Brad Young, a lawyer at TripAdvisor, arrived at the company’s offices in Needham, Massachusetts, on October 12, 2015, to find an email from his boss, Seth Kalvert, the company’s general counsel. In itself that wasn’t strange. As a travel site built on crowdsourced wisdom, where hundreds of millions of ordinary people post reviews and rate businesses, TripAdvisor is susceptible to fakery meant to inflate the ranking of a so-so restaurant or stain the reputation of a storied hotel. Young oversaw a group responsible for fending off these efforts, so he frequently got questions from Kalvert about con artists, cunning new deceits, and other shady corners of the law.
But this email was different. Kalvert’s wife had received a robocall offering an exclusive vacation deal as a reward for her loyal accumulation of “TripAdvisor credits.” That would have been nice if TripAdvisor credits were a thing, but they weren’t. The call was also odd because TripAdvisor didn’t engage in telemarketing, much less robocalling. Kalvert wanted Young to look into it.
Lily Hay Newman
The Robocall Nightmare Is Only Getting Worse—But Help Is Here
Lily Hay Newman
Nigerian Email Scammers Are More Effective Than Ever
The Curse of the Bahia Emerald, a Giant Green Rock That Ruins Lives
The anti-fraud team was, in Young’s words, “the company’s secret sauce,” adept at tackling every deception the internet had to offer. But the hustle meant to entice Kalvert’s wife relied on old-school telephony. Cracking it would require an unusual set of skills. Luckily, Young knew just the person to turn to.
Fred Garvin had joined TripAdvisor’s anti-fraud team eight years earlier. He’d been employed in a series of short-term jobs: mechanic, audio editor, anything that seemed interesting enough to hold his attention for a while. He was out of work when a friend saw an opening for a content moderator at TripAdvisor and urged Garvin to apply. He worked at home for a while, under the radar, but pretty soon managers started noticing his obsessive streak and a knack for what he called “research.” As a kid growing up in a small New England town in the pre-internet era, he’d tracked down the addresses of celebrities so that he could request an autograph; he got a postcard signed by the B-52s and one from Mr. Bill, a famous Saturday Night Live character from the 1970s. (The name “Fred Garvin” is another SNL reference, one of several professional aliases he adopted to protect his identity from the scammers and fraudsters he chases. It comes from an old sketch with Dan Aykroyd as Fred Garvin, male prostitute.) Garvin’s manager recommended him for a position with the anti-fraud team. “He’s the most cynical person I’ve ever met,” she said. “He will question everything.” He was a perfect fit.
Young asked Garvin to look into the suspicious phone call. He said he figured it was probably the work of “some two-bit hustler” and wouldn’t take long to sort out. Garvin, though, had only one phone call to go on, and a simple question: Who was on the other end of the line?
Before Young tasked him with running down the robocaller, Garvin had not taken much interest in the practice. Robocalls have been around since at least the 1980s, when someone first thought to attach a tape deck to a phone. In the analog age, the hardware was clunky, expensive, and difficult to operate. The tapes had to be rewound, and they eventually wore out. Still, the technology improved, and telemarketers kept promoting their wares. By the early 1990s, Americans were so sick of telemarketers and prerecorded messages that when US senator Fritz Hollings lamented on the Senate floor that the calls were “the scourge of modern civilization,” few challenged the assertion, despite the competing scourges of war, say, or the spread of AIDS .
Hollings was the sponsor of the Telephone Consumer Protection Act, and he seemed to draw upon personal experience during the legislative debate on the bill: Automated calls “wake us up in the morning, they interrupt our dinner at night, they force the sick and elderly out of bed, they hound us until we want to rip the telephone right out of the wall.” The law was signed by George H. W. Bush in 1991 and limited how and when telemarketers could place calls, focusing mostly on landlines, the dominant technology of the time. Cell phones, still relatively new, were treated like emergency lines and bestowed with special protection.
Then over the next two decades came the internet, cheap data, voice-over-internet protocol, and the deregulation of the telecommunications industry—all a boon to consumers and robocallers alike. Even big, well-known companies got in on it, launching robocall campaigns as a form of mass marketing on the cheap.
