Caller ID Spoofing

We all love our caller id and it seems that it's been around forever. Indeed, if you're young enough, then it has been forever -- for you at least. But there was a time before cell phones when everyone had a landline and people had no idea who was calling.

The history of caller id

Before caller id, some people would screen their calls using an answering machine. If/when the caller started leaving a message and you felt like talking to them, you could pick up the receiver and carry on. But what if there was a way to know who was calling before answering the phone or waiting for the machine to pick up?

Look familiar?

The phone companies, always wanting to sell more services and features, developed and proposed caller id. And boy did that make a stink.

Unless you were around to witness it, you might not believe there was a raging debate in the US about whether caller id should even be allowed. There were loud protestations from a vocal minority of people who believed that a caller should be allowed to call you anonymously -- that the recipient of a phone call had no right to know who was calling prior to lifting the receiver. Obviously, the pro caller id camp prevailed and now caller id is common. One of the best analogies in support of caller id was comparing it to a peephole in the front door. No one opposes a person's right to know who's at the door before opening it, right? It's pretty funny to think about it today but back then it was a serious fight.

Is my phone lying to me?

People place a lot of faith in the truth of caller id -- too much faith as it turns out. Up until the mid aughts, caller id was a pretty reliable way to know the calling number. And with the caller's name also being displayed, you could quickly make an informed decision about whether to answer. Not so much any more.

Telemarketers, especially fly-by-night boiler rooms, don't care about the Do Not Call list so they're gonna make their calls regardless. But since they know that most people are unlikely to answer calls from a different area code then they need a way to make their calls appear to originate in your area. Years ago they did this by buying local phone service in various cities and setting up a call forwarding bridge. But that's expensive so many telemarketers don't want to do that.

Internet-based Voice Over IP (VOIP) calling fixes all that. Well, fixes it from the telemarketers perspective. Without getting into all the technical details, what this means is that telemarketers, crooks, and any one else, can spoof any area code or phone number they want so your phone will display that spoofed number. They'll use your area code and sometimes the first three digits of your phone number (prefix) to make it look more legit. This is known as neighbor or affinity spoofing because it looks like the caller is from your immediate area. Your guard is down a bit more and perhaps you answer.

Your number is likely being spoofed as well. Ever get a call from some random person saying "did you just called me?" Yeah, I've received a few of those. You'll say you didn't call then they'll say that your number "is right here on my phone" -- the implication being that you are lying. Assuming you didn't pocket-dial them, then congrats, your number was spoofed. And again, there is nothing you can do to stop this. You can explain to the confused caller that your phone number has been spoofed (or hijacked -- a better understood term) by a telemarketer and that it happens all the time.

How common is it? Go to Google and type in "my phone number is" (without the quotes) and the term "being spoofed" will appear in the drop down list of suggestions before you even touch enter. There's an excellent article on Ars Technica about caller id spoofing and the problems it causes.

There are websites that let you do your own spoofing "as a prank" on your friends. Ha ha, some fun.
 

Why isn't that illegal?

Caller id spoofing has lots of legitimate uses, such as

  • Your doctor may return your call from his mobile or home phone, but s/he wants the office's number to appear on your phone

  • A company may have several locations, all with random phone numbers. But they want their outgoing calls to have a central number that perhaps matches their advertising

  • A women's shelter may want their individual onsite phone number to appear from the dept. of family services main phone number.

These are just a few of the many legitimate reasons for tweaking caller id and have all been in use since caller id became popular in the 1990s. But prior to VOIP, these methods all required business class telephone service and cost a lot of money.

There's really no good answer right now for how to solve caller id spoofing.

Just understand that the caller id being displayed on your phone is probably true and correct and is usually a good-enough indicator of whether you should answer or not. But don't place absolute trust in it. If the caller is asking for any personal information then you must confirm their identity first. Hanging up and calling them back using a publicly listed phone number or a phone number that you already have, such as your bank or credit card, is a good idea. Reverse spoofing, where the number you call is hijacked is very difficult to do. Enough so that it's not really a concern right now.