Based on the caller ID information that people see on their phones they can decide whether to answer a call. It tells them who is calling, so they can decide whether to take the call then or call back later. If the caller ID on your phone reads “Microsoft Support 1-800-555-1212” or something similar, you assume the person on the other end of the line is from Microsoft. Caller ID lends legitimacy to the caller. Many people don’t realize that scammers use Voice Over IP technology and other tricks to fake or spoof caller ID information in the hope of acquiring credit card numbers or other personal information. Scammers use caller ID spoofing to make their scams believable.
What is Caller ID?
Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. It is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone.
Caller ID is not associated with the actual phone number but is part of the initial call setup, which allows the caller to manipulate the Caller ID to display a different number from the number that is calling.
What Is Caller ID Spoofing?
If you have ever received a call where the caller said that you called them when you have not, then your number was most likely spoofed by another person. There are many phone scams that use caller ID spoofing to hide their identity because caller ID spoofing makes it impossible to block the number.
Anyone can spoof their outbound caller ID by using an online service like Spooftel and SpoofCard, which allow anyone willing to pay to spoof numbers. These services are meant to protect the caller’s number from being displayed and claim they aren’t intended for malicious purposes, but they have limited control over who uses the service.
Companies can also control their Caller ID if they have their PRI or SIP connection, the technical names for multi-line enterprise telephony setups.
Are there multiple victims with Caller ID Spoofing?
There are always multiple victims when a scammer uses caller ID spoofing. The main victim is the receiver that answers the telephone call with a number being spoofed, aka the target of the scam.
The secondary victim is the owner of the number; their number is being used without permission. The secondary victim does not even know that their number is being used, and this could have an adverse effect on their business.
There are applications and telephone companies that block the secondary victim’s number from making legitimate calls. This could harm law abiding businesses or customers whose numbers have been faked by scammers.
Caller ID interfering with a business
A business in West Springfield on June 22, 2018, received about 300 calls in one hour. Due to the high volume of calls, the business did not have enough resources to answer all of the calls. It quickly became apparent that the businesses number had been used in a series of spoofed calls and the calls were not from customers but from the recipients of the spoofed calls.
This hurt the business, as they were busy answering calls from people who were not customers. Not only does this cause a monetary loss, but the business’ reputation could have also been impacted as individuals assumed they were using auto-dialers to call people in the area.
How Scammers Spoof Caller ID Information
Scammers spoof caller ID information in several ways. One of the most popular ways is through the use of internet-based caller ID spoofing service providers. These spoofing services can be purchased cheaply.
A Typical Spoofing Scenario
The typical caller ID spoof works like this:
The person (scammer) who wants to conceal their number logs in at a third-party spoofing service provider website and submits payment information.
Once logged in to the site, the scammer provides their real phone number. They then enter the phone number of the person (victim) they are calling and provide the fake information that they want the caller ID to display.
The spoofing service calls the scammer back at the provided phone number, calls the intended victim’s number, and bridges the calls together along with the spoofed caller ID information. The victim sees the fake Caller ID information as they pick up the phone and are connected to the scammer.
The Effectiveness of Spoofing Caller IDs
Caller ID spoofing can be an incredibly effective tool for scammers. The Ammyy scam, where victims received phone calls from scammers claiming to be from Microsoft support, was a huge scam that bilked people out of millions of dollars worldwide.
The Ammyy scam wouldn’t have been nearly as effective if it weren’t for caller ID spoofing. When Ammyy scam victims answered the phone, most of them looked at the caller ID to see that Microsoft was calling them, and many of them believed it.
Pretexting as a Scamming Technique
The scamming technique used in the Ammyy scam is known as pretexting. Pretexting occurs when someone creates an artificial scenario so they can mask their true intentions under the guise of something that is not threatening. The pretext usually involves developing credibility so that the scam is acceptable and believable.
A real-world example of establishing false credibility for pretexting occurs when someone uses a police uniform to pass themselves off as a police officer to gain access to a section of a building that is normally off limits.
Caller ID in scams is used in the same manner as a phony police uniform is in the real world. When people determine a caller’s identity, all they have to go by is who the person says they are and who the caller ID says they are. If this information matches, most reasonable people believe the pretext and some of them end up as victims of a scam.
Is Spoofing Caller ID Information Legal?
In the U.S. and many other countries, it is illegal to falsify caller ID information. The United States Truth in caller ID Act makes it illegal to spoof caller ID information for unlawful purposes.
If you live in the U.S. and believe that someone who called you has spoofed their caller ID information to scam or mislead you, report it to the Federal Communications Commission (FCC).
Is there a way to report Caller ID Spoofing?
Many countries do have ways to report caller ID spoofing. If you live in Canada, you can report the calls to the CRTC and the perpetrator can be fined up to $15,000 per violation.
In the United States, you can report fraudulent calls to the FCC. The FCC will impose a fine anyone that is illegally spoofing a number up to $10,000 per violation.
If you do not live in either of these countries and you would like to report caller ID spoofing, a quick Google search should reveal which organization is responsible for investigating into these types of calls. You can then file a report with them.
For the next post in this series, I will look at some popular telephone scams. After that, we will investigate setting up your own PBX using Raspberry Asterisk.
Keeping Yourself Safe
Because of caller ID spoofing, it’s important not to put too much trust in what your caller ID shows. If you receive a call claiming to be from an organization demanding money or your personal information, such as account numbers or Social Security numbers, be wary. Ask to call back the person on the other end of the line, and call back at a well-known, published number for that organization. Search the organization’s website or look at literature you might have from the organization, such as a bill or the back of a credit or debit card, to find the best number to use.
Keep in mind that organizations like banks, police departments and the Internal Revenue Service won’t call demanding immediate payment of money over the phone. Legitimate organizations will also understand your desire to keep yourself safe and won’t object to your returning a call if you’re not sure everything is on the up-and-up. Try not to panic if you receive an alarming call before you determine if it’s in fact legitimate.
If you suspect a call is fraudulent, you can report it to your local police department or to the Federal Trade Commission. Another option is to contact your phone company for help. Many provide technology to help you block particular numbers and to filter out what appear to be scam calls. You may also be able to find apps for your smart phone to block numbers and detect likely scams.
Read our article about identify phone number owner if you are interested in.