You may be receiving an increase in spam calls if your phone number is on the dark web or people search sites, if you’ve answered spam
Caller ID spoofing, also known as phone spoofing, is when someone, usually a scammer or cybercriminal, disguises their caller ID information to hide who they really are. Caller ID spoofing can also spoof the cybercriminal’s location to make it appear as if the call is coming from a specific location. With caller ID spoofing, the caller will pretend to be someone they’re not to convince the individual to provide them with their personal information. When the individual gives the scammer or cybercriminal their personal information, they use it to steal money or even steal their identity.
Read on to learn how caller ID spoofing works, how to recognize it and how to protect yourself from spoofed calls.
How does caller ID spoofing work?
Caller ID spoofing can work in three different ways: the caller using a spoofing service, VoIP spoofing or orange boxing.
Spoofing services
A spoofing service is something the caller pays for to make their number appear different than what it actually is. Usually, spoofing services work like prepaid calling cards. This is how spoofing services typically work:
- The caller pays upfront for their spoofing service.
- The caller is given a PIN number to use when they make phone calls.
- The caller dials the number provided by the service provider.
- The caller enters the PIN they were given.
- The caller enters the outgoing call number.
- The caller enters the number or name they want the caller ID to appear as.
VoIP spoofing
Voice over Internet Protocol (VoIP) is a service that is also used to spoof calls. There are various VoIP providers that scammers and cybercriminals use to spoof their calls. When VoIP spoofing is used, callers are able to modify the name and number that appears on the receiver’s end.
Orange boxing
Orange boxing is another method used by scammers and cybercriminals to spoof calls. With this method, the caller uses software or hardware called an orange box that is able to intercept the caller ID signal and replace it with a different number. When the recipient sees the incoming call, they’ll see a different caller ID than what the actual caller ID should be.
Examples of phone spoofing scams
Here are two examples of phone spoofing scams.
Tech support scams
According to the FBI’s Internet Crime Report 2022, there were 32,538 reported victims of tech support scams in 2022, with total losses of $806,551,993. While not all of these tech support scams happened through phone calls, a good amount did.
When scammers initiate tech support scams, they will often use phone spoofing so the contact name appears as a well-known technology company. Because the company name looks legitimate on the caller ID, many individuals tend to fall for this scam, resulting in financial losses or giving away personal information that the scammer can use to commit identity theft.
IRS scams
The Internal Revenue Service (IRS) has issued many warnings about IRS scams and cybercriminals using spoofing to make it seem as though phone calls and text messages are coming from the agency. Many times with IRS scams, the cybercriminal will threaten the victim, claiming if they do not call back or pay the taxes they owe, a warrant will be issued for their arrest. These threatening messages tend to scare victims which makes them do as they’re told, and can result in them suffering significant financial losses.
The IRS has warned that they will never demand immediate payment, threaten the taxpayer with arrest, or ask for credit or debit card numbers over the phone. Generally, what the IRS will do is send mail to the taxpayer who owes and the only form of payment is a check that is payable to the U.S. Treasury, no one else.
How to recognize phone spoofing
Here are a few signs to look out for in a spoofed call.
Displays a sense of urgency
When scammers use phone spoofing, their main goal is to convince the victim into providing them with sensitive information they can use for their own malicious purposes. Because of this, they’ll often use tech support or tax scams to try to manipulate the victim into believing a story they’re making up; this is also known as a pretexting technique.
When making these spoofed calls, scammers will display a sense of urgency so the victim acts quickly without second-guessing themselves. Displaying a sense of urgency is a common tactic used by scammers, and it’s even a tactic used with phishing scams.
Requests for personal information
If you receive a sudden phone call from someone claiming to be from the IRS, a company you have services with, or someone you know and they start to ask you personal questions, be skeptical about answering them. The IRS and most companies will never ask you to confirm personal information over the phone. If you were not the one who initiated contact, it’s best to avoid requests for personal information through phone calls, emails and text messages.
Display name doesn’t match your stored contact information
When scammers spoof phone calls, they try their best to make the spoofed call seem to be coming from a company you have services with or someone you know like a friend or family member. However, what scammers aren’t able to do is see how you have your contact information saved for certain individuals. This can make recognizing spoofed calls a lot easier because if you receive a phone call claiming to be your friend, and their contact information doesn’t match how you have their contact saved, then that means it’s a spoofed call.
Pre-recorded messages
Many scams and spoofed calls will use robocall technology to make their calls, so their real voice doesn’t give away who they really are. If you receive a phone call coming from a known number or contact, and the voice is a pre-recorded message, it’s very likely that the call is spoofed.
How to protect yourself from caller ID spoofing
Here’s how you can protect yourself from falling victim to caller ID spoofing.
Don’t answer phone calls from unknown numbers
A cybersecurity best practice is to never answer phone calls from numbers you don’t recognize. If you’re expecting a phone call, it’s best to already have the contact information saved so you know who it is when they call you.
While caller ID spoofing can make legitimate calls difficult to recognize, one thing you can do to keep safe is pay close attention to the contact name displayed when you receive a phone call, as well as the person speaking on the other end.
Redial the number to ensure you’re speaking to a legitimate caller
If you’re unsure whether or not the call you’ve answered is a spoofed call or not, you can hang up and redial the legitimate number that the person claimed to be calling from. For example, if you get a phone call claiming to be your bank, hang up and call the phone number on the legitimate bank website.
Silence and block unknown callers
Another way you can protect yourself from caller ID spoofing is by silencing and blocking calls from unknown numbers. Every time you receive a spoofed phone call, block the number so they won’t be able to call you again.
You can also register for a call-blocking service. Call-blocking services will block any spam numbers they have in their database before you receive phone calls from them. You can check with your phone provider if they offer a call-blocking service or you can purchase a third-party service like Truecaller or Roboshield. We recommend researching before purchasing a call-blocking service as some services update their databases faster than others.
Can someone spoof my phone number?
Yes, it is possible for cybercriminals or other individuals to spoof your phone number. When some cybercriminals spoof numbers, they spoof them randomly so there’s always a chance that they may choose your phone number to spoof.
There are usually signs that point to your phone number being spoofed such as:
- Receiving text messages and phone calls from unknown numbers asking who you are or telling you to stop calling and messaging them.
- Incoming calls appear as your own phone number.
What to do if your phone number has been spoofed
If you discover your phone number is being spoofed, here are a few steps you can take.
- Temporarily silence unknown numbers: Because you may be receiving phone calls and text messages from unknown numbers, you can silence them by going to your phone’s settings. On iPhones, you can do this by going to Settings > Phone > Silence Unknown Callers. On Androids you can do this by opening the Phone app > Settings > Blocked numbers > toggle the Unknown option.
- Record a new voicemail message: Since you’ll be silencing unknown callers, they’ll be taken to voicemail. Record a voicemail that lets them know your situation and that you’re not the reason why they’re receiving phone calls or messages from your phone number. Be sure to also password-protect your voicemail with a PIN, as cybercriminals can hack it if it’s not properly secured.
- File a report with the FCC: After taking the steps above, you should also file a report with the FCC. The FCC investigates consumer complaints of call spoofing as it is illegal to spoof calls in the US with malicious intent.
Stay safe from caller ID spoofing scams
Anyone with a mobile device can be targeted with a caller ID spoofing scam which is why it’s important to learn what they are, how to recognize them and how to protect yourself from falling victim to them.