content/en-za/images/repository/isc/2021/phone-number-spoofing.jpg

Unscrupulous telemarketers and scam artists are always looking for new ways to get people to answer their calls. Most phones have the ability to screen calls, providing information about the caller when the phone rings. But an increasingly common technique scam artists have been using is to falsify or “spoof” their caller ID information.

Phone number spoofing causes the Caller ID to display a phone number or other information to make it look like the calls are from a different person or business. While the caller’s information may appear local, the calls are often placed by telemarketers located outside the state or country. Spoofing is usually done with malicious or unscrupulous motivations by the caller and it has led many people to believe that you can no longer trust Caller ID.

History of Phone Number Spoofing

Phone number spoofing has been used for years by people with a specialized digital connection to the telephone company. Law enforcement officials and collection agencies have been using the practice for years, sometimes in a legal way but oftentimes not. In 2004, a company called Star38.com launched the first mainstream caller ID spoofing service to allow spoofed called to be placed from a web interface. Many similar sites launched the following year.

Phone number spoofing has also been used to scam sellers on websites like eBay and Craigslist. In these scams, a caller will contact the seller and claim to be calling from Canada with an interest in purchasing the advertised items. They will often ask the sellers for personal information, like a copy of their registration title, etc. and then repost the items for fake sale. Phone number spoofing has also been used during U.S. elections, when fraudulent callers would use fake caller IDs of hospitals and ambulance companies to get potential voters to answer the phone. Robocalls have been used in the same way, being placed with a false caller ID and made to look like they are coming from a local number instead of a state call center.

Phone number spoofing is also used for vicious prank calls. For example, someone might call and arrange for a TV station or doctor’s office to appear on a recipient’s caller display and engage them in a prank. One viral news story in 2008 reported that a man was arrested for making threatening phone calls to women and having their own home numbers appear on the caller ID to make it look like the calls were coming from inside the house.

In past years, spoofing over VoIP has become more popular as telecom companies have leased out thousands of phone numbers to anonymous voice-mail providers who allow phone spam to become a bigger and bigger problem. Fraudulent callers have also used spoofing to impersonate police, utility companies, immigration officials, medical insurers and more. Many spoofing scams target the elderly, as well, by impersonating family members and requesting fake wire transfers.

How Spoofing Works

Phone Number Spoofing allows scam artists to trick caller IDs into displaying false information. These scam companies or individuals understand that many people no longer answer calls from 1-800 numbers, numbers with unfamiliar area codes, or that display no caller ID information (sometimes this comes up as “unknown” on caller IDs). By spoofing local phone numbers or information into called ID devices, scammers hope to entice the recipient to answer a call they would otherwise decline.

For example, you might receive a call on your smartphone with the same area code as your phone or a call from a number that’s just a few digits different than your own phone number. In some cases, you might even see your own name and phone number displayed on your caller ID device by these callers. Scam artists who use spoofing do so through a variety of methods and technologies.

Voice over IP

When phone number spoofing first surfaced, it required in-depth knowledge of telephony equipment that tended to be very expensive. More recently, open-source software has made it possible for almost anyone to spoof calls with little cost or technical knowledge. One of the most prevalent ways of spoofing is through VoIP.

VoIP stands for Voice over Internet Protocol and is basically a phone service delivered via the Internet. If your internet connection is of decent quality, then your phone service can be delivered through the internet rather than your phone carrier. VoIP services can be a great alternative to traditional phone services, but they also can be prone to spoofing.

You're probably familiar with the term "IP address," which stands for your Internet Protocol address and it is how calls are made using VoIP. An IP address is how devices such as computers and smartphones communicate with each other on the internet. Using a device's IP address allows users to make and receive calls over the internet. For many businesses and consumers, VoIP is considered to be the best alternative to a local telephone company.

The Evolution of VoIP

With the rise of broadband internet, VoIP has become a popular choice of phone service for both businesses and individuals. Due to their widespread use and the fact that it is a relatively simple system to install and run, it makes sense that so many people and companies have adopted it. It offers lower costs than traditional phone carriers with increased functionality. VoIP providers also offer other features not found in standard phone services. For instance, some services can help you set up a second phone number, meaning you don’t need a landline, a second mobile phone, or even a SIM card for your business calls. This is really helpful for some consumers, but it also leaves VoIP services wide open for scammers to take advantage of.

Some VoIP providers let the user set up their display number as part of the configuration page on the provider’s web interface. It doesn’t require any additional software. In some cases, the caller name is generated from the number by a database lookup connected to the recipient’s phone. But in other cases, the caller name can be configured as part of the settings on a client-owned analog telephone adapter. Providers that let users employ their own devices make it possible for direct inward dial numbers to be purchased separately from outbound calling minutes. This means that someone could easily disconnect their inbound number from their outgoing calls and replace their caller ID with a different number of their choice.

Carriers, like Skype, that don’t follow established hardware standards or prevent users from changing configuration settings on hardware, like Vonage, make it harder to spoof calls.

Service Providers

Some spoofing services work just like a prepaid calling card. Customers pay upfront for a PIN number that they use to place calls. Then they dial the number provided by the service provider, enter their pin, enter the outgoing call number and then enter the number they want to appear as their caller ID. The call is then bridged or transferred and shows up on the recipient’s phone with the spoofed number chosen by the caller.

