Spoof calling is a type of cyber-attack that causes your network’s Caller ID to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a display showing a phone number different from that of the telephone from which the call was placed.
The term is commonly used to describe situations in which the motivation is considered malicious by the originator.
Unscrupulous telemarketers and scam artists are always looking for new ways to get people to answer their calls. Most phones can screen calls, providing information about the caller when the phone rings. And an increasingly common technique scam artists have been using is to falsify or “spoof” their caller ID information.
One effect of the widespread availability of Caller ID spoofing is that, as AARP published in 2019, “you can no longer trust call ID.”
Understanding spoof calling
Caller ID spoofing is when a caller intentionally falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number that you may already trust.
The idea is that people will be more likely to answer the phone if they think the call is coming from their neighborhood or a well-known company. Since it’s impossible to distinguish a legitimate caller from a spoofed call using that same number or name, it can be tough to recognize a spoof call in action.
If you ever pick up the phone and get a bad feeling about the call, hang up immediately. You can always look up the number, call back later, or find a publicly listed number for the company that allegedly called you to check if it was a scam.
How spoof calling works
Spoofing allows scam artists to trick caller IDs into displaying false information. These scam companies or individuals understand that many people no longer answer calls from 1-800 numbers, numbers with unfamiliar area codes, or that display no caller ID information (sometimes this comes up as “unknown” on caller IDs).
By spoofing local phone numbers or information into called ID devices, scammers hope to entice the recipient to answer a call they would otherwise decline.
For example, you might receive a call on your smartphone with the same area code as your phone or a call from a number that’s just a few digits different than your own phone number. In some cases, you might even see your own name and phone number displayed on your caller ID device by these callers.
Scam artists who use spoof calling do so through a variety of methods and technologies.
Here’s how spoof calling works:
- The caller uses spoofing software to disguise their number as any other number they want
- The caller places a call to their target (often using auto-dialing technology)
- The number that shows up on the target’s caller ID appears to be a local number or that of a reputable business — not the number that’s actually placing the call
- The target is more likely to answer because the number looks familiar or important
- The caller initiates their scam (in the case of illegal spam calls)
The point of spoof calling is to gain the target’s trust — or at least enough of it to get them to answer the phone. If the number on your caller ID looks legitimate, you’re more likely to pick up. Simply answering the call lets the scammer know that your number is active, and sometimes that’s all they need.
Spoof calling is unfortunately often successful, which is why it’s important to understand the way it works and how to protect yourself. To that end, it helps to put yourself in the mind of a scammer and learn why spoof calling is so integral to their trade.
Methods of spoof calling
Voice over IP
When spoof calling first surfaced, it required in-depth knowledge of telephony equipment that tended to be very expensive.
However, more recently, open-source software has made it possible for almost anyone to spoof calls with little cost or technical knowledge. One of the most prevalent ways of spoofing is through VoIP.
VoIP stands for Voice over Internet Protocol. It is basically a phone service delivered via the Internet. If your internet connection is of decent quality, then you can receive phone service through the internet rather than your phone carrier. VoIP services can be a great alternative to traditional phone services, but they also can be prone to spoofing.
Some VoIP providers let the user set up their display number as part of the configuration page on the provider’s web interface. It doesn’t require any additional software. In some cases, the caller name is generated from the number by a database lookup connected to the recipient’s phone. However, in other cases, the caller name can be configured as part of the settings on a client-owned analog telephone adapter.
Providers that let users employ their own devices make it possible for direct inward dial numbers to be purchased separately from outbound calling minutes. This means that someone could easily disconnect their inbound number from their outgoing calls and replace their caller ID with a different number of their choice.
Carriers, like Skype, that don’t follow established hardware standards or prevent users from changing configuration settings on hardware, like Vonage, make it harder to spoof calls.
Orange Boxing
Another method of spoofing is called orange boxing. This method uses software that generates the audio signal that is then paired with the telephone line during the call. The purpose is to make the recipient think there is an incoming call waiting from the spoofed number even though no one is calling. The scam involves using a second accomplice to pretend to be the secondary caller on the line.
Service Providers
Some spoof calling services work just like a prepaid calling card. Customers pay upfront for a PIN that they use to place calls. Then they dial the number provided by the service provider, enter their pin, enter the outgoing call number and then enter the number they want to appear as their caller ID. The call is then bridged or transferred and shows up on the recipient’s phone with the spoofed number chosen by the caller.
Some providers also offer a Web-based platform or mobile app that lets a user create an account, log in and supply caller ID information along with the outgoing number they are calling. The service provider then places the call and displays the entered information as the caller ID. In some cases, companies or individuals can send text messages from spoofed numbers as well.
