Did you ever regret picking up a spam or a phishing call? With this latest capability on Webex Calling the calls are labeled to reduce wasted time in answering unwanted calls and potential security risks. Administrators can set organization policies to automatically block calls as well.
Overview of spam detection
Robocall is a call that delivers pre-recorded messages through auto dialing software. Fraudsters use robocall with spoofed caller ID to acquire something of value from the victims.
To protect consumers against spam calls, service providers are implementing STIR/SHAKEN in their network. This is already in place in United States and Canada in adherence with FCC guidelines. This helps to identify suspect calls giving users confidence in answering calls from unknown numbers. The end users benefit from service providers verification of caller-ID.
Understanding the STIR/SHAKEN standard
Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) is a framework of interconnected standards. This ensures that calls traveling through interconnected phone networks have their caller ID signed as legitimate by originating service provider and validated by the receiving service provider before reaching the consumers.
To convey verification results through the verstat
parameter in the
SIP P-Asserted-Identity header, the terminating service providers use these
options:
-
TN-Validation-Passed
— validation was successful with result as A, B, C attestation to the calling number. -
TN-Validation-Failed
— caller could not be verified. -
No-TN-Validation
— this can be result of verification failure for various reasons. For example: The E.164 number malformed.
SHAKEN attestation levels A, B and C let the originating service provider attest their relationship to the calling numbers.
-
A: the service provider can attest that caller has the right to use the phone number as the caller ID.
-
B: the customer is known. However, it is unknown if they have the right to use the caller ID.
-
C: it doesn't meet the requirements of A or B. For example: an international call.
Verstat value and attestation
Webex Calling processes the verstat
parameter in the incoming call and
displays the Caller-ID disposition on the Cisco clients.
This table shows the verstat
information that is used to drive
caller-ID notification to clients:
Vertsat value |
Attestation level |
Value that is displayed on Cisco clients |
---|---|---|
TN-Validation-Passed |
Not Provided |
Verified Caller |
A |
Verified Caller |
|
B |
Possible Spam |
|
C |
Possible Spam |
|
TN-Validation-Failed |
Any value |
Potential Fraud |
No-TN-Validation |
Any value |
Possible Spam |
No verstat Parameter |
Any value |
Possible Spam |
Cisco clients that support Unified Call History show an icon according to the Caller-ID disposition in the call history record.
On Webex App, the attestation text and icon is displayed and on MPP devices only the icon is displayed. |
Verification of the on-net calls
In addition to the PSTN calls, Caller-ID disposition for on-net calls is done according to following rules:
-
On-net call between Webex calling users—Verified user (with icon).
-
On-net call from Cisco Unified Communications Manager user to Webex Calling user—Verified user (with icon). Calls from on-premises Cisco Unified Communication Manager user are classified based on the Caller-ID that matches with the configured enterprise dial-plan.
-
On-net call from Webex Calling user to On-Premises Cisco Unified Communications Manager user—No indication on Cisco Unified Communication Manager client.
For mid-call features such as Call Transfer, Call Park, Call Pickup, Call Forwarding, and Caller ID, the Caller-ID disposition is based on the processing of the verstat value of the initial call leg.
When an incoming call to a Webex Calling user is forwarded and the calling number is changed, then Caller-ID disposition
is decided based on verstat
value in the incoming call request.
Supported devices
Spam detection is supported on the following Cisco endpoints:
-
Webex App—Desktop and Mobile version 42.5 or higher.
-
MPP phones—Supports 6800, 7800 and 8800 MPP devices with firmware version 11.3.7 or higher.
Administrator Configuration
Provision user notification using Control Hub
An administrator can configure sending the user indication for unverified callers. An administrator can configure to block calls that have failed STIR/SHAKEN validation. This ensures that potential fraud calls are not sent to user’s endpoint.
To configure the notification settings at the organization-level, follow these steps:
1 |
Navigate to https://admin.webex.com, go to Services > Calling. |
2 |
Go to Service settings and scroll down to Caller ID Validation. |
3 |
Use the toggle to activate the following options:
|
Configure CUBE for spam indication
To pass the verstat
information to Webex Calling, organizations in United States and Canada that use on-premises PSTN connected to
Webex Calling using Local Gateway or CUBE must configure these settings on CUBE.
Configure CUBE, if the PSTN service provider sends verstat
parameter during new call setup:
The tags referenced here are based on the Local Gateway Configuration Guide. |
Doing this configuration even when the service provider is not sending the |
voice class sip-copylist 300
sip-header From
sip-header P-Asserted-Identity
sip-header P-Attestation-Indicator
voice class tenant 300
copy-list 300
voice class sip-profiles 200
rule 50 request INVITE peer-header sip P-Asserted-Identity copy "(;verstat=[A-Z|a-z|-]+)" u01
rule 51 request INVITE peer-header sip From copy "(;verstat=[A-Z|a-z|-]+)" u02
rule 52 request INVITE sip-header P-Asserted-Identity modify "@" "\u01@"
rule 53 request INVITE sip-header From modify "@" "\u02@"
rule 54 request INVITE peer-header sip P-Attestation-Indicator copy "(.)" u03
rule 55 request INVITE sip-header P-Attestation-Indicator add "P-Attestation-Indicator: Dummy Header"
rule 56 request INVITE sip-header P-Attestation-Indicator modify "." "P-Attestation-Indicator: \u03"
For calls from PSTN, where the service provider does not support STIR/SHAKEN:
If the PSTN provider does not send verstat
information in the
incoming call, do not change the default value of the Present calls from
unverified callers as normal calls setting on Control Hub. If the
setting is disabled, then users see Possible Spam indication
on their clients.