Not surprisingly, people complained about being inundated with calls, and in 2009 the Federal Trade Commission enacted the “robocall rule,” which banned most prerecorded telemarketing calls. There were exceptions, though, for things like political campaigns, charities, and debt collection, meaning your bank can still pester you about unpaid bills and candidates can beg for your vote.
But the law was quickly outpaced and overshadowed by the rapid evolution in technology. Today, a single person in a modestly equipped office can make millions of calls a day by renting some server space, installing off-the-shelf autodialing software, and paying a VoIP provider to transmit calls. Some of the software is open source, and VoIP carriers often advertise a month of free service as a way to entice potential customers. Software companies offer everything you need in one package—a robocall starter kit, available for anyone to buy.
Best of all, it’s cheap: VoIP services cost three-fifths of a penny per minute, and that’s only if the call is answered. Unscrupulous carriers openly advertise their services to those looking to make “dialer/short duration termination calls”—the jargony euphemism for robocalls—and databases of consumer phone numbers are easy to buy. “The technology has gotten so inexpensive that any person can become a robocaller overnight,” says Ian Barlow, who coordinates the FTC’s Do Not Call program. “It’s easy, it’s accessible, and there are no barriers to entry.” Once the software has been programmed to control who to call and when, the robocaller doesn’t even need to press a button to start making calls each morning. The same technology also makes scammers hard to identify and track down.
Little wonder, then, that the United States is awash in robocalls . According to YouMail, a maker of robocall-blocking software, Americans received a record-breaking 47.8 billion robocalls in 2018 . That works out to nearly 200 per year for every adult. Unwanted calls are the most common consumer complaint lodged with the Federal Communications Commission , and the trend shows no signs of slowing, despite the pile-on of laws and regulations—the Telemarketing Sales Rule, the Truth in Caller ID Act, and the Telephone Consumer Protection Act, among others—outlawing the vast majority of autodialed calls or prerecorded messages, at least those used for marketing purposes. With more than 100 million calls placed every day, robocalling might well be the most ubiquitous, most hated, and least punished crime in the country.
Garvin set up shop in a quiet corner on the third floor of TripAdvisor’s headquarters, flanked by whiteboards and a bay of screens, preparing to track down the mystery robocaller. Garvin is in his early forties, with dark, spiky hair, a soft face, and darting eyes. In conversation, he is calm and self-possessed, even formal, but he buzzes with a tightly wound energy.
Garvin scoured the web, looking through blogs, forums, and social media for any mention of a similar call. He didn’t have to look very far. Dozens of people were grumbling—or worse—on TripAdvisor’s own forums. “IF I EVER GET A CALL LIKE THAT AGAIN, I WILL CONTACT THE FCC AND I WILL OPEN THE GATES OF HELL ON TRIP ADVISORS,” one person wrote. “NEVER NEVER NEVER NEVER CALL ME LIKE THAT AGAIN. EVER. GOT IT.”
One of his early gambits was simply calling a number that had placed a robocall. When he tried that, though, he found a human on the other end of the line, perplexed as to how their phone number had been used for prerecorded marketing. Eventually he figured out that the robocaller was engaging in a practice called neighbor spoofing—making the calls look as if they were coming from someone living near the intended recipient. For Garvin, it was a dead end.
Hoping he might get lucky and receive one of the robocalls himself, Garvin began answering every suspicious call and spoofed number that lit up his cell phone. He heard dubious alerts about student loan forgiveness, unclaimed lottery windfalls, and tax debt. “I was the only person you will ever meet who was excited to receive a robocall,” he says. He was getting several a day and answering as many as he could, all the while hoping for one that would lead back to the TripAdvisor scam.
The irate stories on TripAdvisor forums seemed like promising leads, except that the details didn’t line up. People who got the same prerecorded pitch on the same day were transferred to live operators who offered different vacation packages at different prices. Garvin and Young felt as if they were “chasing ghosts,” Young said.
SIGN UP TODAY
Sign up for the Daily newsletter and never miss the best of WIRED.
