Key Findings
On April 2, 2026, the Federal Communications Commission released a Notice of Apparent Liability for Forfeiture proposing a $4.5 million fine against Voxbeam Telecommunications, an Orlando-based voice service provider. Voxbeam is accused of accepting international call traffic from a Czech Republic provider that had never registered in the FCC's Robocall Mitigation Database. The result: 60,873 spoofed bank impersonation robocalls transmitted to US consumers over just three days, many displaying caller IDs of Bank of America and JPMorganChase. Separately, the FCC's Enforcement Bureau has now removed over 1,200 non-compliant voice service providers from the Robocall Mitigation Database. This is the most significant consumer-protection enforcement activity the FCC has shown on robocalls in over a year.
The Voxbeam Case
What Happened
Between March 31 and April 2, 2025, Voxbeam Telecommunications accepted incoming call traffic from Axfone, a voice service provider based in the Czech Republic. Axfone has never been registered in the FCC's Robocall Mitigation Database (RMD), a federal registry that US voice providers are legally required to check before accepting traffic from other providers.
Over the three-day window, Voxbeam transmitted 60,873 calls bearing US caller IDs to US consumers. Those calls used 2,812 distinct caller ID numbers, many of them spoofed numbers belonging to major American banks including Bank of America and JPMorganChase.
The content of the calls: classic bank impersonation scams. Fake fraud alerts. Requests for account verification. Pressure tactics claiming unauthorized transactions had been detected. Recipients who engaged were routed to live operators who attempted to extract credentials, wire transfers, or direct account access.
Why Voxbeam Was Liable
US voice providers are prohibited from accepting traffic from any operator not listed in the FCC's Robocall Mitigation Database. This rule, established under the TRACED Act and implementing STIR/SHAKEN call authentication requirements, places the obligation on gateway providers like Voxbeam to verify their upstream partners before routing calls onto US networks.
Voxbeam did not verify. The FCC's Industry Traceback Group (ITG) sent four traceback requests flagging the suspicious traffic. After the first request, Voxbeam blocked Axfone within 24 hours, which is why the final fine includes a 20% downward adjustment from the base forfeiture.
How the Fine Was Calculated
| Calculation Step | Value |
|---|---|
| Base forfeiture per call | $2,500 |
| Number of violating calls cited | 2,250 |
| Preliminary forfeiture | $5,625,000 |
| Downward adjustment (prompt response) | -20% |
| Final proposed forfeiture | $4,500,000 |
The FCC cited only 2,250 of the 60,873 calls as the basis for the fine calculation, representing the violations most thoroughly documented during the traceback process. The full 60,873 figure is the total volume of suspicious traffic that transited Voxbeam's network, not the subset used to assess the penalty.
The Broader Pattern: 1,200+ Providers Removed
The Voxbeam action is not an isolated event. The FCC's Enforcement Bureau has been systematically cleaning up the Robocall Mitigation Database for the past 18 months. Over 1,200 non-compliant voice service providers have been removed from the database during this period. Removed providers are prohibited from carrying voice traffic into US networks. Any downstream US gateway provider that continues to accept their traffic is in violation, exposing itself to the same type of enforcement action Voxbeam is facing now.
The removal criteria include:
- Failure to certify implementation of STIR/SHAKEN call authentication
- Failure to file required annual Robocall Mitigation Plans
- Pattern of complaint volume indicating willful acceptance of illegal robocall traffic
- Failure to respond to ITG traceback requests within required timeframes
Why the Bank Impersonation Scam Is Particularly Dangerous
Bank impersonation robocalls are among the most dangerous scam categories for three reasons.
1. High conversion rate on a small target list. Unlike generic debt-reduction scams that need to blast millions of calls to get a handful of conversions, bank impersonation calls target specific account-holder lists. Many of these lists are sourced from stolen or resold consumer data. Conversion rates of 2 to 5% are documented, compared to 0.01 to 0.1% for generic robocalls.
2. High average loss per victim. When a bank impersonation scam converts, the loss is typically the victim's entire available balance or credit limit. FBI IC3 2025 data, covered in our FBI report breakdown, shows bank-related fraud averaging $7,100 per victim, well above the $2,700 overall average.
3. Urgency manipulation is easy. The script works because fraud alerts are psychologically coercive. The recipient is told money is already at risk, and they have 30 seconds to verify. Rational decision-making degrades under time pressure. This is why bank impersonation calls convert even educated, skeptical targets.
What This Action Tells Us About FCC Enforcement Direction
Three signals in the Voxbeam action that matter for the industry and for consumers.
First, the FCC is targeting gateway providers, not end-scammers. Individual scam operations are hard to prosecute, especially when they operate offshore. Gateway providers like Voxbeam have US addresses, US bank accounts, and FCC licenses. Going after them is faster and creates structural pressure on the entire voice routing chain.
Second, $2,500 per call is the new baseline penalty. This is up from previous per-call forfeitures around $500 to $1,000. The higher base signals that the FCC is willing to impose more punitive penalties on gateway providers who fail to verify upstream partners.
Third, 24-hour response windows are credit-worthy, not fully exculpatory. Voxbeam's rapid response to the first traceback cut 20% off the fine. That is meaningful but it did not eliminate the liability. Providers are expected to proactively verify, not just react to complaints.
What Consumers Can Do
If you receive a call claiming to be from your bank:
- Hang up, do not stay on the line. Real bank fraud teams will not ask for credentials, one-time codes, or wire transfers. Any caller who does is fraudulent.
- Call the number on the back of your card. Not the number that just called. Not a number in a text message. The printed number on your physical card, or the number in your official bank app.
- Report the incident to the FCC at fcc.gov/complaints and to the FBI at IC3.gov.
- Verify suspicious numbers at ScamVerify before ever calling them back.
If a bank impersonation call succeeded in extracting credentials or a transfer:
- Freeze your accounts immediately by calling your bank directly.
- File an IC3 report. The 24-hour window after a wire transfer is the highest-probability window for recovery.
- Place a fraud alert with the three credit bureaus (Equifax, Experian, TransUnion).
- Change your online banking password and enable two-factor authentication using an authenticator app, not SMS.
Further Reading
- FCC Notice of Apparent Liability: Voxbeam $4.5M forfeiture (April 2, 2026)
- FCC Robocall Mitigation Database: RMD portal
- American Bankers Association statement: ABA commends FCC action
- ScamVerify: Robocalls hit 4-year high, 29.6B in 2025
Enforcement at the gateway level is long overdue. The Voxbeam action is a welcome first, not a finish line.
