Robocalls are inundating phone users. These automated calls allow for attackers to reach massive audiences with scams ranging from credential hijacking to unnecessary IT support in a largely untraceable fashion. In response, many applications have been developed to alert mobile phone users of incoming robocalls. However, how well these applications communicate risk with their users is not well understood. In this paper, we identify common real-time security indicators used in the most popular anti-robocall applications. Using focus groups and user testing, we first identify which of these indicators most effectively alert users of danger. We then demonstrate that the most powerful indicators can reduce the likelihood that users will answer such calls by as much as 43%. Unfortunately, our evaluation also shows that attackers can eliminate the gains provided by such indicators using a small amount of targetspecific information (e.g., a known phone number). In so doing, we demonstrate that anti-robocall indicators could benefit from significantly increased attention from the research community.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.