The Scourge of Phone Spoofing
IntroductionA trend which keeps increasing and sees people receive unwanted calls and messages is caller-id spoofing. Number spoofing is when someone fakes outgoing caller ID info to show a number that isn’t theirs. The spoofed number often belongs to a real person or business, but not to the person using it to call you.
At the moment due to the coronavirus crisis, there has been a surge in the number of spam and nuisance calls and messages. As the race for effective treatments and vaccines for COVID-19 intensifies, scammers continue to prey on people hopes and fears in attempts to steal financial info, exhort money or both.
Steps an Individual can Take
There are several steps an individual can take if they are receiving a number of unwanted calls or their own number is being spoofed.
- . You can say something like, “If you got a call from this number, please understand that telemarketers or scammers are using my number without my permission. For your own security, do not engage with them and please block this number.” As more people block your number, it will lose its value to spoofers, making them less likely to continue using it.
- If you’re getting overwhelmed with calls and texts, you can temporarily (or permanently) . Also, block unwanted numbers, in general, should help avoid repeat calls. Though it is best to add numbers to your contacts or phonebook of your bank, insurance, GP etc to avoid missing potentially vital calls.
- . Generally, they are cracking down on people making illegal robocalls and spoof calls, so any information you provide might help.
- Identity thieves and other fraudsters often pose as representatives of banks, credit card companies, creditors, or government bodies (including the Scottish Parliament and Welsh Assembly) to get people to reveal their account numbers and other sensitive information.
- Never give out your personal information in response to an incoming call, or rely upon the Caller ID as the sole means of identification, particularly if the caller asks you to carry out an action which might have financial consequences.
- If someone rings you asking for this information, don't provide it. Instead, hang up and call the phone number on your account statement, in the phone book, or on the company's or government department's website to check whether the call was genuine. Wait at least five minutes before making the call - this ensures the line has cleared and you're not still speaking to the fraudster or an accomplice.
Other Actions Being Done
Industry and the Government are also taking steps to mitigate and hopefully prevent malicious use of caller-id spoofing from occurring. Because calls with spoofed numbers can and do come from all over the world and account for a significant and growing proportion of nuisance calls.
In the UK, Ofcom is working with the international regulators and as well as the telecoms industry to find solutions to the problem. As Voice over IP (VoIP) technology (the type of technology used to make internet calls) is often used in spoofing. They are seeking to address through their work in completing the switchover from ‘public switched telephone network’ (PSTN) to IP technology. Also the Internet Engineering Task Force (IETF), which helps to develop internet standards, has created a group specifically to tackle this issue. This the Secure Telephony Identity Revisited (STIR) working group.
Examples of action taken are the work of the UK's HM Revenue and Customs (HMRC) have put an end to fraudster’s spoofing the tax authority’s most recognisable helpline numbers by deploying defensive controls to prevent fraudsters from spoofing the numbers of HMRC. The controls, created in partnership with the telecommunications industry and Ofcom, prevent spoofing of HMRC’s most used inbound helpline numbers and are the first to be used by a government department in the UK. Criminals may still try and use less credible numbers to deploy their scams but that means they will be easier to spot. These measures have significantly reduced the number of reported scams of people receiving spams calls of people claiming to be from HMRC.
Generally, at least once a year now there seems to be a period of a few weeks where I get numerous spam calls. The easiest way I have found is to just ignore calls from numbers I don't know, look them up to see if they belong to a legitimate source (99% of the time they don't) then block them. So far that seems to minimise the amount of spams calls I get but it varies. In my opinion knowledge of this types of attacks which quickly fall into the category of social engineering can only be stopped by having the knowledge and tools to identify them yourself and to help others who may not be as technology savvy or quick to pick up when they are being conned. Hopefully, this post has provided some useful ideas and information. I would encourage further reading on this area and take some time to ensure yourself, family and friends are aware of phone/caller-id spoofing to minimise the risk of being caught by this type of social engineering attack.