If you’ve picked up the phone in response to an unknown caller anytime in the last several years, chances are you’ve encountered this incessant and irritating automated message. But according to state and federal officials, just two men may be responsible for an overwhelming share of the billions of auto-warranty spam calls that have hit US phones.
Now, a new lawsuit in Ohio is trying to cut them off at their source, following a years-long effort across the public and private sectors to turn the tide on the scourge of robocalls once and for all.
In a complaint filed last month by Ohio Attorney General Dave Yost, the ringleaders of the auto-warranty robocall scheme are identified as Roy Melvin Cox, Jr. and Aaron Michael Jones, two California individuals described as repeat offenders of US telemarketing rules.
Using a web of shell companies, aliases and fly-by-night phone providers allegedly under their control, Cox and Jones have allegedly sent billions of robocalls nationwide since 2018 offering vehicle service contracts misleadingly characterized as car warranties, according to the suit. The scheme that inundated consumers with calls they never consented to has made millions of dollars, Ohio alleges, by acting as a middleman between call victims and salespeople for shoddy service contracts.
“It is the most sophisticated illegal robocall operation I have ever seen, by an order of magnitude,” said an enforcement official at the Federal Communications Commission, speaking on condition of anonymity because they were not authorized to speak publicly.
The Ohio suit seeks millions of dollars in fines for alleged violations of state telemarketing and consumer protection laws, alongside the nation’s premier telemarketing law, the Telephone Consumer Protection Act.
Cox and Jones, along with their alleged front companies and attorneys, did not respond to CNN’s requests for comment.
“If a slap on the wrist doesn’t work, punch them in the face and knock them out,” Yost said in an interview. “Take every dime they’ve got.”
The Ohio lawsuit is not the first to take on a major robocalling campaign, nor even the first to target Cox and Jones, who have both been sued by the federal government before. But the case provides a unique window into how some of the latest robocall scams work, as well as the novel tactics investigators are developing against them.
“The warranty calls from Cox/Jones — the ones the AGs and others went after — are down to near zero,” Alex Quilici, YouMail’s CEO, told CNN in an email. “There are other warranty calls out there — probably in the 500k-1m range — but they are from other folks. So the biggest culprits have been effectively shut down, and now it’s on to the smaller fry.”
The data show illegal robocalls do appear to be trending downward overall, according to Quilici. “If you look back since the October 2019 peak, there are definitely fewer illegal robocalls, no matter how you slice it,” he said.
The crackdown reflects what authorities describe as a wider coordinated effort by all 50 states, the US government, and the telecom industry to combat illegal robocalling. It involves not just litigation against individual robocallers but also unprecedented pressure on phone providers to stop carrying the bogus calls in the first place. Forcing phone companies to block the calls may seem obvious, but it’s taken years for the necessary pieces to come together, including new tactics and technology, as well as new laws.
While it may not feel like it yet, experts and officials express optimism that the country may finally have reached a turning point. As the Ohio complaint shows, however, officials are also up against a creative, committed and ever-adaptive foe.
A new way to combat the robocall epidemic
For years, and across multiple administrations, the robocall epidemic only seemed to grow despite bipartisan agreement something had to be done. Then, in 2015, a group of US phone providers came up with a way to collaboratively trace illegal robocalls back to their point of origin.
That technique, known as an industry-led “traceback,” has turned painstakingly manual forensic efforts into a more digitized, automated process. Starting with a consumer’s own phone provider such as AT&T or Verizon, every traceback compares a robocall’s metadata — including the phone numbers involved, which provider last handled the call, and when — with matching data from the previous upstream provider. That provider then does a similar analysis, and so on.
The investigation continues back up the call custody chain until it reaches a provider that either doesn’t respond to the probe or acknowledges having generated the call for a customer in the first place. Then authorities can investigate both the originating voice provider as well as the robocalling customer. Over half of all tracebacks result in the originating provider cutting ties with the customer whose robocall triggered the probe, according to Josh Bercu, vice president of policy at USTelecom, the trade association behind the multi-provider traceback consortium.
Despite the new technique’s rapidly apparent benefits, however, it has taken years for it to become mainstream through legislation. In 2019, tracebacks became a congressionally approved investigative tool in the TRACED Act, a landmark anti-robocall bill. Thanks in part to that law, all US voice providers must now comply with traceback requests.
The industry traceback group now processes hundreds of tracebacks a month, and it’s widely credited with saving law enforcement critical time and resources.
“Before we built this mechanism, the FCC would do this same thing, but they would have to send a subpoena to each provider along the way,” said Bercu. “In those days, tracing one call would take the FCC two to three months. We’re often getting that same data in a day or two.”
