The Complete Guide to Spam Calls in 2026

In July 2025, Sharon Brightwell of Dover, Florida got a phone call from a sobbing woman who said she'd been in a car accident and needed help. The woman on the line sounded like Brightwell's daughter. Brightwell packed $15,000 in cash and handed it to a courier who came to her house. Her daughter hadn't been in an accident. The voice had been cloned from a few seconds of public social media audio.

How many spam calls are we talking about

The FCC puts current volume at roughly 4 billion robocalls per month in the United States. The monthly average of scam-and-telemarketing calls rose from 2.14 billion in 2024 to 2.56 billion through September 2025. On that trajectory, US robocall traffic reaches around 58 billion calls per year by 2028.

Reporting trails the volume badly. The FTC received 1.6 million robocall complaints in fiscal year 2025, which works out to one report per 32,000 calls received. Most people have stopped flagging them.

Enforcement is more aggressive than the coverage suggests. The FTC filed 173 lawsuits against 570 companies and 449 individuals in 2025 and collected nearly $400 million. In August 2025, the FCC effectively shut down about 1,400 phone companies accused of routing illegal calls. These are substantial actions. They're also visibly not enough.

A large share of the calls originate outside US jurisdiction and route through carrier chains that make enforcement slow and expensive. Sending a million calls costs pennies. Prosecuting one operator takes months. Numbers rotate faster than any regulator can list them.

The five shapes of a spam call in 2026

Robocalls. Automated dialers playing pre-recorded messages, or IVRs routing callers through menus. Some are legal: political messages, appointment reminders from businesses you've opted into. Most that reach consumer phones are not. The Do Not Call Registry reduces them only from operators who bother complying with US regulations.

Live scam calls. Humans running scripts from overseas call centers. IRS impersonation. Fake Microsoft tech support. The grandparent scam. Romance scams that start on dating apps and migrate to phones. A live human can improvise and pressure, which makes these both more dangerous and cheaper to run than people assume.

AI voice scams. Calls using cloned voices. Three seconds of public audio is enough for current cloning tools to produce a voice family members can't reliably distinguish from the real person. This category barely existed in 2022. It now dominates reported dollar losses from phone fraud.

Neighbor spoofing. Calls displaying a fake caller ID matching your area code and local exchange, specifically to get you to pick up out of familiarity. Old technique. In 2026, assume any unknown number showing a local prefix might not be.

Silent-hangup calls. You answer, the caller hears you say hello, the caller hangs up. Not a wrong number and not a misdial. The call exists to confirm that the line reaches a real person. That confirmation becomes data sold on validated-lead lists at a premium over unvalidated numbers.

Why the defenses most people use don't stop this

Your phone almost certainly has some combination of these running: a carrier-level spam filter, an OS-level label (Samsung Smart Call, Google Caller ID & Spam), or a third-party app (Hiya, Robokiller, Truecaller). They all work by matching incoming numbers against a database of known spam. They fail in ways that are now well documented, and the specifics matter.

Fresh numbers slip the filter. Commercial spam operations cycle through thousands of new numbers a month specifically because the database needs days or weeks of user reports before a number gets labeled. Robokiller's own documentation concedes that "new or spoofed numbers may bypass filters temporarily." You aren't being protected from the active campaign; you're being protected from last month's.

Legitimate callers get blocked. Robokiller maintains a public Blocklist Exception request form, which exists because wrongful blocks happen often enough to warrant a dedicated intake process. On Trustpilot and PissedConsumer, reviewers have posted specific cases: a user whose sister, doctor, and father's hospice nurse were all blocked by Robokiller; another who cancelled service after the app repeatedly blocked their doctor's office. Hiya itself publishes a support article titled "Help! My Numbers are Being Flagged as Spam, but My Calls are Legitimate," which exists because legitimate small businesses regularly end up on user-reported spam lists. One Truecaller user reported that over six to nine months the app identified exactly two calls as spam, and both were legitimate — one of them was Verizon Sales returning the user's own inquiry.

The label-only services (carrier protection, OS-level filters, the free tier of Hiya) add a second failure: when they do identify a spam call, they don't actually stop the ring. "Potential Spam" appears on screen, the phone rings anyway, the notification interrupts you, and the label is ultimately a suggestion.

The block-first services fail more quietly. Robokiller blocks on match. Truecaller Premium's Auto-Block blocks on match. Hiya's paid tiers suppress blocked calls from reaching voicemail on iOS. Carrier-level "enhanced" spam protection blocks on match. When any of these services wrongly blocks a real caller, you get no ring, no voicemail, and no notification. Your doctor's new office line calls, the system classifies it as spam, and you never know the call existed.

Voice cloning is making both failure modes worse. Autodialers now deliver context-aware scripted content at scale, and the content of the calls that do get through is more convincing than anything circulating three years ago. The database-and-list model was already losing the rotation race before cloning crossed the indistinguishable threshold in late 2024. Since then, the rotation got faster and the payload got more credible at the same time.

The flip: what if the caller had to prove themselves

List-based defenses try to answer the question "is this number on a database of known spam?" The answer has gotten less reliable every year as scam operations rotate numbers faster than databases can update, and AI cloning has made the content of the calls harder to dismiss once a filter fails.

