As the spam war rages on, we need to turn our attention to the specific tactics that spammers and scammers use to target their victims. Then, we can craft the best strategies to protect ourselves and our families from spammers, scammers, and other criminals who are out to steal our information.
Spoof calling — also known as phone number spoofing, caller ID spoofing, or simply spoofing — is a method of disguising a phone number to make it appear as a different number on caller ID. It can be done for calls and text messages, and it’s impossible to tell if a number is being spoofed based on caller ID alone. Spoofing is a common practice among scammers, and it helped them steal over $65 billion from the American people via robocall scams in 2022.
Read ahead and find out what you need to know about spoof calling, from what it is to how to protect yourself.
Caller ID spoofing is when a caller intentionally falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number that you may already trust.
The idea is that people will be more likely to answer the phone if they think the call is coming from their neighborhood or a well-known company. Since it’s impossible to distinguish a legitimate caller from a spoofed call using that same number or name, it can be tough to recognize a spoof call in action. If you ever pick up the phone and get a bad feeling about the call, hang up immediately. You can always look up the number, call back later, or find a publicly listed number for the company that allegedly called you to check if it was a scam.
The point of spoof calling is to gain the target’s trust — or at least enough of it to get them to answer the phone. If the number on your caller ID looks legitimate, you’re more likely to pick up. Simply answering the call lets the scammer know that your number is active, and sometimes that’s all they need.
Here’s how spoof calling works:
Spoof calling is unfortunately often successful, which is why it’s important to understand the way it works and how to protect yourself. To that end, it helps to put yourself in the mind of a scammer and learn why spoof calling is so integral to their trade.
Spam callers use a multitude of tactics to pull off their scams, and spoof calling has proven to be one of the most effective. However, spoof calling has practical, legal applications as well. Let’s discuss some of the different reasons people might use spoof calling.
We usually hear about call spoofing in a negative sense, and rightfully so. Scammers use spoof calling to steal billions of dollars from Americans every year. They primarily use spoofing to falsify their targets’ caller IDs, tricking them into thinking the scammer is someone trustworthy. It even prevents scammers from switching to a new phone number, as they can simply disguise the one they have.
Spoofing is cheap and easy to do, and it can come with a significant return on investment — even if just a few targets fall into their trap, the call spoofer can make a hefty profit. It’s also difficult to trace, which reduces the legal risk factor. Combined with auto-dialing software that can make millions of robocalls per day, spoof calling is an enticing strategy for any scammer.
The phrase “spoof calling” might carry a negative connotation, but it’s not always done for nefarious purposes. In fact, there are legitimate reasons for and legal ways to go about spoof calling, and it can be practical for businesses and individuals alike. For example, a mechanic might make a call from their personal cell phone but have their business number come up on the recipient’s caller ID. This is simply a way for a person to conduct their business without revealing their personal phone number, which is legal, legitimate, and safe.
If you’re a prankster — which is much different from a fraudster — you might use spoof calling to pull a fast one on your friends or family. As long as it’s a victimless prank and there are no scams, schemes, or any other below-board activity, spoof calling can be applied to elevate your prank calls.
Spoof calling is complex on its own, which is why it’s so tough to trace. It can become even more dangerous when combined with other techniques and technologies.
The essential part of spoof calling is the display of the target’s caller ID. The goal is to falsify the reading so the target thinks they’re getting a call from someone trustworthy — like a neighbor or their credit card company. Unfortunately, all that awaits on the other end is a scammer waiting to pitch them a scheme and steal their personal information.
Some scammers disguise their voices in addition to their phone numbers. With the advanced technology available these days, they might even mimic the voice of a close friend or family member. If you get a call that sounds like a familiar voice, but it doesn’t seem like it’s the person it belongs to, hang up the phone immediately.
If you’ve ever called your doctor’s office and used your keypad to respond to an automated voice, you’ve experienced an interactive voice response system (IVR). Unfortunately, scammers have access to the same technology and can use these systems to direct their targets right into their traps.
Spoof calling isn’t illegal in and of itself. Scamming people out of their money, information, or identity, on the other hand, is illegal 100% of the time. Since spoofing has become such an essential part of the scammer’s playbook, it shares the blame for the economical and emotional damages the spam war has levied on the people of the United States. Scammers placed more than 78 billion spam calls in 2022, causing over $65 billion in losses.
To make matters worse, it’s nearly impossible to keep yourself off of scammers’ radar. It helps to refrain from sharing your phone number on social media or giving away your sensitive information online, but your number will still be just as susceptible to auto-dialing technology — which calls numbers at random — as anyone else’s.
Spoofing is all fun and games until someone gets their identity stolen. It may be a great way to play a harmless prank, but it can do serious damage when it’s done illegally. Since that’s the way it’s often done, let’s take a look at the legal implications of spoof calling.
Spoofing calls isn’t inherently illegal, but it’s generally used for illegal purposes. Spoofing is illegal when the caller manipulates the target’s caller ID with the intent of scamming them. Whether they aim for personal information like email addresses and passwords or outright ask for money, these types of spoof calls are always illegal.
The government has been fighting the spam battle from the beginning, passing numerous pieces of legislation and creating agencies like the Federal Communications Commission (FCC) and Federal Trade Commission (FTC). In addition to working with voice service providers to reduce spam calls, these government organizations take complaints and reports from consumers in order to build up databases and protect the public from illegal and unwanted calls. In fact, the FCC issued its largest fine ever ($225 million) to health insurance telemarketers in Texas for placing approximately one billion illegally spoofed robocalls.