The information generated by tracebacks has identified specific phone providers responsible for dumping huge volumes of robocalls onto the US phone network. In the Ohio case, the data combined with law enforcers’ own investigative tools led authorities to Cox and Jones, according to the complaint, which adds that tracebacks have linked their operation to more than 300 distinct auto-warranty solicitation campaigns since 2018, each of which may have been responsible for hundreds of thousands if not millions of robocalls.
A high-stakes game of hide and seek
Accused of running eight phone providers that pumped out billions of unwanted calls for years, Cox and Jones are well-known to regulators. Both have been sued before by the Federal Trade Commission for other telemarketing violations and were ordered to cease their activities.
Yet the two men persisted, taking advantage of the fragmented nature of the US phone system and using its vast scale to help conceal their operations, officials say.
The scope and detail of the alleged scheme were staggering, according to the FCC official, who described an interlocking set of front companies, several of which were based in countries such as Hungary and Panama, and in some cases were led by people who were not known to each other. According to the Ohio complaint, some members of the scheme even appeared not to exist, except on paper.
Reached via LinkedIn message, one of the named defendants in the Ohio case, Jóvita Migdaris Cedeño Luna, told CNN she was recruited by Cox and has performed “administrative work” for Sumco Panama, one of the alleged front companies named in the suit, since 2019. But she claimed not to know Jones, the second accused ringleader. (The suit claims she is in fact Sumco Panama’s director and president as listed in the company’s Panamanian registration, and directly received money from voice providers controlled by the operation.)
To make its activities harder to detect, and presumably to seem more legitimate, the operation allegedly bought or rented millions of phone numbers that could be used to place unwanted calls, according to the complaint. It adds that Jones even allegedly hired a developer to build a bot, powered by artificial intelligence, that could interpret would-be victims’ responses and route them to salespeople.
The robocallers were also adept at playing hide and seek, according to USTelecom’s Bercu. When a traceback would uncover one of the voice providers the group was allegedly using to place its calls, the ringleaders simply spun up operations at a different business to generate the calls instead, Bercu said.
The operation’s nimbleness shows how challenging it can be to take down a robocaller for good, according to Margot Saunders, a senior counsel at the National Consumer Law Center who works with victims of telephone scams. It’s a multi-faceted problem that no single company, government agency or policy can solve on its own.
“All of these unwanted robocalls are undermining the value of our telephone system,” Saunders said. “This is a critical piece of our national infrastructure … and the more these calls invade the telephone system, the less people use it and trust it.”
Mass takedowns
In the case of Cox and Jones, federal officials took aim at the scheme more systemically in relation to the entire telecom ecosystem. The FCC is increasingly putting other telecom providers on notice that they are responsible for stemming the tide of illegal robocalls too, and those that don’t will be held accountable.
“The message is out there to industry, especially with the recent Ohio-FCC action, that you need to police your network. You need to stop this illegal traffic from getting out there,” said James Evans, an attorney in the Division of Marketing Practices at the FTC.
The mechanics of the move illustrate how future mass takedowns could work.
Giving the FCC order teeth are two important tools the agency didn’t have until a few years ago.
First are the industry tracebacks. Until recently, robocallers have largely been able to stay a few steps ahead of the authorities partly because of how long the investigations could take. Now, not only have the tracebacks reduced the time it takes for investigators to home in on the worst offenders, but they also let officials respond more quickly when those offenders try to spin up alternate operations.
More to be done
All of these developments are largely aimed at what happens after a robocall makes it onto the US phone network. But perhaps half or more of illegal robocall traffic, according to the FCC official, originates from outside the United States, often in places as far away as India and Pakistan. To go after the individual robocallers overseas, US officials must depend on the cooperation of international counterparts, which doesn’t always work out.
The crackdown on robocalls domestically reflects an effort to control what US officials can control. But here too the government could do more, said Saunders.
One of the most effective changes, she said, would be for the FCC to create a bonding and licensing system for voice providers, then seize their bond or revoke their license if they repeatedly break telemarketing rules. (The FCC official acknowledged this would likely be within the agency’s authority to do but could require significant new regulations.) Another idea, she said, is to wield database de-listing far more aggressively rather than waiting for a full and exhaustive investigation that could take months.
The overall focus on the providers that facilitate the robocalls is the right approach, she said, because it targets the problem at scale, forces well-intentioned providers to become part of the solution, and makes illegal robocalling more costly.
“Studies have shown repeatedly that in order to deter illegal behavior the punishment needs to be clear, swift and significant,” Saunders said. “The FCC needs to figure out how it will cost the providers more money to keep making these calls than it will to stop making the calls.”
Authorities could also look at bringing criminal charges against repeat offenders. In the interview, Yost told CNN that option is still “on the table” for Cox and Jones.
Even as illegal robocalls appear to be on the decline, said YouMail’s Quilici, it isn’t clear “how steep and sustainable that trend is.” The decline has coincided with reports of a troubling rise in text messaging spam.
— CNN’s Paul P. Murphy and Gabe Cohen contributed to this report.