The Federal Communications Commission is trying to clamp down on lying Caller ID systems - or, more specifically, Caller ID systems that can be fooled by high-tech "spoofing" services.
How do they work? A rulemaking notice posted yesterday by the FCC outlines a common method (pictured above) that involves a third-party service - you can find them on the web under names such as telespoof.com and phonegangster.com. The description presupposes that the caller has already created an account with the spoofing service, and been assigned a PIN code. With that, the technique is easy:
In order to make a call with a spoofed caller ID, the caller dials the spoofing service’s toll free number and when connected to the spoofing service, the caller enters his PIN, the telephone number he wants to call, and the number he wants to have displayed by the called party’s caller ID service (the “substitute number”). The spoofing service forwards the call to the telephone number specified by the caller and forwards the “substitute number” as the CPN. As a result, the called party’s caller ID service displays the substitute number as the caller ID.
Caller ID spoofing can be serious business. The FCC says some spoofers, "for example, transmit caller ID information that makes it appear that they are calling from consumers’ banks or credit card companies in an attempt to trick call recipients into providing their account numbers or other sensitive information." In other cases, spoofing is an entry point for identity theft, because a victim can be fooled into thinking he or she is receiving an official government call.