Those posts did offer a few clues: The calls came over VoIP and seemed to be a classic bait and switch. If you were on the line, you’d hear a recorded female voice saying that you’d received TripAdvisor credits that could be redeemed for a vacation. The “credits” might be for $999 or $2,000—the amounts differed—but you’d be instructed to press 1 to take advantage of the incredible offer and then be transferred to a live operator. Neither the credits nor the name TripAdvisor would be mentioned again. Instead, the operator would pitch an unrelated offer: a cruise, a resort, an all-inclusive stay at a beachfront hotel.
Drawing from angry postings and tips on the TripAdvisor forums, Garvin put together a list of all the companies pitching their wares through the fraudulent robocall. He checked the domain registrations and IP addresses of their websites and realized that they all had identical content, shared web hosting servers, and listed the same contact information. They all showed the same white sand beaches and featured images of the same beautiful, sun-dappled tourists. And they all traced back to the Yucatán. Cutting and pasting in Google Translate, Garvin trawled through Mexican business registration documents, time-share websites, and social media postings, mapping out an ecosystem of companies—some legitimate, some less so—that he had never known existed. Now, he thought, he was getting somewhere.
His internet wanderings led to a booming call-center industry in Cancún and surrounding areas connecting American customers with local time-share and resort companies. If these centers were involved in the robocall trade, Garvin wanted to learn as much about them as he could.
Facebook proved a useful investigative tool. One employee posted a photograph of himself posing in the call center. On the wall behind him was a piece of paper listing some sort of information. Garvin zoomed in and could just make out the business name and website address that the center’s operators were to use that day—a lead for observing the scammers in real time. Over the following months, Garvin watched on Facebook as the man in the photo transitioned from employee to manager to entrepreneur, posting ads soliciting staff for his own newly opened call center. Garvin was down the rabbit hole now, snooping from afar on individual employees as they went about their business. He wasn’t sure if these call centers were the ones responsible for the TripAdvisor scam, but the only way to find out was to keep tracking them.
Garvin picked up another clue: TripAdvisor was not the only brand being flogged. The calls also touted exclusive deals for loyal customers of Marriott, Hilton, and Expedia—a “who’s-who of travel companies,” Young says, none of which were actually offering the deals. In his conversations with jilted customers, Garvin found that the trips on offer were probably real but difficult to redeem. When someone tried to book a trip they had purchased, suddenly there were no dates available, or the contact information the business had provided was invalid. The customers who made it through that gauntlet were welcomed to their vacation destinations with long sales pitches for expensive local time-shares. The brand names had drawn people in. “They couldn’t just say, ‘Hey, you interested in a very questionable Mexican time-share situation?’ ” Garvin says.
Garvin managed to recruit some of the irate customers into his army of amateur sleuths. One woman, a nurse from Massachusetts named Kim, was getting 10 or more calls a day for months on end. “I was, oh, I was beyond, beyond irritated,” she says. Finally, fed up, she found the phone number for TripAdvisor’s president and CEO and called to complain. He called right back. “This is not us,” he explained. “This is somebody pretending to be us.” Then he put her in touch with Garvin, so he could debrief her and add the phone numbers she’d collected to his own burgeoning database.
The investigation was moving along. Young and Garvin were starting to see where the calls ended up and how people were getting scammed. But they still didn’t know who was making the robocalls—or how to stop them. After more than three months of digging, they decided to ask for help.
In April of 2016, Young flew to Washington, DC, to meet with Kristi Thompson, deputy chief of the Enforcement Bureau at the FCC’s Telecommunications Consumers Division. Young had pulled together the information that he and Garvin had been gathering, hoping to persuade the FCC to get involved in the hunt. He was surprised when, almost as soon as he began speaking, he says, “there was visible excitement throughout the room.”
The FCC was chasing the same scammers. A few months earlier a medical paging company called Spok had come to the agency for help; a sudden influx of robocalls was flooding the company’s network. Pagers may seem like an anachronism, but they are still used by more than 80 percent of hospitals. Whoever was behind the TripAdvisor robocall campaign had inadvertently debilitated Spok’s networks by flooding pagers with digital messages they weren’t equipped to handle. Emergency room doctors, nurses, and first responders were getting delayed alerts. This was not just an annoyance; it was a matter of life and death.