Implemented in 2009, the Truth in Caller ID Act sets the parameters for legal and illegal spoof calling. This Act defines an illegal spoof call as one that causes “any caller identification (ID) service to transmit misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value.” There are exemptions for processes related to law enforcement — but none that excuse spoof callers from defrauding their victims.
As spoofing has become one of the most effective tools in the scammer toolbox, it’s also become the focus of recent government efforts to control spam calls. These efforts include the creation of STIR/SHAKEN — Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) — which emphasizes caller authentication to validate and verify calls as they move throughout and between voice networks.
The STIR/SHAKEN framework requires phone carriers to authenticate or “tag” phone numbers with a certificate, verifying that the phone number and caller ID information match. Then the call can be repeatedly verified as it moves from caller to recipient. This method helps carriers detect and deal with spoof calls, but the framework itself can’t actually block them.
STIR/SHAKEN also requires service providers to adopt a robocall mitigation plan. The FTC maintains the Robocall Mitigation Database, which details what each company is doing to comply with STIR/SHAKEN.
Caller ID spoofing is one of the major obstacles that have made it difficult for government agencies and phone carriers to solve the spam problem. Fortunately, there are steps you can take to fight caller ID spoofing, reduce the impact of robocalls, and take back your privacy. Here’s an overview of those steps.
Neighbor spoofing is a specific type of caller ID spoofing that replicates the target’s area code and, in some cases, the first three digits of their phone number. If you get a call from an unknown number that looks similar to yours, treat this as a red flag. By answering one of these spoof calls, you let the scammer on the other end know they’ve found an active number.
Even if you get a call that appears to be from a reputable business, don’t answer it unless you’ve been expecting that business to call you. Wait to see if the caller leaves a voicemail, and call the company back at a listed number to find out if they indeed meant to contact you. If they didn’t, you should let them know that someone was spoofing their phone number.
You can’t report a spoofed call until you’ve already been bothered by it, but your report might help others. Caller ID spoofing can be difficult to trace, but those with their numbers spoofed deserve a heads-up. By reporting spoof calls to the FTC, you make them aware of an illegal caller and potentially alert innocent people or businesses that their numbers (or identities) have been used without their knowledge. Report scam calls of any kind to the FTC at ReportFraud.ftc.gov.
Phone carriers work with the FTC, FCC, and other government agencies to crack down on illegal and unwanted calls. Unfortunately, there’s not much they can do apart from abide by the STIR/SHAKEN framework and implement a robocall mitigation plan. Much like reporting spam calls to the FTC, however, you can report scams and spoof calls to your carrier to help protect yourself and other customers.
The National Do Not Call Registry was created to protect people from unwanted telemarketing calls, not illegal spam and robocalls. Although adding your number to the list (which you can do at donotcall.gov) can’t protect you from spoof calling on its own, it can help you recognize when you’re being targeted. Since legitimate companies face steep fines and other repercussions for violating the Do Not Call Registry, you can assume that if you get a call that appears to be from a legitimate company, it’s probably being spoofed — the real company wouldn’t risk violating the list.
While these methods can help reduce your vulnerability to spoof calling, the only way to fully protect yourself is by downloading a third-party spam-blocking app. These services are specifically designed to detect and block spam and scam calls, even if they’ve been spoofed. Many offer features like customizable block/allow lists, real-time call screening, and SMS protection.
Most spam-call blockers check incoming calls against a global blocklist of known spammers. Some — like Robokiller — also use audio fingerprinting to crack down on spoof calling in particular. There are many third-party spam blockers on the market, so make sure you choose the option that offers all the features you need and is supported by your phone and carrier.
As spam continues to evade potential solutions from the FTC, FCC, and voice service providers, it’s crucial that we have our own personal defenses. Third-party spam blockers like Robokiller are designed to quickly detect and deflect spam and scam calls so that they never even ring your phone.
Thanks to machine learning, artificial intelligence, and a wealth of experience on the frontlines, Robokiller has everything you need to keep yourself safe from spam, scams, and the bad actors who conduct them. Our Answer Bots take care of the interaction for you, humorously wasting scammers’ time while they think they’re talking to a real person; in the meantime, we’re creating a new audio fingerprint so the scammer can’t harass you or any other Robokiller users in the future.
Here are just a few ways you can use Robokiller to protect yourself and your family from spoof calling:
Want to experience the difference for yourself? Download your 7-day free trial of Robokiller now.
Spoof calling is a tactic that spammers use to disguise their phone numbers by manipulating the target’s caller ID. Spammers can spoof their numbers to appear like they’re coming from a local number or even a reputable company or government agency.
Any telephone number can be spoofed to appear as any other number. This can be an issue for businesses whose reputations are tarnished by scammers impersonating them, and it can also be harmful for innocent people who are unaware that their telephone phone numbers are being used to commit fraud.
Spoof calls are inherently deceptive, and they can be very difficult to trace. If you call a spoofed phone number, you’ll get the actual owner of the number on the other end of the line — not the scammer who called you from it earlier. Additionally, many spoof calls are made from overseas, which gives American authorities even less power to trace them and punish the callers.
When you get a phone call that appears to be from a local number — meaning it has the same area code and possibly even the same first three digits as your phone number — but you pick up and someone tries to sell you something, you’ve experienced call spoofing. The same is true when you answer a call that appears to come from a reputable company that you may already shop with, like Walmart or Best Buy, but it’s a scammer on the other end.
It can be difficult to tell if a call is being spoofed until you answer the phone, which is why it’s best to let it go to voicemail if you’re not already waiting for someone to reach out. If you answer a call and realize the caller is a fraud, you should hang up immediately, block the number, and report the incident to the FTC or your telephone company.