Reasons behind spoof calling
Spam callers use a multitude of tactics to pull off their scams, and spoof calling has proven to be one of the most effective. However, spoof calling has practical, legal applications as well. Let’s discuss some of the different reasons people might use spoof calling.
Scams and fraud schemes
Scammers use spoof calling to steal billions from people every year. They primarily use spoofing to falsify their targets’ caller IDs, tricking them into thinking the scammer is someone trustworthy. It even prevents scammers from switching to a new phone number, as they can simply disguise the one they have.
Spoofing is cheap and easy to do, and it can come with a significant return on investment — even if just a few targets fall into their trap, the call spoofer can make a hefty profit. It’s also difficult to trace, which reduces the legal risk factor. Combined with auto-dialing software that can make millions of robocalls per day, spoof calling is an enticing strategy for any scammer.
Hiding one’s true identity
The phrase “spoof calling” might carry a negative connotation, but it’s not always done for nefarious purposes. In fact, there are legitimate reasons for and legal ways to go about spoof calling, and it can be practical for businesses and individuals alike. For example, a mechanic might make a call from their personal cell phone but have their business number come up on the recipient’s caller ID.
This is simply a way for a person to conduct their business without revealing their personal phone number, which is legal, legitimate, and safe.
Pranks and harmless fun
If you’re a prankster — which is much different from a fraudster — you might use spoof calling to pull a fast one on your friends or family. As long as it’s a victimless prank and there are no scams, schemes, or any other below-board activity, spoof calling can be applied to elevate your prank calls.
Techniques used for spoof calling
Spoof calling is complex on its own, which is why it’s so tough to trace. It can become even more dangerous when combined with other techniques and technologies.
Caller ID spoofing
The essential part of spoof calling is the display of the target’s caller ID. The goal is to falsify the reading so the target thinks they’re getting a call from someone trustworthy — like a neighbor or their credit card company. Unfortunately, all that awaits on the other end is a scammer waiting to pitch them a scheme and steal their personal information.
Voice-changing software
Some scammers disguise their voices in addition to their phone numbers. With the advanced technology available these days, they might even mimic the voice of a close friend or family member. If you get a call that sounds like a familiar voice, but it doesn’t seem like it’s the person it belongs to, hang up the phone immediately.
Interactive voice response systems
If you’ve ever called your doctor’s office and used your keypad to respond to an automated voice, you’ve experienced an interactive voice response system (IVR). Unfortunately, scammers have access to the same technology and can use these systems to direct their targets right into their traps.
How to block spoofing
You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.
Don’t pick up calls from unknown numbers
Avoid picking up calls from numbers you don’t know. If you pick up a call from a number you don’t recognize and they make requests that seem suspect, hang up.
Hang up and call back
If you’re in doubt about whether a call is legit but want to make sure, immediately hang up and contact the government office or company yourself to confirm details. If you don’t recognize the name of the organization contacting you, you probably don’t have to call back.
Don’t give out information over the phone
Receiving a call out of the blue from a caller who asks for information is a red flag. If you didn’t initiate a call directly with a bank or company using a verified telephone number, do not give out personal information, and hang up.
Avoid replying with “Yes” or “No”
Watch out for people who try to bait you to say “yes” by asking whether you can hear them on the phone. They may make a voice recording of your answer which could be used out of context to agree to future calls or transactions.
Don’t fall for fear tactics
Scammers may resort to threats hoping you’ll make quick decisions without taking the time to second guess their true identity. Don’t be afraid to hang up and ask a family member or trusted friend for their opinion if you’re not sure whether or not the call is legitimate.
Block unknown numbers
Certain smartphones let you block or silence certain calls within the device. iPhones running iOS 13 and later have a “silence unknown callers” feature. You can also block unknown callers on a Samsung.
If your phone doesn’t have a call-blocking feature, you could try downloading a call-blocking app. For a home phone, you could purchase a blocker device or reach out to your service provider to see what blocking features are available.
Prevent remote access to your computer
Scammers may call and pretend to be a computer technician who needs to run a diagnostic test on your computer. Never give an unsolicited caller remote access to any of your devices, even if they claim to be from a large telecommunications company like Microsoft.
Recommended Articles
- Data Migration: Meaning, Strategies & Best Practices
- What is Tailgating in Cybersecurity & How to Prevent It
- CIA Triad in Cybersecurity: What Is It & Why Is It Important?
- Free Cybersecurity Training & Certifications
- Air Gapped Computer: What Is It & How Do You Secure One?
- Delta Wi-Fi: How It Works & All to Know