Thompson’s team already had an idea where the calls were coming from. TripAdvisor “gave us the content of the messages, and the ‘why,’ ” an FCC official who worked on the case says. “We knew the ‘what,’ but we couldn’t see inside the messages like they could.”
Young returned to TripAdvisor headquarters feeling buoyed. Garvin soon came to him with another reason to celebrate. On July 29 he had driven to his sister-in-law’s house and was chatting in the front yard about dinner plans when his phone rang. Garvin saw a spoofed number and had an intuition. His sister-in-law was midsentence when Garvin blurted, “I have to go.” He sprinted to his car, grabbed a notebook, and picked up the call.
“This is TripAdvisor,” a chipper automated female voice said, and today was Garvin’s lucky day: He’d been awarded thousands of TripAdvisor credits for an exclusive vacation to the sunny Caribbean!
It was Garvin’s lucky day. He’d been collecting information for more than nine months, but everything he knew was secondhand. He had never heard the messages himself or been able to tie the Mexican resorts directly to the call centers and the fraudulent use of TripAdvisor’s name. Earlier in the summer, the complaints seemed to have stopped, and Garvin worried that the scammers had gone dark before he could pin them down. Now they were calling his cell phone.
Following the prompts, Garvin was transferred to a live agent, who asked his age range and if he made at least $60,000 a year. He passed the test and was quickly put on the line with a second live agent—the charmer. “You’ve won an all-inclusive trip to one of our fabulous resorts,” the agent said. “What do you like to do on vacation, Mr. Garvin?”
Garvin played along. “I like to hang out by the pool and have a few cocktails,” he said. Garvin did his best to maintain his composure as he sat in his car scribbling and trying to eke out company names and information from the agent. His sister-in-law had long since given up and gone inside.
When the agent sensed that the hook was in, he went in for the close: “This trip is valued at $4,000, but today it’s only $999. We accept Visa, Mastercard, or American Express. Which card would you like to use today?”
Garvin deflected. “If I make this purchase without asking my wife, I’m in the doghouse,” he told the agent. “It’s better to ask for forgiveness than permission,” the operator replied. Still, he gave Garvin a callback number and other information. When Garvin hung up, he drove home as fast as he could. Armed with new websites and names, he spent all night at his laptop. By the next morning, after sleuthing through social media and Mexican phone databases, he knew the real name of the call center agent and found the Facebook page of the call center’s CEO—people he could tie directly to the TripAdvisor scam. Now they had the evidence they needed to bring a full dossier to the FCC.
As Garvin gathered information about call centers in Mexico, Young began sending them cease and desist letters, explaining that TripAdvisor had learned of their ploy and threatening to turn them in to Mexican authorities. Most just ignored him or pleaded ignorance. Finally, one company—seeking to demonstrate its good intentions (or avoid a lawsuit)—offered up a key piece of information. Garvin and Young had assumed that the Mexican call centers were making the robocalls themselves. But they weren’t. They paid someone in the US to do that. Best of all, the newly solicitous Mexican company knew the first name and phone number of their American robocaller.
Young contacted Thompson at the FCC again. “Let’s have another meeting,” he said. With the first name, phone number, and some googling they had found their man: Adrian Abramovich.
On April 18, 2018, Adrian Abramovich appeared before the US Senate Committee on Commerce, Science and Transportation. Ten months earlier, with help from Garvin and Young, the FCC had accused him of a “massive caller ID spoofing operation” and slapped him with a proposed $120 million fine, then the largest in the history of the FCC. The agency identified Abramovich as the source of 96,758,223 illegal robocalls. The laws governing robocalls are complex and sometimes contradictory, enforced by multiple agencies, and with layers of exceptions and loopholes. But the gist is simple enough: no calling cell phones, no using automated or prerecorded messages, and no using fake names or numbers. According to the FCC, Abramovich had broken all of these rules.
