How call spoofing works and how to identify it: Internet Scambusters #930
We've written many times about call spoofing of phone numbers -- but is there a way to stop these fake number calls?
The Federal Communications Commission (FCC) is trying its best; plans to introduce new rules and technology are on the way but not until at least next June.
In the meantime, there are a few red flags you can look out for -- not just for yourself but also possibly for others, as we explain in this week's issue.
Let's get started...
Call Spoofing: It's Down to You to Spot and Stop
Caller ID has been around for about 30 years but, sadly, call spoofing -- creating and using fake numbers -- has been with us for almost as long. It has led hundreds of thousands, if not millions, of people to fall into the clutches of scammers.
And while you can stop many incoming and illegal recorded calls ("robocalls") that come from numbers that are held on a database, you can't necessarily do the same with call spoofing because they fake legitimate numbers.
The perpetrators may know which numbers are barred by call blockers, so they use numbers they know aren't blocked.
Sometimes, the purpose of the call is actually to scam you. But other times -- when you pick up and no one is there -- scammers are just compiling records of people who answer their phone so they can pass the details on as leads to other marketing companies.
But how can you tell if a call is genuine or spoofed, and what can you do to protect yourself?
The US Federal Communications Commission (FCC) defines spoofing as "when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity."
Scammers use special software and digital connection equipment that enables them to trick telephone networks into sending out the wrong ID information.
If they combine that software with stolen contact information, they can imitate any number they want to -- from someone in your locale, businesses, friends, relatives, or even your own. As we reported a couple of years back (see Call Spoofing: Why You Should Never Trust Caller ID), as much as a half of all calls we receive on both landlines and cell phones display spoofed numbers.
Of course, there are laws in place to control call spoofing. But, by definition, scammers ignore the law. There are also online firms that seem to be operating inside the law, offering spoofing and voice disguising services.
Similarly, telephone service providers try to block or flag up possible spoofed numbers, but present-day experience suggests they're only modestly successful.
Most recently, the FCC has introduced a new set of rules called STIR/SHAKEN -- such an awful acronym, you don't even want to know what it stands for. (Hint: It's not a James Bond cocktail.) It calls for telephone service providers to check and verify caller ID.
It's due to be fully implemented by June of next year. But don't hold your breath. Some of the rules are just "guidelines," and by the time June rolls around, who knows what the scammers may have done to get around them. Some providers have also been allowed an extra year to get their act together.
That leaves the real responsibility for spotting and avoiding a spooked call with you. Here are some self-defense tips you can use:
* If the number highlighted by caller ID is your own, it's spoofed. Scammers use your own number to try to appeal to your curiosity.
* Don't answer if you don't recognize the number or name, or if you don't know anyone at the apparent location.
* If you pick up or even if you let the call go through to your voicemail and the result is a recording ("robocall"), it's a scam -- unless it's a political party, a charity, or a business with which you already have a relationship, who are all allowed to use recorded messages.
* Also, if you pick up and there are several seconds of silence, whether the number is spoofed or not, it's likely a scam call or at least an unsolicited sales call.
* If the number seems to come from a business name you recognize, let it go through to your answering service. Don't return any calls to numbers left in the message unless you know them to be correct.
Visit the organization's website. These days, many firms post a warning when they know their number is being spoofed.
* Use a reverse lookup to check the number. A reverse lookup works when you key in the phone number into a search engine like Google. It will show you if the number is legitimate and who it belongs to. It may even alert you that the number is known to be spoofed.
There are also more sophisticated reverse lookup services such as Spokeo or White Pages. Be warned, however, that some of these services might request your email address or other details.
On the same topic, be aware that if someone phones you and says they're returning your call, but you didn't call them, then you know your number is being spoofed, although right now there's not a lot you can do about it beyond telling them to spread the word about spoofing.
Since spoofing software is able to send out hundreds of calls in a single action, you could get many such call-backs. However, scammers tend not to stick with using the same number over and over again. So, one burst is likely all you'll get.
* If you're getting a lot of spoofed calls, consider using a blocker that stops all calls that are not via traditional landlines. These calls, like spoofers, use computers, modems and a technology known as Voice Over Internet Protocol (VOIP).
However, this is a drastic move as it can also block legitimate calls, though you can usually define exceptions -- numbers you will accept -- with the device.
* Don't publicize your phone number linked to your name. That's all a spoofer needs to pretend to be you when calling someone else in your locale.
If you are a victim, you should report it to the FCC who, incidentally, have themselves been the victim of spoofers using their number. There are some products that claim to be able to track down and identify call spoofers, but why would you want to do that? Best leave it to the professionals.
The most important security step you can take is never to give out any personal, confidential information over the phone for an incoming call unless you know it to be genuine.
That way, even if you fall for a call spoofing scam, you won't fall for whatever comes next!
Alert of the Week
Almost one in three drivers who recently bought gas using a credit card at the pump believe they might have been skimming victims -- where crooks attach a device in front of the card reader to steal information.
This is a huge increase on previous findings and the reason is that many card readers are still using the relatively insecure old magnetic stripe. These were supposed to have been phased out this month but, because of health and political upheavals, the date has been pushed back to next year.
If you pay at the pump, try to use a card with a security chip, pay with cash -- or at least scrutinize the reader for signs of tampering.
Time to conclude for today -- have a great week!