A different question has a cleaner answer: is a real person on the line right now, willing to identify themselves? The signal is behavioral. The behavior is cheap for real callers and structurally inconvenient for most scam operations.

A robocaller plays a recording. It cannot process incoming audio, so any mid-call prompt requiring a spoken response goes unanswered and the call ends.

For bulk live scam operations, the economics are throughput. Operators earn per call or per connect, and when a call adds an off-script step, a measurable percentage of operators hang up to stay on rate. The ones who stay have to identify themselves on a recording the person being called can listen to before deciding whether to answer.

Silent-hangup dialers exist specifically to confirm a number reaches a real person. If no confirmation happens, because no one spoke to the dialer, the number fails validation. The call drops without confirming anything, and the number loses its value as a validated lead that could be sold on to the next operation.

AI voice clones can speak anything scripted, but clone setups are generally optimized to deliver an emotional plea start-to-finish, not to stop mid-plea, process an incoming prompt, and respond to it in real time. The clone keeps delivering its script while the screening step waits for a response it was never set up to produce.

Real callers hear the prompt, repeat the phrase, and continue to the next step. Doctors, schools, delivery drivers, recruiters, contractors, family members on a new number: none of them get filtered out by association with a pooled line or a fresh number, and the handful of seconds it costs them is not a meaningful barrier.

How VoxGuard actually works

An unknown number calls. VoxGuard answers the call before your phone rings. The app plays a short prompt that includes a phrase you set during installation, and asks the caller to repeat the phrase back. The caller gets three attempts. Three misses ends the call.

Robocalls, silent-hangup dialers, and AI clones running fixed scripts typically fail at this step. Bulk live scam operators on throughput usually hang up rather than break their call cadence for an unfamiliar step.

A caller who repeats the phrase is then asked to state their name and reason for calling, in their own voice, in five to sixty seconds. The statement is recorded, auto-transcribed, and pushed to your phone as a heads-up notification. You see the caller's number, the audio, and the transcript. You can tap Listen, Approve, or Decline directly from the lock screen without opening the app.

A transcript example from our testing, verbatim: "I'm calling about your car's extended warranty." You read it once. You know what it is. Decline. Your phone never rang.

You have two minutes to decide. Without a tap, the call goes to voicemail.

Contacts saved on your phone never see screening. If someone already in your contacts calls, they ring through the normal way on every call.

You can set separate voicemail greetings for known contacts and screened unknown callers. Type a message and VoxGuard reads it in natural text-to-speech, or record your own.

If you're expecting an automated verification callback (a 2FA call, a bank confirmation), one tap pauses screening for the window you need and brings it back after.

The phrase is customizable for one practical reason: if every user had the same phrase, a single pre-recorded compliance response would pass every user's screening. Separate phrases across users closes that one workaround.

What this changes for you

Two concrete things change.

Unknown numbers become answerable again. The common objection to picking up — "I don't know who this is" — is what the screening step resolves. By the time your phone rings, a call has already passed a challenge that robocalls and silent-hangup dialers cannot, a caller has stated their name and reason in their own voice, and you have either heard or read what they're calling about. If you pick up, you pick up with context.

The calls that list-based services accidentally block don't get blocked here. A doctor's new office line, a school's substitute front desk, a recruiter on a new number — VoxGuard has no block list to apply, so there is no block-list false positive. A legitimate stranger goes through the same steps as anyone else, and you hear who they are before deciding.

In day-to-day use, fewer interruptions reach your lock screen at all, because robocalls and silent-hangups drop out before the phone rings. When a notification does appear, it carries enough detail to decide.

What VoxGuard doesn't do

VoxGuard is Android-only right now. It's $4.99/month with a 7-day free trial, cancellable through Google Play.

VoxGuard does not maintain a spam number list. That is the design, not a gap.

VoxGuard does not read contact names, email addresses, or any field beyond phone numbers. The only reason the app touches your contacts is to let people you already know ring through without screening.

VoxGuard does not record your actual phone calls. The only audio the app handles is the short name-and-reason statement unknown callers make during the screening step. Once a call is approved, the signaling exits VoxGuard entirely and the call rings on your phone the way any other call would.

Setup takes a few minutes and includes a one-time carrier forwarding step the app walks you through for your specific carrier.

For more on how active call screening compares to blockers, OS filters, and the other categories in detail, we wrote a separate post on that. If you want the compressed version of the VoxGuard mechanism itself, the 60-second overview is here.

Where this leaves us

The list-based defense model evolved to solve a problem that has since mutated faster than the databases can update. "Is this number known to be spam?" had a useful answer ten years ago. In 2026, it has a stale answer on fresh numbers, a wrong answer on legitimate new and pooled lines, and no answer at all on silent-hangup and AI-scripted calls.

A different question has a cleaner answer. Is a real person on the line right now, willing to identify themselves? Real callers can, in a few seconds. Robocalls can't; bulk scam operations usually won't; silent-hangup dialers have no reason to. VoxGuard is built in that gap.

Try VoxGuard →