Abramovich arrived at the Russell Senate Office Building looking bewildered, as you might expect of someone compelled by congressional subpoena. In the past few years, there hadn’t been much that Democrats and Republicans in Congress could agree on. Health care, immigration, taxes, deficits—every debate, every topic and idea was us vs. them. Here, finally, was an issue that perfectly bridged the partisan divide: a burning hatred of robocalls. As soon as the hearing began, the senators pounced, clearly relishing the chance to lay into the stout man at the witness table. Abramovich, wearing a suit and glasses and with his hair pulled back into a neat man bun, looked trapped. Senator Richard Blumenthal kicked things off. Abramovich, Blumenthal said, had assembled a “phenomenal record of consumer abuse.” Looking directly at him, he declared: “You have become the face of this problem.”
Though Abramovich refused to talk about his own actions, he insisted that all of the vacation packages were on the up-and-up and that no consumers were misled. Sure, the calls were actually just the entrée to find customers for expensive time-shares, but it was all there in the fine print of the deals. (The FCC was only interested in the robocalling violations, not whether the trips themselves were scams.) Besides, he was just the middleman, connecting American consumers to Mexican companies. As the questioning continued, Abramovich took great care to distinguish the “good guy” robocallers like himself, who were offering “legitimate services or products,” from the true scam artists. “I receive four or five robocalls a day,” he added, as if to give his Everyman bona fides. “I never answer the phone.” These replies elicited little sympathy from the senators. “The efficiency and the magnitude of your robocall campaign is truly historic,” said Senator Ed Markey, who pointed out that he had written the Telephone Consumer Protection Act, one of the laws that Abramovich was accused of violating. “Do you understand why it irritates people? Do you understand why they don’t want these unwanted calls, Mr. Abramovich?”
It went on like that: 45 minutes of US senators scolding the seemingly baffled kingpin of robocalling.
I found Abramovich the same way he probably found the people he autodialed: through a public database listing his name, phone number, and home address. He lives in a posh Miami neighborhood in a gated oceanside community with the requisite pool, tennis courts, and security guards. The large stone-and-brick villas are organized around handsome courtyards with palm trees planted in the middle.
I knocked on the door, unannounced. Abramovich answered in a tight Lacoste T-shirt and skinny distressed jeans, and I thrust my hand out before he could shut the door. We stood in the doorway talking for half an hour until Abramovich’s wife joined us and invited me in.
Abramovich has a thing for bad guys. His man cave, which doubles as a home office, is decorated with figurines, paintings, and memorabilia depicting infamous movie villains like Scarface, the mobsters from Goodfellas, and Freddy Krueger. A record collection lines one wall, and an 80-inch TV is positioned in front of a set of plush black chairs and a black couch. Beside the record collection is his desk. Here it was: the compact headquarters of an alleged robocall empire from which Abramovich was said to place millions of calls a day. Off-the-shelf software can run automatically, moving through lists of phone numbers and other personal data available for purchase. The only limit to a robocall business is the amount of bandwidth you’re willing to pay for; the potential number of calls Abramovich could have made was unlimited.
As we toured the house, Abramovich’s wife pointed to their collection of South American art, while her husband described his current predicament with a sullen, dejected air, all sighs and slow head shakes. Despite the surroundings, he protested that his work had not made him rich—there was no way he could pay the $120 million fine or even a fraction of it. “I’m on monthly payment plans for everything,” he told me. “They’re not going to find a boat or five condos anywhere.” His wife, while keeping the family’s three small dogs at bay, noted, unprompted, that the Ferrari in the garage had been purchased in 2010 and was paid off in installments over five years.
Abramovich talked about a lot of things: Senator John Thune’s height (shorter than you’d think from TV), infamous pharma bro Martin Shkreli . (“He was laughing in front of the Senate. I was scared. I was really scared.”) But he mostly wanted to vent. After the FCC’s citation, his home had been inundated with hate mail and angry phone calls; his bank had closed his account without explanation and refused to let him open a new one. Family members had stopped talking to him.
The WIRED Guide to Personal Data
The humiliating spotlight of national condemnation came as a shock to him. He had immigrated to the US from Argentina—he still speaks with a thick accent—and over the past two decades, he has formed and led at least 12 corporations in Florida, according to the FCC, most of them dedicated to telemarketing and travel deals.
For all those years, calling maybe billions of people, he had been hidden from consumer anger and opprobrium. His prolific telemarketing got him into trouble in 2007 when AT&T Mobility got a consent judgment and injunction against him for unlawful telemarketing, but it wasn’t big news. The FCC ordeal was something entirely new and unpleasant.
