls to prevent them from ever making contact with the phone scammer. In addition to screening others' calls, the company has also amassed an arsenal of 350,000 "honeypot," or decoy phone lines, built with the express purpose of sitting and waiting to receive spam calls.

These honeypots comprise only a sliver of the total number of US phone numbers but provide valuable insights into how robocalling scams operate. Companies will call millions of phone lines in an attempt to engage with just a tiny handful of unsuspecting marks. While the response rates are "abysmal" and receive a "tenth of a percent response rate," Foss said in 2021, the schemes are cheap and work.

Every day, the honeypot numbers get inundated with calls from scammers purporting to be from Medicare. Many of those calls spoof the services' "1-800-MEDICARE" (1-800-633-4227) hotline in the phone's caller ID. Call spoofing is a serious problem as it pertains to phone spam, as scammers are very easily able to change the apparent origin of their calls to add credibility to their grift. 

A spokesperson for the Centers for Medicare & Medicaid Services explained to Insider that the end goal for the scammers spoofing the 1-800-MEDICARE line is to pile up charges to Medicare and steal the victim's identity.

"Many seniors are targeted by scammers who want to steal their Medicare numbers to do things like rack up fake health care charges and commit identify theft," the representative said. "These scams hurt seniors and other people eligible for Medicare, cost taxpayers money, and result in higher health care costs for everyone."

The representative further warned against ever sharing one's Medicare number unless it's with their "doctor, pharmacist, hospital, health insurer, or other trusted healthcare provider."

Stopping the spoofing

When caller ID was implemented, AT&T was the only phone company around. And as such, it implemented a system where a customer could put anything as their caller identification as they'd be able to verify who was who. 

But the government broke up AT&T and deregulated the telecom industry, ultimately crippling the effectiveness of caller ID by allowing scammers to easily game the system.

The Federal Communications Commission attempted to combat the spoofed robocall problem by implementing STIR/SHAKEN protocols in 2021, which works to verify the caller ID of a user. 

Foss said that the implementation of STIR/SHAKEN protocols has led to a noticeable decline in the overall volume of robocalls. He explained, however, that scammers are still able to spoof numbers, and have just begun to go for "bigger" scams that have the opportunity to pull in high-dollar amounts, like Medicare or bank fraud.

There is, however, another way to combat some of these scams. 

The DNO Registry was built to stop it, but isn't used

The Federal Communications Commission requires gateway providers to reference a "reasonable Do Not Originate" list, a registry of phone numbers that are never used for outbound calls, only inbound, like 911 or the IRS' hotline. The providers, knowing these numbers are for inbound calls only, will then drop any call that has a caller ID of one of the numbers on the DNO registry.

The easiest way to kneecap Medicare fraudsters would be to simply add the 1-800-MEDICARE line to the DNO registry. This would eliminate scammers from being able to spoof the official hotline. Swindlers will still have access to an abundance of other phone lines to use, but would no longer be able to claim they're from Medicare by encouraging the target to check their caller ID.

The biggest hurdle with this is that it appears the Centers for Medicare & Medicaid Services use the phone line for both inbound and outbound calls, according to one representative. 

"A customer service representative from 1-800-MEDICARE can call you if you've called and left a message or a representative said that someone would call you back," the representative told Insider.

Somos, a data registry manager, oversees the "RealNumber DNO database," a comprehensive list of phone numbers that have been identified as never being used for outbound calls. It's one of several DNO registries the FCC permits telecom companies to use to combat spam calls.

Nelly Valentin, the director of marketing at Somos, told Insider "responsible" organizations that own and manage toll-free numbers (like the 1-800-MEDICARE line) "have the ability to identify these numbers in the RealNumber DNO database."

Valentin added that enterprises and brands "can also reach out to Somos to identify numbers that should not originate a call."

With this in mind, it's unclear why the Centers for Medicare & Medicaid Services use the phone line for both outbound and inbound calls. Foss said the first step the group should take is to make their hotline "inbound only."

"Nobody should be able to make calls from there," Foss said.

"These criminal organizations have just had free roam of the phone network and that's why we have this problem," he added, "So we at least have to put some speed bumps. We at least have to make their job more difficult. DNOing 1-800-Medicare is very simple, very straightforward, and should be should have been done a while back."

Read the original article on Business Insider