How to Protect Yourself From Caller ID Spoofing

Is the president really calling you? Probably not

Man on the phone at his office
Kathrin Ziegler/The Image Bank/Getty Images

People rely on the caller ID information they see on their phones when they decide whether to answer a call. It tells them who is calling, so they can decide whether to take the call then or call back later.

If the caller ID on your phone reads “Microsoft Support 1-800-555-1212” or something similar, you assume the person on the other end of the line is from Microsoft. Caller ID lends legitimacy to the caller. Many people don’t realize that scammers use Voice Over IP technology and other tricks to fake or spoof caller ID information in the hope of acquiring credit card numbers or other personal information.

Scammers use caller ID spoofing to make their scams believable.

How Scammers Spoof Caller ID Information

Scammers spoof caller ID information in several ways. One of the most popular ways is through the use of internet-based caller ID spoofing service providers. These spoofing services can be purchased cheaply.

A Typical Spoofing Scenario

The typical Caller ID spoof works like this:

The person (scammer) who wants to conceal their number logs in at a third-party spoofing service provider website and submits payment information.

Once logged in to the site, the scammer provides their real phone number. They then enter the phone number of the person (victim) they are calling and provide the fake information that they want the caller ID to display.

The spoofing service calls the scammer back at the provided phone number, calls the intended victim's number, and bridges the calls together along with the spoofed caller ID information. The victim sees the fake Caller ID information as they pick up the phone and are connected to the scammer.

The Effectiveness of Spoofing Caller IDs

Caller ID spoofing can be an incredibly effective tool for scammers. The Ammyy scam, where victims received phone calls from scammers claiming to be from Microsoft support, was a huge scam that bilked people out of millions of dollars worldwide.

The Ammyy scam wouldn’t have been nearly as effective if it weren't for Caller ID spoofing. When Ammyy scam victims answered the phone, most of them looked at the Caller ID to see that Microsoft was calling them, and many of them believed it.

Pretexting as a Scamming Technique

The scamming technique used in the Ammyy scam is known as pretexting. Pretexting occurs when someone creates an artificial scenario so they can mask their true intentions under the guise of something that is not threatening. The pretext usually involves developing credibility so that the scam is acceptable and believable.

A real-world example of establishing false credibility for pretexting occurs when someone uses a police uniform to pass themselves off as a police officer to gain access to a section of a building that is normally off limits.

Caller ID in scams is used in the same manner as a phony police uniform is in the real world. When people determine a caller’s identity, all they have to go by is who the person says they are and who the caller ID says they are. If this information matches, most reasonable people believe the pretext and some of them end up as victims of a scam.

Is Spoofing Caller ID Information Legal?

In the U.S. and many other countries, it is illegal to falsify Caller ID information. The United States Truth in Caller ID Act makes it illegal to spoof caller ID information for unlawful purposes.

If you live in the U.S. and believe that someone who called you has spoofed their caller ID information to scam or mislead you, report it to the Federal Communications Commission (FCC).

How to Protect Yourself Against Caller ID Spoofing

Don’t place all your trust in the caller ID information presented to you.

Now that you know this information is easily spoofed by the use of third-party caller ID spoofing services and other tools, you won't be as trusting in the technology as you have been. This should help you in the quest to scam-proof your brain.

Never give credit card information to someone who calls you.

Don’t conduct any business over the phone when you didn't initiate the call. Get a call back number and call back if you are interested in a product or service. Use Google to reverse lookup the phone number before you call back and see if it is associated with a known scam.