Most phones today allow users to see the calling party’s phone number before they answer. This feature, called Caller ID or Calling Line Identity (CLI), is a way to let people know who is calling and decide whether they want to answer the call or not. However, callers and criminals can purposely change the Caller ID so that the incoming call appears to originate from a trusted entity.
This disingenuous practice is better known as spoofing. Unfortunately, there are more and more cases where callers and criminals purposefully change the caller ID in order to commit fraud.
Spoofing occurs when a caller knowingly falsifies the information transmitted onto your phone screen, known as caller ID, to hide their true identity. Scammers often use the so-called ‘neighbors’ spoofing technique, and the incoming call appears to come from a local phone number or a spoofed company or government agency number that you may already be familiar with. They do this to disguise their identity, and part of the problem is that the real company or person whose number is being used has nothing to do with the real caller, and is not aware of this violation.
Calls with falsified numbers can and do come from everywhere in the world and make up a large and growing proportion of scam calls. Unfortunately, it is very easy to spoof a Caller ID as the scammer can select any number and make it appear to be their caller ID. As a result, many phone number providers suffer because their numbers are used without permission, and they do not know their numbers are being used in the first place. All of this can have a negative impact on their business. Not only does this result in monetary loss, but it could also damage the reputation of the business, as people believe they are responsible for using automatic dialers to make calls.
In addition, more than half of caller ID fraud attacks transcend international borders, making the perpetrators almost impossible to find and prosecute.
The current solution, which the Federal Communications Commission has stipulated that U.S. telecommunications providers implement in their IP networks, is the STIR/SHAKEN caller ID authentication framework. STIR refers to the telephone identification standards followed by the communications industry, and SHAKEN refers to a token-based signature system.
In order to guarantee a secure phone number, STIR/SHAKEN uses digital certificates based on the common public key cryptography approach and includes a system of interconnected standards. This means that for calls traveling on interconnected phone networks, the caller ID would be checked as being legitimate by the origin carriers and validated by other carriers before reaching the consumers.
The STIR/SHAKEN framework can help protect the average user from spam and robotic calls using a counterfeit number. These standards make sure that incoming calls are verified before they are delivered, alerting people as to suspicious calls or blocking dubious calls. In order to guarantee the security of private organizations and the general public, the employment of the STIR/SHAKEN framework is necessary and mandatory for all voice service providers.
You may not be able to tell immediately if a call is coming in with a falsified number and therefore you should be very careful when answering a phone call. It is essential to learn to spot scams that use spoofing in order to avoid them altogether. Here are some preventative measures that can really help:
- If you answer the phone and the caller asks you to press a button to stop receiving calls, you should simply hang up.
- Be suspicious of calls with general greetings, such as those that address you as a “Dear Customer” rather than your real name.
- Do not answer any questions, especially those that can be answered “Yes” or “No”.
- If you receive an inquiry from someone saying they are from a company or government agency, hang up and call the phone number on your account statement, phone book, or company or government agency website, to verify that the request is authentic.
- In the US, you can report fraudulent calls to the Federal Communications Commision (FCC). The FCC will fine anyone who illegally falsifies numbers up to $10,000 per infringement. If you live outside of the US and want to report Caller ID fraud, a quick Google search should come up with the organization responsible for investigating this type of call.
- To really reduce the number of these calls, you should check if your phone service operator has a service or application that identifies and filters spam calls.
- There are third-party apps you can download on your mobile phone to help you block spam calls. We have a list of Top 10 best apps here.
In the end, caller ID spoofing, more often than not, is done in an effort to commit fraud or harm the call recipient in other ways. To combat CLI fraud, each phone service provider will adopt the STIR/SHAKEN system and receive its own digital certificate, which will allow the calling and the called party to verify that the number is correct, according to a reliable source.
While the FCC wishes to speed up the STIR/SHAKEN deployment schedule across the industry, the truth is that it will take time to achieve full implementation. So for now, everyone should arm themselves with patience and stay vigilant.