Friday, November 27, 2015

How easy it is to make Caller ID lie

The Federal Communications Commission is trying to clamp down on lying Caller ID systems - or, more specifically, Caller ID systems that can be fooled by high-tech "spoofing" services. Here's how one method works.

How easy it is to make Caller ID lie


The Federal Communications Commission is trying to clamp down on lying Caller ID systems - or, more specifically, Caller ID systems that can be fooled by high-tech "spoofing" services. 

How do they work? A rulemaking notice posted yesterday by the FCC outlines a common method (pictured above) that involves a third-party service - you can find them on the web under names such as and  The description presupposes that the caller has already created an account with the spoofing service, and been assigned a PIN code. With that, the technique is easy:

In order to make a call with a spoofed caller ID, the caller dials the spoofing service’s toll free number and when connected to the spoofing service, the caller enters his PIN, the telephone number he wants to call, and the number he wants to have displayed by the called party’s caller ID service (the “substitute number”). The spoofing service forwards the call to the telephone number specified by the caller and forwards the “substitute number” as the CPN. As a result, the called party’s caller ID service displays the substitute number as the caller ID.

Caller ID spoofing can be serious business. The FCC says some spoofers, "for example, transmit caller ID information that makes it appear that they are calling from consumers’ banks or credit card companies in an attempt to trick call recipients into providing their account numbers or other sensitive information." In other cases, spoofing is an entry point for identity theft, because a victim can be fooled into thinking he or she is receiving an official government call.

Why not just ban spoofing outright? The FCC, which is planning rules to implement the Truth in Caller ID Act of 2009, says there are some legitimate uses of the technology, such as to protect victims of domestic violence, or to limit the confusion of those receiving telemarketing calls. Its own rules "require telemarketers to transmit caller identification information, but allow for the substitution of the name and customer service number of the seller on whose behalf the telemarketer is calling, as long as the telephone number provided is one a consumer can use to make a do-not-call request during regular business hours."

Click here to see a PDF of the whole notice.



Inquirer Business Columnist
We encourage respectful comments but reserve the right to delete anything that doesn't contribute to an engaging dialogue.
Help us moderate this thread by flagging comments that violate our guidelines.

Comment policy: comments are intended to be civil, friendly conversations. Please treat other participants with respect and in a way that you would want to be treated. You are responsible for what you say. And please, stay on topic. If you see an objectionable post, please report it to us using the "Report Abuse" option.

Please note that comments are monitored by staff. We reserve the right at all times to remove any information or materials that are unlawful, threatening, abusive, libelous, defamatory, obscene, vulgar, pornographic, profane, indecent or otherwise objectionable. Personal attacks, especially on other participants, are not permitted. We reserve the right to permanently block any user who violates these terms and conditions.

Additionally comments that are long, have multiple paragraph breaks, include code, or include hyperlinks may not be posted.

Read 0 comments
comments powered by Disqus
About this blog

Jeff Gelles, who writes the Inquirer's weekly Consumer 14.0 and Tech Life columns, takes a broad look at the marketplace of goods, services, and ideas.

Reach Jeff at

Jeff Gelles Inquirer Business Columnist
Also on
letter icon Newsletter