Techniques for detecting spam accounts in a system are described. The system may analyze speech characteristics of communication content (e.g., telephone call content, VoIP content, audio messaging, etc.) to determine whether multiple devices or user profiles are associated with overlapping communications. The system may also analyze text transcriptions of communication content to determine whether multiple devices or user profiles are associated with overlapping communications. If so, the system may mitigate, such as throttling service, disabling accounts, and the like.

Unsolicited electronic communications such as robocalls and person-initiated solicitation calls are reduced by imposing tolls for completion of the connections to the called parties, and refunding the tolls to the entities indicated by the electronic communications as the calling parties. In this way, a dishonest originator of a spoofed call bears the cost of the toll, and the toll is not refunded to the dishonest originator. On the other hand, the toll collected from an honest originator of a non-spoofed call is refunded to the honest originator, making the toll transparent to the honest originator and avoiding annoyance of the honest caller caused by the toll. Unsolicited calls may be subjected to filtering, particularly filtering based on the indications of the origins of the calls.

Methods and apparatuses for managing spoofed calls to a mobile device are described, in which the mobile device receives a call transmitted over a cellular or mobile network. The call may include a set of information associated with the network, such as a geological location of a device that generated the call, a hardware device identifier corresponding to the device, an internet protocol (IP) address associated with the device, or a combination thereof. The mobile device may determine whether the call is spoofed or genuine based on the set of information. Subsequently, the mobile device may assist a user of the mobile device to manage the call, such as blocking the call from reaching the user, informing the user that the call is spoofed, facilitating the user to report the call as spoofed to an authority and/or a service provider of the network.

A system described herein may provide a technique for Embodiments described herein provide for the use of machine learning, artificial intelligence, and/or other techniques for network-implemented spam call detection. Calls may be screened prior to notifying a called User Equipment (“UE”) that a call has been placed to the called UE. A Machine Learning Spam Detection Component (“MLSDC”) may screen a call, such as a voice call, by initiating a call session between the MLSDC and a calling UE, from which the call was requested. Via the established call session, the MLSDC may receive communications, such as voice communications, from the UE, and may determine a measure of likelihood that the call request is associated with spam by using machine learning or other techniques to compare the received communications against one or more models that indicate attributes of calls that have been identified as spam.

One example method of operation may include identifying a call from a caller and destined for a callee, receiving a data message associated with the call, forwarding the data message to a call processing server, processing the data message to identify one or more call parameters, comparing the one or more call parameters to an active call scam model applied by the call processing server, determining a scam score for the call based on the comparing of the one or more call parameters to the active call scam model applied by the call processing server, and determining whether to notify the callee that the call is a scam based on the scam score.

Various embodiments may include methods and systems for avoiding connecting an illegitimate call within a telecommunications network. Various embodiments may include receiving, from a telecommunications network, an incoming call initiating message notifying the first wireless device of an incoming call, in which the incoming call initiating message includes caller information. Some embodiments may further include transmitting a provisional response message including callee information of the first wireless device in response to receiving the incoming call initiating message, transmitting a request message to a second wireless device based on the caller information and the callee information, determining whether the second wireless device initiated the incoming call based on a response message from the second wireless device, if received, in response to the request message, and taking an action to prevent connection of the incoming call in response to determining that the second wireless device did not initiate the incoming call.

An illegal call detection apparatus comprises a data collecting unit, a preprocessing unit, and a learning unit. The data collecting unit collects, from at least one of a subscriber terminal or a call exchanger, a raw packet generated by the subscriber terminal using a VoIP service, and collects, from the billing server, CDR data related to the raw packet. The preprocessing unit generates learning data by using service usage information extracted from the CDR data and service detailed information extracted from the raw packet, and generates a training image by converting the training data into an image according to a predetermined imaging rule. The learning unit extracts at least one or more features from the training image, and learns whether the training image is related to an illegal call by using the features, through an illegal call detection model.

Disclosed herein are systems and methods for providing mobile call authentication. For instance, a token indicative of a call request can be received from a calling party. The token can include a called party number and a time of the request. A subscriber database can be accessed to determine identifying information associated with the calling party based at least in part on the token. The token can be authenticated based at least in part on the identifying information and using one or more predefined authentication protocols. The token can be stored in a call session registry storing data indicative of a plurality of active telephone call events. A verification request for the call request can be received from the called party. The call request can be verified based at least in part on the token. The called party can be notified that the call request has been verified.

Techniques are described for vetting unwanted calls. At an inbound customer call handling apparatus, a SIP INVITE is received from a destination carrier servicing the inbound customer intended for a destination user agent (UA) device of the inbound customer. The SIP INVITE includes a current origination identifier (ORIG ID) comprised of a fixed length character string. The call handling apparatus accesses a database of stored ORIG ID character strings, each stored ORIG ID character string in the database having been included with a previous SIP INVITE that has been previously associated with an unwanted inbound call. The call handling apparatus analyzes the current ORIG ID character string to determine if it matches any stored ORIG ID character strings in the database. When there is a match to a stored ORIG ID character string, the SIP INVITE is not forwarded to the destination UA device. Otherwise, it is forwarded to the destination UA device.

Methods and systems are described for authenticating calls. An example method may comprise receiving a message indicative of a call request. Header data associated with the message may be analyzed to determine an attestation value. A signature may be generated based on the attestation value. A signed message comprising the signature and at least a portion of the message may be sent.