I'm usually not one to focus on technological solutions given sociological problems, but this one seems to be a good exception. If we "just wanted to" [1] all this fake calls could be stopped by requiring strong authentication/authorization. We are very much used to just anybody being able to call my number, but that doesn't need to be the case. At the very least, cold calls should be treated as skeptical in the UI as instant messengers like Signal treat first messages. Probably this isn't enough, though, as it wouldn't have prevented the cases described in the article. Cold calling someone should probably require the caller to be traceable to a real, government-ID-verified person [2]. Even if that person is being defrauded themselves ("get a thousand bucks by installing this app and clicking a few screens") is would destroy the economics of the attack, as it would make each call expensive again.

[1] Structural inertia is the killer here. It will certainly not happen until the problem is huge enough.

[2] Exceptions can of course apply to numbers that are meant to primarily be cold called, like doctors offices. The callee possibly have to be specially trained to withstand this kind of attacks.

Speaking of which, what happened to SHAKEN/STIR? I thought the strong authentication requirements came down the pipe years ago and they were going to start turning off (or hiding by default) routes of low reputation. That was years ago, it was supposed to take years, but here we are years later and I still get loads of spam calls. What happened?

It's worth noting that TFA addresses this in the context of the scam: When the scam depends on the emotional reaction in response to a loved one's distress, it doesn't matter if the number the scam is coming from is unfamiliar. This means that the scam can use "technically correct" numbers that pass SHAKEN/STIR with no loss in conversion.

TFA also mentions that by routing calls through older non-IP networks you lose the accurate information, although it sounds like the FCC is slowly cracking down on this.

It is hard to get vendors to give up revenue no matter how illegal the source of revenue is.

So lots of judicially-unreachable call centers under judicially-unreachable telecoms need to lose reputation score and get spam-binned by default, just like email. I thought that was going to happen by now. Did the US telecoms just chicken out?

Why not fine vendors instead? They'll quickly change the tune..

I never answer my phone if I don't know who is calling me.