Some providers also offer a Web-based platform or mobile app that lets a user create an account, log in and supply caller ID information along with the outgoing number they are calling. The service provider then places the call and displays the entered information as the caller ID. In some cases, companies or individuals can send text messages from spoofed numbers as well.

Orange Boxing

Another method of spoofing is called orange boxing. This method uses software that generates the audio signal that is then paired with the telephone line during the call. The purpose is to make the recipient think there is an incoming call waiting from the spoofed number even though no one is calling. The scam involves using a second accomplice to pretend to be the secondary caller on the line.

Phone Number Spoofing Displays

Telephone equipment manufacturers handle caller names in a variety of different ways. Some equipment in the United States sends just the caller’s number to the distant exchange and then has to use a database lookup to find the name to display along with the number. In other countries, such as Canada, landline exchanges run Nortel equipment to send the name along with the number. Other exchanges handle numbers in a variety of ways, making calls between the two exchanges particularly susceptible to interference. The same applies to calls from long-distance numbers in differing country codes, as caller ID often displays the local portion of the incoming number without displaying a country code. This way, calls can mistakenly be thought to be from a domestic number.

Legality in the United States

Phone number spoofing is generally legal in the U.S. unless done with intent to defraud or cause harm. According to the FCC website and Truth in Caller ID Act, “FCC rules prohibit any person or entity from transmitting misleading or inaccurate caller ID information with intent to defraud, cause harm, or wrongly obtain anything of value.” But under this law, if there is no intent to harm, you can use other numbers.

Since intent to harm is hard to prove, and legitimate businesses can’t be accused of having the intent to harm, it’s technically legal to spoof. Phone spoofing is legal in cases like a business displaying their toll-free call-back number or a doctor using their mobile phone and having their office number appear. Even if the intent is to harm or defraud, many of the call centers are located elsewhere than the U.S., so it’s hard to track and regulate them.

How to Stop Someone From Spoofing Your Number

The reality is that it’s difficult to protect your phone number from getting spoofed. Numbers are usually selected at random, so people generally aren’t specifically targeted. The primary line of defense is to change your number, but obviously, this is a huge hassle and not something you want to have to do.

Any U.S. citizen who believes they are a victim of caller ID spoofing can file a report with the FCC Consumer Complaint Center. The FCC imposes a fine of up to $10,000 per violation.

How to Recognize Phone Number Spoofing

One of the best ways to protect yourself is by learning to recognize scams that use spoofing so you can avoid picking up or engaging with spoofed calls. Here are some tips to help.

Be Skeptical

Be skeptical of text messages or callers that address you with generic greetings instead of using your real name. Don’t assume that callers are who they say they are. If you get a call from someone representing a company or a government agency, hang up and call back the phone number on the company’s agency website to verify the caller.

Password Protect Your Voicemail

Set a password for your voicemail account. Scammers can hack into your voicemail unless it is properly secured with a password.

Avoid Unknown Numbers

Avoid answering unknown numbers, even if they are from local area codes.

Don’t Hit Any Buttons

If the caller asks you to press any buttons, hang up immediately.

Don’t Fall For It

Pay attention to the caller’s tone of voice and don’t give out any information to callers who seem pushy or demanding. A popular tactic with telemarketers is to try to make a matter appear urgent so recipients will be more inclined to react and give out information. If a caller says they need your information for an event or product you’ve never heard of, be wary. Don’t answer any questions, especially regarding your personal information. Scammers are known to ask for information such as your Social Security Number, mother’s maiden name, passwords, or credit card numbers.

Don’t Stay on the Line

Trust your gut. If you have any suspicions about the caller, hang up immediately. The longer you stay on the line with them, the more likely they are to get information out of you.

Notifying the FCC, the FTC, or your local police department is often the best way to go about protecting your personal information. Other best practices for stopping unwanted calls include filtering calls and blocking spam numbers. Filtering or blocking a number is different for iOS users and Android users, but both essentially involve going into your settings on your phone, and then selecting some sort of “block contact” option. Your carrier may also provide additional methods of stopping unwanted calls, such as Verizon Mobile’s Call Filter app. There are also a number of other security and spam apps available that can help block unwanted or unknown callers. Others can set unknown or potential spam calls to ring with a special tone or be filtered into a different call log so that you aren’t bothered by them as often.

People repeatedly targeted by phone number spoofing scams may want to contact their phone service providers to change their phone number. Some carriers, such as Verizon Mobile and ATT, allow customers to pick a new number online for free. Customers can simply login to their provider app and change their mobile number. While this may temporarily stop your phone from receiving any further scam calls, it is not a foolproof plan. Scammers can always start to spoof your new number as well, so it’s best to always follow the tips mentioned above.

Recommended Reading

What is VoIP

How to remove a hacker from your smartphone

What to do if a phone is lost or stolen

Everything to Know About Phone Number Spoofing

Phone number spoofing is a popular way for scammers and telemarketers to contact you with a false caller ID. Read on to learn about how to avoid it.
Kaspersky Logo