Caller ID or phone spoofing is a phone scam whereby callers impersonate government officials, financial institutions, or legitimate companies by using fraudulent displays of phone numbers (or “spoofs”) to gain the victim’s trust and get them to disclose personally identifiable information (PII) or sensitive financial information.
In November 2021, the FBI’s Atlanta field office issued a phone scam alert that scammers were impersonating law enforcement, spoofing phone numbers of officers, and asking for payment for outstanding warrants or fines. According to the FBI alert, “The scammers are using spoofed law enforcement phone numbers, along with the names, positions, and addresses of officers. The scam is largely targeting women with lucrative careers that have an online presence.”
HOW SPOOFERS OFTEN STAY TWO STEPS AHEAD OF THEIR VICTIMS
It’s easy to see how the mechanics of these calls can be deceiving. In a spoofing call, the perpetrators use simple application software installed on their cell phone or laptop that allows them to make outgoing calls appear to be coming from a legitimate source.
Verizon offers these common examples of spoofing:
Spoofers can enter the phone number for the FBI, local Police Department or bank branch — even public charities such as the American Red Cross — and that number will appear on your phone’s caller ID. Even victims who call the caller back will get a legitimate recorded message from that agency or institution.
Unfortunately, widely available digital communications technology has made phone spoofing cost-effective for scammers. For example, spoofers will use the power of automated, recorded robocalls to target a much wider audience of potential victims, and often run several different fraudulent schemes at the same time to diversify their criminal activity. They only need a relatively small number of victims to be successful.
During the COVID-19 pandemic, spoofers have pivoted their phone call strategy, pretending to be from the IRS, Social Security Administration, offering fake coronavirus testing, and scaring small businesses into buying bogus online listing services. You can learn more about these and other types of scams on the Federal Trade Commission website, and hear these directions in some sample “scripts” published by the Federal Trade Commission:
U.S. spoofing crimes affected more than 28,000 victims in 2020 alone, racking up nearly $220 million in losses, according to the FBI’s Internet Crime Complaint Center. Internet-related identity theft disproportionately impacts victims over age 60, who suffer more losses, as a group, than any other age cohort.
The most insidious practice of spoofing con artists is using YOUR personal phone number to try to infiltrate your circle of friends, relatives, and neighbors for the purposes of stealing their identities, money, and other nefarious scams. Sadly, there currently is no legal protection against this form of deception. Fortunately, the FCC has been working with telecommunications providers to create new ways to digitally validate caller IDs (through the so-called STIR/SHAKEN authentication standards). This would greatly reduce the incidence of spoofing, and we think it would bring welcome relief to millions of Americans.
HOW TO PROTECT YOURSELF FROM CALLER ID SPOOFING
The Federal Communications Commission (FCC) has issued detailed guidelines on how to protect your valuable PII from spoofing calls, spoofing emails, and phony landing pages. Here are the critical steps we recommend that you follow: