Sunday, May 3, 2015

How easy it is to make Caller ID lie

The Federal Communications Commission is trying to clamp down on lying Caller ID systems - or, more specifically, Caller ID systems that can be fooled by high-tech "spoofing" services. Here's how one method works.

How easy it is to make Caller ID lie

The Federal Communications Commission is trying to clamp down on lying Caller ID systems - or, more specifically, Caller ID systems that can be fooled by high-tech "spoofing" services. 

How do they work? A rulemaking notice posted yesterday by the FCC outlines a common method (pictured above) that involves a third-party service - you can find them on the web under names such as telespoof.com and phonegangster.com.  The description presupposes that the caller has already created an account with the spoofing service, and been assigned a PIN code. With that, the technique is easy:

In order to make a call with a spoofed caller ID, the caller dials the spoofing service’s toll free number and when connected to the spoofing service, the caller enters his PIN, the telephone number he wants to call, and the number he wants to have displayed by the called party’s caller ID service (the “substitute number”). The spoofing service forwards the call to the telephone number specified by the caller and forwards the “substitute number” as the CPN. As a result, the called party’s caller ID service displays the substitute number as the caller ID.

Caller ID spoofing can be serious business. The FCC says some spoofers, "for example, transmit caller ID information that makes it appear that they are calling from consumers’ banks or credit card companies in an attempt to trick call recipients into providing their account numbers or other sensitive information." In other cases, spoofing is an entry point for identity theft, because a victim can be fooled into thinking he or she is receiving an official government call.

Why not just ban spoofing outright? The FCC, which is planning rules to implement the Truth in Caller ID Act of 2009, says there are some legitimate uses of the technology, such as to protect victims of domestic violence, or to limit the confusion of those receiving telemarketing calls. Its own rules "require telemarketers to transmit caller identification information, but allow for the substitution of the name and customer service number of the seller on whose behalf the telemarketer is calling, as long as the telephone number provided is one a consumer can use to make a do-not-call request during regular business hours."

Click here to see a PDF of the whole notice.

 

 

Inquirer Business Columnist
About this blog

Jeff Gelles, who writes the Inquirer's weekly Consumer 14.0 and Tech Life columns, takes a broad look at the marketplace of goods, services, and ideas.

Reach Jeff at jgelles@phillynews.com.

Jeff Gelles Inquirer Business Columnist
Business Videos:
Also on Philly.com:
Stay Connected