Caller ID Spoofing Scams Prey on Trust to Steal Sensitive Information

Spoofing Scams Target Personal Information

Caller ID or phone spoofing is a phone scam whereby callers impersonate government officials, financial institutions, or legitimate company by using fraudulent displays of phone numbers (or “spoofs”) — to gain the victim’s trust and get them to disclose Personally Identifiable Information (PII) or sensitive financial information.

In January 2020, the FBI’s Field Office in Charlotte, NC, issued an alert that scammers were impersonating FBI officials and using intimidation tactics to demand money purportedly owed to the government. The FBI’s press release was terse: “These claims are false. The calls are not from the FBI. The FBI does not call private citizens to request money or threaten arrest.”

Worse, yet, the caller may appear to be legitimate because they “oftentimes know the full name, extensive background, birthdate, family members and/or personal cell phones of the intended victims,” the FBI’s press release warned.

How Spoofers Often Stay Two Steps Ahead of Their Victims

It’s easy to see how the mechanics of these calls can be deceiving. In a spoofing call, the perpetrators use simple application software installed on their cell phone or laptop that allows them to make outgoing calls appear to be coming from a legitimate source.

Verizon offers these common examples of spoofing:

  • Receiving calls from a friend or spouse’s phone number when your friend/spouse is with you and is not calling you.
  • Robocalls received from a phone number similar to your own.
  • Calls from your bank’s phone number asking for personal information (account numbers, account PINs, etc.)
  • Caller ID displays “911 Emergency” rather than the actual phone number of the calling party.

In 60 seconds or less, a scammer can enter the FBI’s, local Police Department, or bank branch’s phone number — even public charities such as the American Red Cross — and that number will appear on your phone’s Caller ID. Even victims who call the caller back will get a legitimate recorded message from that agency or institution.

Unfortunately, widely available digital communications technology has made phone spoofing cost-effective for scammers. For example, spoofers will use the power of automated, recorded robocalls to target a much wider audience of potential victims, and often run a number of different fraudulent schemes at the same time to diversify their criminal activity. They only need a relatively small number of victims to be successful.

Times of crisis such as COVID-19 tend to bring out the worst in scammers pretending to be from the IRS, Social Security Administration, offering fake Coronavirus testing, and scaring small businesses into buying bogus online listing services, as you can hear in these sample “scripts” published by the Federal Trade Commission:

U.S. spoofing crimes affected more than 25,000 victims in 2019 alone, racking up $300 million in losses, according to the FBI’s Internet Crime Complaint Center. Internet-related identity theft disproportionately impacts victims over age 60, who suffer more losses, as a group, than any other age cohort.

The most insidious practice of spoofing con artists is using YOUR personal phone number to try to infiltrate your circle of friends, relatives, and neighbors for the purposes of stealing their identities, money, and other nefarious scams. Sadly, there currently is no legal protection against this form of deception. Fortunately, the FCC has been working with telecommunications providers to create new ways to digitally validate Caller IDs (through the so-called STIR/SHAKEN authentication standards). This would greatly reduce the incidence of spoofing, and we think it would bring welcome relief to millions of Americans.

How to Protect Yourself from Caller ID Spoofing

The Federal Communications Commission (FCC) has issued detailed guidelines on how to protect your valuable PII from spoofing calls, spoofing emails, and phony landing pages. Here are the critical steps we recommend that you follow:

  • Don’t answer calls from unknown numbers. Simply let it go to voicemail. If you do answer an incoming call that looks to be legitimate or coming from a local source but turns out to be a robocall, hang up. Although you may think there’s no harm in answering an unknown caller, your act of answering tells the attacker that your phone number is real and could put you on a list for future scam attempts.
  • Verify any sensitive information request by calling back a known number. If you get an inquiry from someone who says they represent a government agency, company, or non-profit organization, hang up and call the phone number on your account statement or on the company’s or government agency’s website to verify its authenticity.
  • Be alert to any COVID-19 offers. According to the Identity Theft Resource Center, the risk of COVID-19-related data breaches likely will continue to increase in the near term, as more people work from home. Financial stress also may cause people to be more trusting of others, especially if looking for financial lifelines. Talk to your phone company about call-blocking tools they may offer and consider downloading apps to your devices to block unwanted calls.

 

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Steve Turner, Chief Information Security Officer
Steve is the Chief Information Security Officer (CISO) at Sontiq, the parent company of the EZShield and IdentityForce...
Read more about Steve Turner.

Leave a Comment.