(405) 919-9901

by Dave Moore, CISSP
05/21/2023

Have you ever received a phone call from a telemarketer who became rude and abusive when you refused to listen to their sales pitch? Who hasn’t? Have you ever tried to report them to their superiors by calling the number that appeared on your Caller ID, only to discover that the number was not in service, or actually belonged to some little old lady in Phoenix? That’s what is happening to folks across the country as more and more unscrupulous characters discover the benefits of Caller ID spoofing.

Caller ID (CID) spoofing, in it’s simplest form, allows you (the spoofer) to cause a fake phone number to be displayed by the CID service of whomever you are trying to trick (the spoofee). Instead of your real phone number being revealed to the call recipient, CID spoofing allows you to display any number that you like, such as that of the White House, or the local pizza parlor.

CID spoofing has been possible since the invention of Caller ID, and has been used for many years by law enforcement agencies, private investigators and collection agencies. These groups discovered early on that many people were reluctant to answer the phone if they knew that a police department or collection agency was on the other end. Using CID spoofing, however, they learned that they were often able to trick their targets into answering their calls.

As telephone and Internet technology evolved, CID spoofing became a much less expensive proposition. In 2004, companies such as CovertCall and Camophone began making spoofing services easily available to the general public, enabling anyone with a pocket full of change to engage in the perfectly legal activity of concealing their telephone identity.

While there are scores of companies offering CID spoofing, SpoofCard is the clear front-runner. Many services also offer the ability to record your calls and to disguise your voice, making a man sound like a woman and vice versa. You’ve heard voice-altering effects like these in movies; now, for $10 or less, they can be yours. Whether you use these abilities for good or bad is your decision.

Some good causes for which CID spoofing can be used include checking up on anyone that might be trying to avoid the intrusion of your calls, such as your children, or even a wayward spouse. I recently read an amusing interview with a fellow who used CID spoofing to collect thousands of dollars owed him by a previous employer. The company wouldn’t answer the phone when they saw his number being displayed, but would answer every time when he spoofed himself as being the human resources director or company president. He collected his money.

Like all technologies, the bad guys have also discovered CID spoofing. They’ve found that people are more likely to reveal private information when they think that their bank or credit card company, or the Social Security Administration is calling them. Some credit card companies, along with Western Union, have been stung by CID spoofing scams and tricked into issuing credit cards or wiring money to crooks. Other scams include hacking into cell phone voicemail boxes, as many are set to play back messages when they receive a call from the owner’s phone number. Another scam is called “swatting.” “Swatters” use CID spoofing to call in fake kidnappings and hostage crises to 911, causing police SWAT teams to descend on the home of a swatters’ unsuspecting victim.

While CID spoofing can be legal, the Truth in Caller ID Act prohibits caller ID spoofing for the purposes of defrauding or otherwise causing harm. You may like the idea of being able to conceal your identity any time you please, but keep in mind it is illegal to do so “with the intent to defraud, cause harm, or wrongfully obtain anything of value” (from the FCC website).

Check out fcc.gov/spoofing and then imagine the possibilities. You may not want to trust CID information any more than you’d trust the return address on a piece of mail.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org