The worst part, he said, was being served the Senate subpoena. It was Good Friday, and he was at his lawyer’s office talking about the case. His youngest daughter, barely a teenager, answered the door before his wife intervened. When a US marshal tried to hand Abramovich’s wife the subpoena, she let the papers drop to the ground. “You haven’t served me anything,” she said. The following Tuesday, three cars came screeching into their home’s shared courtyard, sirens blazing, and five marshals came to the door with the subpoena, Abramovich said. The neighbors came out to gawk. (The US Marshals Service said the subpoena was served “in a lawful manner.”)
People didn’t know his side of the story, Abramovich protested, but they had already decided that he was the bad guy. Abramovich told me that his lawyer had advised him not to talk to anyone, and he wavered as we spoke, alternating between brash defiance and victimhood. The case was now in the hands of the local US attorney, who was responsible for collecting the FCC’s judgment. The prosecutor hadn’t filed a complaint yet, but Abramovich, who has denied any intent to defraud customers, was planning to defend himself in court and then plead down to a lesser settlement based on his inability to pay the full fine. No matter what amount the settlement reached, though, he still felt wronged. “People don’t want to know,” he told me. “They don’t care.” Then he asked me to leave.
Even with Abramovich out of the game, the number of robocalls continues to explode. Many calls are from big companies doing what’s allowed (like dunning their customers), and some are from big companies doing what’s not (Dish Network was ordered to pay $280 million in 2017 for making calls to numbers on the Do Not Call Registry). And the netherworld of scammers keeps growing. Shady new kingpins are always popping up, eager to make their fortune. The FCC acknowledges that it is fighting a losing battle. By the end of this year, according to First Orion, a maker of caller ID and call-blocking software, nearly half of all telephone traffic in the US will be spam calls. “Going after a single bad actor is like emptying the ocean with a teaspoon,” one FCC commissioner wrote in her opinion commending the fine against Abramovich. “And right now we’re all wet.”
More than three years on, Garvin is still tracking robocalls. His methods now include fake credit card numbers, burner email addresses, even tricks for inducing a call center operator to text him from a personal number. He still trawls the TripAdvisor forums for complaints. Sometimes the work relates to an ongoing investigation for TripAdvisor; more often, it’s just to scratch his own itch.
One of the jobs that Garvin held before TripAdvisor was editing audio for a SpongeBob SquarePants videogame. Listening to hours of dialog, he developed a knack for recognizing voices. Garvin thinks he has identified five or six voices that pop up again and again on the robocalls he’s listened to—and he’s listened to thousands. He has a new idea: What if he could figure out the identities of those people and uncover the marketplace where robocallers find and hire voice actors? Could he nip a campaign in the bud? Better yet, what if, rather than ignoring robocalls, every American answered every call? If enough people pressed through to the call-center agents and toyed with them for hours, the enterprises would be deprived of sales and the robocallers driven into oblivion!
That’s a crazy idea. Even Garvin knows it. And it directly contradicts one of the FTC’s recommendations to consumers: When you receive a robocall, just hang up; do not engage. But the idea appeals to Garvin’s mischievous side, his fondness for turning the tables on scammers. For the time being, he is content finding angry customers, getting as much information from them as he can, and forwarding it all to the FCC for follow-up and prosecution. Recently, he bought four phones for the exclusive purpose of receiving robocalls. They are still ringing.
Alex W. Palmer is a freelance writer whose work has appeared in The New York Times Magazine, GQ, and Smithsonian magazine.
This article appears in the April issue. Subscribe now .
Listen to this story, and other WIRED features, on the Audm app.
Let us know what you think about this article. Submit a letter to the editor at [email protected] .
- Coders’ primal urge to kill inefficiency —everywhere
- A more humane livestock industry, thanks to Crispr
- For gig workers, client interactions can get … weird
- For avalanche safety, data is as important as proper gear
- How hackers pulled off a $20 million Mexican bank heist
- 👀 Looking for the latest gadgets? Check out our latest buying guides and best deals all year round
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter