In today’s interconnected world, cybercriminals are constantly devising new methods to take advantage of unsuspecting individuals. One such method that is quickly gaining notoriety in this world of increasing cybercrime is telephone spoofing. Because this can be confusing, we will try to shed some light on this rising threat and provide insights into what telephone spoofing is, how it works, and steps you can take to protect yourself.
Understanding Telephone Spoofing
Telephone spoofing has been around for a very long time. It has been used by law enforcement and collection agencies for many years. In 2004, the first way to spoof a number came about in the form of star38.com, which allowed a user to make a call from a web interface. Many other similar services started shortly after.
In one sense, telephone spoofing refers to the practice of falsifying caller ID information to mask the true identity of the caller. For example, they just change the “from” number to appear as if it’s your doctor’s office, financial institution, or perhaps one of your neighbors. By manipulating the caller ID display, scammers can deceive recipients into believing they are receiving a call from a trusted individual or legitimate organization. This enables cybercriminals to carry out various malicious activities, such as phishing, vishing (voice phishing), smishing (text/SMS phishing), and social engineering attacks.
How Telephone Spoofing Works
Scammers can modify the caller ID information displayed on the recipient’s phone. It’s not difficult to do. In fact, there are numerous apps available for any device that will allow anyone to change their phone number. Cybercriminals often employ automated dialing systems or robocalls to reach a large number of potential victims. These systems have the capability to spoof thousands of phone calls simultaneously to reach a large number of potential victims. It’s likely you’ve received a few of these on your mobile phone. Sometimes the cellular provider lists them as “Spam Risk,” or “Spam Likely.” But the sheer volume of these calls makes it challenging for recipients to identify and block malicious calls. Once they are found out, the scammers simply dial from another spoofed number.
Implications and Risks
The problem is that even though we can just ignore “Spam Likely,” these telephone spoofing scams pose significant risks to individuals and organizations. By disguising their identity, scammers can manipulate victims into divulging sensitive personal information, such as Social Security numbers, credit card details, or login credentials. They may also deceive individuals into making unauthorized financial transactions or provide access to their computer systems.
Moreover, telephone spoofing attacks can be highly persuasive, employing psychological tactics to instill fear, urgency, or authority. This makes individuals more susceptible to falling for the scams, as they believe they are communicating with someone they know or trust.
This is particularly dangerous with the arrival of AI and deepfakes. Now, criminals can even create voices that sound like someone their victim may recognize.
Isn’t Fraud Illegal?
Now, you may be asking the question of whether or not this is legal. Well, fraud is indeed illegal. However, according to the FCC website and Truth in Caller ID Act, “FCC rules prohibit any person or entity from transmitting misleading or inaccurate caller ID information with intent to defraud, cause harm, or wrongly obtain anything of value.” So, if the caller is simply trying to get you to buy something or donate to a cause, for example, it is not illegal and spoofing itself is not illegal.
However, it’s also very difficult to prove that harm is intended and even more difficult to enforce and prosecute those who do it. This is particularly true when the criminals are not based in the U.S.
Protecting Yourself Against Telephone Spoofing Scams
Fortunately, there are steps you can take to protect your information and the information of your organization.
- Don’t answer calls from unknown numbers. If it’s a legitimate call, they will leave a voicemail, email you, or call back.
- Be skeptical. Do this even if the caller ID appears legitimate. Remember, scammers can modify this information to be whatever they want it to be.
- Verify before sharing. If someone requests sensitive information over the phone, such as passwords or financial details, hang up. Legitimate organizations don’t ask for your password and no one should need your banking account or payment card information, unless you initiate the call and expect to provide it, such as to make a purchase or resolve questions about your account. Use official contact information from trusted sources, such as the organization’s website or previous correspondence to verify these calls.
- Implement call screening and blocking features. Look into call screening and blocking options provided by your phone service provider or consider using third-party call-blocking apps to filter out known scam numbers.
- Report suspicious calls. If you receive a suspicious call, report it to your local authorities and relevant regulatory bodies, such as the Federal Communications Commission (FCC).
Telephone spoofing scams continue to evolve and pose a significant threat to individuals and organizations alike. By staying vigilant, verifying callers’ identities, and adopting preventive measures, you can thwart the attempts of these malicious actors and safeguard your and your organization’s personal information.
Remember, when it comes to telephone calls, “trust, but verify” should be your guiding principle.