Why Do Callers Spoof Phone Numbers
Spoofing is the term used for intentionally disguised communication from an unknown source to make it appear to be coming from a trusted source. Phone spoofing involves a caller deliberately falsifying the information provided to the target’s caller ID to hide their real identity. It describes the intention transmission of misleading or inaccurate caller identification information. This is also known as caller ID spoofing.
There are various reasons to use spoofing when calling other people. Most instances of caller ID spoof are for illegal activities. Spoofing is a common tool used in phone scams. Scammers use it to gain the trust of their targets in order to steal money and valuable information from them. Avoiding phone spoofing requires vigilance and looking out for odd behaviors and out-of-place questions from unknown callers.
Caller ID is a system of identification that allows a call recipient to know the identity of whoever is calling them before they pick the call. Using the information presented by the caller ID on your phone, you can decide whether to pick a call or not. Most people refrain from picking calls from unknown numbers or, if they do, they are wary of strangers.
They are different ways to spoof a caller ID. The caller may set up their phone to send out caller information they provide. Phone service providers may provide this feature to legitimate users, who are usually reputable organizations and law enforcement agencies. Scammers usually spoof caller ID information by using illicit software to change the identities sent to recipients. It is also possible to spoof caller ID by obtaining a virtual phone number and providing incorrect identification information while registering it.
Is Phone Spoofing Illegal?
Not always. By itself, caller ID spoofing can be benign. How it is used will determine whether it is legal or not. While caller ID spoofing is commonly used by scammers, it can also be a legitimate tool used by professionals, businesses, and law enforcement agencies. For example, when used as intended, phone spoofing can help physicians reach their patients even after office hours without revealing their home phone numbers.
However, most uses of caller ID spoofing are intended to cause harm and used to defraud unsuspecting citizens. When a phone scammer deploys spoofing, they do so to make their phone calls appear to be coming from people and organizations trusted by their targets.
Between lawful use of caller ID spoofing and scammers deploying the tool to steal money and information is the gray area occupied by telemarketers. Telemarketers use phone spoofing to increase the chances of phone users picking their calls. Mostly, their intent is not to defraud but to promote their goods and services. However, caller ID spoofing usage by telemarketers is still deceptive as it tricks their targets into picking calls they otherwise would have not.
What Is Neighbor Spoofing
Neighbor spoofing is a type of caller ID spoofing commonly used by phone scammers to make their caller information look similar to that of their targets. Unsuspecting phone users are more likely to answer calls from numbers that appear similar to theirs. Most people would think these calls are common from the neighbors or people they should know.
Scammers using neighbor spoofing often change their caller IDs, so their phone numbers have the same area codes or prefix codes as those of their targets. An area code usually covers a county or city. Phone users in the same community usually have the same area codes. For even narrower targeting, scammers may use numbers with the same prefix codes as their targets. A prefix code may cover a specific section of a city and may be close enough to be assigned to a specific neighborhood.
Like regular phone spoofing, the aim of neighbor spoofing is to increase the likelihood of the target picking their calls and to get them to let their guard down. Believing they are speaking with the neighbors or local businesses they trust, unsuspecting targets of neighbor spoofing are more likely to divulge confidential information such as credit card details. They are also very likely to send money for promised goods and services.
Does the US Have Anti-Spoofing Laws?
The US does have a federal anti-spoofing law. This is called the Truth in Caller ID Act of 2009. This law makes it illegal for anyone to knowingly transmit misleading or inaccurate caller ID information with the intent to defraud, cause harm, or obtain anything of value. This law covers phone spoofing deployed using any telephone services, including VoIP phone services. This law provides exceptions for law enforcement agencies employing caller ID manipulation in authorized operations and anyone with a valid court order authorizing them to use caller ID spoofing.
On August 1, 2019, the Federal Communications Commission (FCC) expanded the reach of this law to include caller ID spoofing from text messaging services and calls originating from outside the country. As long as the recipient of a spoofed call is a resident of the US, the FCC can prosecute the offender and fine them for illegally using phone spoofing.
In addition to this federal law, most states also have anti-spoofing laws in place. Examples of US states with anti-spoofing laws are New York, Wisconsin, and Louisiana. However, telemarketers are fighting back against state anti-spoofing laws. SpoofCard LLC, a New Jersey company that sells caller ID spoofing, successfully sued to overturn North Dakota’s anti-spoofing law. In 2020, a federal judge agreed with the company that the state’s anti-spoofing law conflicts with the federal Truth in Caller ID Act that allows the use of phone spoofing as long it is not used to defraud and cause harm.
The FCC has had better success enforcing the federal anti-spoofing law. In accordance with the Truth in Caller Act, each violation is penalized with a fine of up to $10,000. The FCC fined a Florida-based telemarketer employing neighbor spoofing $120 million, its largest fine up to 2018. It fined an Arizona telemarketer $37.5 million for violating the federal anti-spoofing law while a North Carolina health insurance telemarketer got fined $82 million for using caller ID spoofing illegally for its robocalls. In 2020, the FCC proposed a massive $225 million fine against a Texas-based health insurance telemarketer that placed about 1 billion spoofed robocalls in the span of 5 months.
