Why the Spoofing has to stop

It’s a fraud that’s affected most of us, yet goes without punishment. Spoofing involves callers hiding their identity by causing a false or invalid phone number to display when making calls. It’s the perfect way for unscrupulous sales companies to trick you into answering the phone. But Ofcom has now decided to act to protect customers – although exactly what it can achieve is somewhat debateable.

It used to be so easy – the phone rings and you look at the caller ID; if it says ‘number blocked’ or ‘caller unknown’ then you let it go to voicemail. After all, if the caller isn’t in your contact book or chooses not to reveal their number, then there is every chance that it’s not going to be a call you want to take. But spoofing gets round the problem by either causing a random series of digits to be displayed or mimicking the number of a real company or person. If it looks like a genuine number, you’re more include to accept the call.

But whilst this deception can be merely annoying to the recipient of these unsolicited and unwelcome calls, prolonged pestering can also cause stress and illness – especially to the more vulnerable members of society (and those most likely to part with their cash for products and services they don’t actually need). Companies employing such tactics can hide their anonymity because it is impossible for consumers to return their calls to find out who is contacting them – or to opt out of future direct marketing calls from that organisation.

However, it can also mask fraudulent activities. What if the spoofed number matched that of a hospital, doctors’ surgery or your bank? Chances are you would pick up the call, at which point you could well get asked personal questions about yourself, your property or your finances – and you may well answer because the call appeared to come from a trusted source. Within a few minutes you would be anther victim of data theft.

Ofcom says calls with spoofed numbers can and do come from all over the world and account for a significant and growing proportion of nuisance calls made to consumers in English-speaking countries (although they give no percentages or figures). It says that international cooperation is therefore vital in addressing this problem, which is why a group of regulators this week pledged to combine resources, share intelligence and work collaboratively to find solutions to the problem of phone number spoofing.

Ofcom is joined by the Information Commissioner’s Office in the UK, the Canadian Radio-television and Telecommunications Commission (CRTC), Competition Bureau Canada and the US Federal Trade Commission (FTC).

“International cooperation is vital in finding effective remedies to the problem of number spoofing,” said Claudio Pollack, Ofcom’s Consumer Group Director. “We are thoroughly committed to this joint effort and are determined to put a stop to this harmful practice and take action against those responsible.”

A quick search on Google throws up numerous spoofing services, most of which play up the lighter side of spoofing with marketing phrase such as “pull a prank on a friend”. It’s all legal and above board.

In the US, the courts have ruled that “non-harmful spoofing” is fine, it’s only when organisations use a false number or caller ID message to openly commit fraud or cause harm to others that it would fall under the federal ‘Truth in Caller ID Act’ and become a felony. Forfeiture penalties or criminal fines of up to $10,000 per violation can be imposed. But when exactly does a spoofed call become a fraud case? Stealing someone’s phone number, or misrepresenting yourself with a false number, is not regarded as a fraud.

Whilst this problem has been ongoing for many years, the number of spoofing frauds does appear to be on the increase (thanks mainly to VoIP technology), although without hard numbers being available it is difficult to quantify. But you can find plenty of recent examples from across the US and UK. For example, a woman in Detroit received a call that was identified as being from the local County Sheriff's Office and was then given instructions on how to make a $1,200 payment on a debit card in order to avoid a criminal charge. Needless to say it was a spoofed call.

Apparently, the easiest way to spoof caller ID is to employ dedicated open source software (we’re not going to make it easy and publish a shopping list) through a VoIP provider. It depends very much on whether or not the provider permits a user to purchase direct inward dial numbers separately from outbound calling minutes, which is often the case with wholesale providers.

Thankfully, the authorities now appear to agree that it’s time to get tougher on spoofing. An online portal to help consumers register a complaint by directing them to the appropriate UK regulator can also be found on the Ofcom website.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.