Estimated Reading Time: 7 Minutes
Picture this: your client is sitting at home, reading through their emails, when their phone rings. The caller ID shows it’s your company calling, so they eagerly pick up. The voice at the other end sounds odd and strangely rushed, but the person is offering to help resolve an issue with their account. As your client engages in conversation, the voice asks them to verify their bank information and their account password...
Welcome to the world of caller ID spoofing, where things aren’t always what they seem.
While not necessarily new, phone scams are becoming more frequent and sophisticated. The Federal Communications Commission (FCC) estimates that Americans receive approximately 4 billion robocalls per month. That’s more than 130 million calls a day. You can bet a hefty portion of those robocalls involved some form of spoofing or voice phishing (“vishing”), which are tactics criminals use to impersonate legitimate entities – like your brand – and wreak havoc on unsuspecting consumers.
Let’s dive deeper into the concept of caller ID spoofing, what it is, how it works, common scams that leverage this tactic, and tools you can provide your customers to help them mitigate their risk of falling victim to these crimes.
What is Caller ID Spoofing?
Caller ID spoofing is when scammers manipulate the caller ID display to trick people into thinking the call is from a trusted source, like an advisor, government entity, well-known brand, or neighbor. Scammers will also use “911 Emergency” or a phone number very similar to a spouse or friend in spoofed caller ID displays.
What started as a tactic used by law enforcement and collection agencies in the early 2000s with the rise of digital communications is now a favorite among scammers. Fraudsters use this mechanism because it can easily fool even the most vigilant – including those who only answer calls from trusted sources and think they can identify robocalls or telemarketers. The scammers prey on people by impersonating utility companies, government agencies, and financial institutions, requesting personal, financial, or login credentials.
How Does Caller ID Spoofing Work?
Gone are the days when people pick up calls from “Unknown.” Because of this, scammers need a reliable way to ensure unsuspecting consumers answer the phone. Here are some of the ways scammers can spoof a trusted phone number (like yours!):
- VoIP Spoofing: Voice over Internet Protocol (VoIP) spoofing is when scammers use VoIP technology to make calls over the internet, allowing them to mask their true number and display a different one — often one that looks familiar. It’s like the digital version of wearing a fake mustache and pretending to be someone else. VoIP spoofing is cheap, easy, and a major reason why your client thinks they are getting calls from your company when really it’s an impersonator calling from somewhere else in the world.
- Spoofing Services: If you thought scammers needed some high-tech gear to pull off spoofing, think again. There are actual services — yes, real services — that scammers can pay to use to do the dirty work for them. These services provide spoofed numbers on demand, just as easy as viewing your favorite show on a streaming device.
- Orange Boxing: Taking a trip down memory lane, let’s talk about “orange boxing,” a throwback to the analog days of phone fraud. This old-school method involved tricking the phone system into thinking a call was from a different number. In modern days, the scammer uses software or hardware called an orange box that can intercept the caller ID signal and replace it with a different number.
Common Telephone Scams
Once your client picks up a call, criminals use tactics like voice phishing (also known as “vishing”) to impersonate the voice of a trusted entity, sometimes through voice-cloning AI software. Often, the caller will speak rapidly and with a sense of urgency to catch your client off guard. Some common telephone scams include:
- A demand for payment – with a threat. Common impersonations include the IRS, the FBI, or a collections agency. The Federal Trade Commission (FTC) recently issued an alert about scammers impersonating court officials demanding payment for missed jury duty.
- An offer of technical support to resolve an issue. In this example, the scammer will claim personal information is needed to fix or restore an issue with a well-known service or device. They may use publicly available information to bait the consumer into providing additional personal information that could assist them in breaking through authentication services or taking over an account (e.g., email, Apple ID, laptop or cell phone device, etc.).
- Assistance in program enrollment to receive benefits. Scammers often pose as representatives of government programs such as Federal Student Loan Debt Relief, Medicare, or Social Security to elicit trust. They will claim to be helpful in navigating the complexities of enrolling in programs to collect personal financial information and identity data.
- Notification of an award or special offer. This scam involves offering a large reward from a contest or special program. The scammer may request personal and financial information to process the special payment.
Help Protect Your Customers from Caller ID Spoofing Scams & Fraud
So, how can you help keep your clients from being fooled by these digital doppelgängers? Here are some tips to help you help them:
Educate, Educate, Educate. Educating your customers is the first line of defense. Encourage them to be wary of calls from unknown numbers — even if the number looks familiar. Remind them that their bank, the IRS, or any respectable business (including yours!) won’t call demanding immediate payment or sensitive information – and that the robocalls claiming to be law enforcement are meant to scare them into providing sensitive information. Tell them not to trust the caller ID blindly and instead hang up and call back using a known, trusted number.
Block and Report: Encourage your clients to use call-blocking apps and report any suspicious numbers to their carrier or the FCC. The more reports made, the harder it becomes for these scammers to operate. Provide them with ways to check the carrier’s websites (see AT&T, T-Mobile, Verizon) for specific instructions on how to block numbers that may be fake.
Trust Their Gut. Remind your customers to always verify the caller's identity before divulging any information over the phone. If the call seems fishy, tell them to hang up and contact the organization directly using a known number. Scammers rely on people acting quickly and without thinking, so it’s an important reminder to always take a moment to pause and consider the situation.
Caller ID Monitoring from Iris® Powered by Generali. Provide your clients monitoring tools that will alert them of suspicious incoming and outgoing calls, like Iris’ Caller ID Monitoring. Our Caller ID Monitoring is a highly distinctive, differentiating feature that will soon become a necessary tool for consumers to have as the world of scams continues to advance in sophistication. With Iris’ advanced monitoring solution, you can help your clients protect themselves against fraud involving phone impersonation tactics. Along with the monitoring service, Iris will send your clients alerts when we detect:
- A masked incoming call, which occurs when a criminal contacts your client using a false number to impersonate a legitimate entity, usually in a vishing attempt to solicit sensitive information, or
- A masked outgoing call, which occurs when a criminal uses your client’s phone number to impersonate them when contacting others (aka spoofing) – usually to gain access to their accounts, etc.
Help protect your clients from falling victim to caller ID spoofing scams by helping them stay informed about the risks and providing them with advanced Caller ID Monitoring tools from Iris to alert them of suspicious incoming or outgoing phone calls. Contact us today to learn more.