Caller ID Spoofing and VoIP
Before VoIP became popular, spoofing caller ID required expensive equipment and deep knowledge of how telephone equipment and networks work. VoIP has made it easier to falsify caller information. Spoofers do not even need to be in the US to obtain or make their numbers appear to call recipients as US phone numbers.
Not all VoIP service providers allow users to change their caller information. Those that do usually let new subscribers choose how their names and phone numbers will appear on the numbers they call. While this feature comes in handy for organizations hoping to create custom or easily identifiable caller names and numbers, scammers and telemarketers take advantage of this feature to spoof caller IDs for nefarious reasons.
A smaller number of VoIP phone service providers allow users to change phone numbers on the fly. These operators offer such caller ID spoofing services for additional fees. Those taking advantage of this feature choose the numbers they want to appear on recipients’ caller IDs.
While it is difficult to tell a spoofed VoIP number from a real one, it is possible to identify a VoIP number commonly used in phone spoofing. Some reverse phone lookup services can check user-submitted phone numbers against blacklists of established spoofed numbers commonly used by VoIP service providers that sell phone spoofing services.
How Do You Know If Your Number is Being Spoofed?
You may not know immediately if someone is using your phone number to spoof caller IDs. However, sooner than later, you will start receiving lots of calls and text messages from people you do not know. If you receive calls from strangers claiming that your number showed up on their caller ID, it is very likely that your phone number has been spoofed. It is important that you do not let this continue, as you may be accused of scams perpetrated by those spoofing your number.
If you suspect that your phone number has been spoofed, try to explain this to strange callers. However, such calls may become overwhelming, and you should not pick calls from unknown numbers anyway. Therefore, it is best to leave a message on your voicemail explaining that your number has been spoofed.
It is highly unlikely that your number will remain spoofed for long. Scammers and other bad actors employing caller ID spoofing usually switch spoofed phone numbers quickly to prevent their targets from catching on. They also do this as spoofed numbers are often reported to consumer protection agencies, law enforcement agencies, and the FCC. A spoofed number with a high volume of calls is likely to attract quick attention and immediate crackdown.
How to Protect Yourself from Illegal Spoofed Calls
Illegal phone spoofing is usually used for perpetrating scams. The Federal Communications Commission reported 5.7 million reports of scam calls in the United States in 2021. A large number of victims reported receiving calls from numbers that looked familiar.
Unfortunately, it is hard to tell that an incoming call is from a spoofed number. Anyone can be a target of phone scams employing caller ID spoofing. Here are a few ways to protect yourself from phone spoofing scams:
- Avoid answering calls from unknown numbers. If you pick a call from a number that looks familiar but hear a stranger on the phone, hang up immediately
- If you inadvertently answer a robocall, end the call as soon as you realize what it is. Do not follow any instructions given during the call. A common trick used by robocallers is instructing call recipients to press a button to stop receiving further robocalls. Doing this does not take you off the call list but only serves to confirm that your phone number is active
- Do not respond to questions that can be answered with “yes” or “no”. Some scammers record such responses to hack into their victims’ confidential records requiring voice prompts or activations
- Do not be pressured to reveal confidential information in an unsolicited call from someone whose identity is not fully confirmed
- Hang up on unsolicited calls seemingly from businesses and government agencies and then call their official numbers to confirm their inquiries. These entities do not cold call people to demand money and usually do not initiate contact via calls without first sending written correspondence by mail
- Protect your voicemail by setting a password for it. Scammers spoofing your number can access its voicemail if left unprotected
- Ask your phone service provider about call-blocking tools. Some smartphones also come with built-in features for blocking calls from certain numbers or those not in your contact lists. There are also third-party call-blocking apps available for mobile phones
- Use a phone number lookup service to research suspected spoofed numbers and identify unknown callers
What Is the FCC Doing to Combat Illegal Caller ID Spoofing?
Besides fining offenders, the FCC is also taking other steps to discourage and block phone spoofing. Caller ID authentication is a solution pushed by this agency to combat illegal caller ID spoofing. This is also known as STIR/SHAKEN.
Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards are two related standards aimed at validating caller identities and stopping caller ID spoofing. STIR/SHAKEN validates a caller’s identity on both sides of a call. The originating carrier must digitally sign the caller’s identity as legitimate before dialing the number requested. Every other carrier involved in handing off the call until it reaches its final destination also verifies that the outgoing call is indeed coming from the phone user with the assigned caller ID.
The FCC proposes the adoption of the STIR/SHAKEN system on all phone networks in the US. In March 2020, it gave notice to VoIP service providers to implement caller authentication via STIR/SHAKEN by June 30, 2021.