The Low-Down on How Spoofed Phone Calls Work
*Note: This article was originally published by the author on September 24, 2020.
Every month American consumers receive approximately 2.5 billion robocalls. With yet another major election looming in the next few months, we can all expect to receive a lot of politically-related robocalls and emails from incumbent Congressional representatives and Senators considering all that is at stake for control of the House and Senate. If it were not significant, we wouldn’t see President Trump spending time and taxpayer money traveling around the country to show support for his GOP base candidates. If you’re tired of the present Administrations’ rhetoric and attempts to subvert the already biased new media, then perhaps it’s time to ensure you’re properly registered to vote (You can quickly check on https://www.vote.org/am-i-registered-to-vote/).
If you value your privacy and you don’t want to be barraged with numerous robocalls, then it would be prudent to take measures now to silence your phones or at least screen your phone calls for the next couple of months until after the mid-term elections are finished. Do it for your peace of mind and sanity, for it is sure to be an ugly campaign season just as 2016 was.
What is Caller ID Spoofing?
Image courtesy of Consumers Union Caller Identification (ID) technology has now become a standard service that users pay for on their home or cell phone service plans that allows a recipient of a phone call to see from which phone number they are receiving a phone call. The Federal Communications Commission (FCC) began encouraging phone companies to start blocking robocalls in November 2017, but of course, that feature will be included at an additional cost to the consumer if you elect to have the service feature provided by your phone service provider. Phone call & Short Message Service (SMS) text message spoofing is considered illegal per the Under the Truth in Calling Act if it is being used with the
“…intent to defraud, cause harm, or wrongfully obtain anything of value… penalties up to $10K per violation in the U.S.”
Have you ever received a phone call from your own cell phone number and wondered, “How could this be?” This type of Caller ID spoof is performed easily using Caller ID spoofing services that are freely available on Internet websites. Spoofing attacks are typically performed against Voice over Internet Protocol (VoIP) technology instead of traditional landlines that travel across phone towers. Here again, we see the vulnerabilities of digital communication protocols which are full of security gaps because they weren’t designed initially with security in mind. I won’t list any of those free Caller ID spoofing sites here as I am generally not a fan of making it easier for script kiddies and criminals to commit crimes.
They are easy enough to find by searching online. Typically, the Caller ID spoofing site requires the number a user wishes to call (known as the destination phone number), and the number the users wish to display (known as the originating or source phone number). While a full explanation of exactly how the Caller ID spoofing technique works is outside of the scope of this article, I will provide the below diagram for the more technically savvy readers if you care to delve deeper. Unfortunately, most people are not interested in the particulars of telecommunications protocols as they interrelate and function so that they are able to receive phone calls from halfway around the globe.
The takeaway is that Caller ID spoofing attacks affect both the victim's phone number and the secondary (spoofed originator) phone number since complaints could cause the phone company to block outgoing phone calls. Imagine the adverse effects that could have on small Mom and Pop businesses. So, depending on how Caller ID spoofing is being used, it can have deadly consequences. Shortly after Christmas 2017, Caller ID spoofing was used by a prankster in Los Angeles, CA to send a police SWAT team to a Kansas man’s house claiming through a hoax 911 call that the victim was holding his family hostage after the victim’s father had been shot in the head. This type of spoof attack is known as “Swatting,” and this particular incident sadly resulted in the Kansas family man’s death at the hands of the SWAT team. Once again, Caller ID spoofing can have serious consequences.
Random Calls at Random Times From Random Numbers
How can I combat this? Technology has given us some nifty tools and apps that we can use to protect our privacy, but a lot of it is more common sense-related than technology-based. For instance, you can ignore all of your phone calls except those from numbers you recognize by configuring your phone to block all but only whitelisted phone numbers. Or, you can also silence your phone during certain hours if you prefer.
I also recommend downloading the Hiya app for your smartphone because it has a database that it checks when you receive a phone call from any phone number to determine if it is a known spam number. If it is spam, then it is blocked. TrapCall is another app you can download, but it is a paid service whereas Hiya is free. I make a habit of always searching for a free or cheaper option being frugal-minded. See the below segment details how you can already do all of this for free.
If you’ve got a home Voice over Internet Protocol (VoIP) phone service such as Ooma running at home, you can configure it to block certain phone numbers online through their website user interface. By the way, I am a big believer in frugality and Ooma is far cheaper than any other telecom provider out there. I am by no means a sales rep for Ooma, but after purchasing the initial VoIP phone base and phone receiver equipment (~ $150), you’d be looking at having to spend less than $10 per month for the subscription fee depending on local taxes where you live. Another less popular, more extreme option is getting rid of your electronic leash, otherwise known as a cell phone.
I put it out there in case you’re considering ‘taking the plunge’ because there are several disadvantages to owning a cell phone that people don’t typically consider (e.g., your mental health, distracted driving, anxiety). You may find your life to be much simpler after ditching the electronic leash and that being present in the moment is substantially more gratifying than checking your smartphone every 5 seconds or walking down the street while checking it all the while oblivious to everything else going on around you.
Social Media News Feed Poisoning
Despite the best efforts of social networking sites like Facebook, Twitter, and YouTube, expect that adversarial Nation-states such as Russia, China, Iran, and North Korea will attempt to subvert ALL future U.S. elections with fake news and social media feed posts that support candidates or political themes that favor their national interests. The best thing we can do as a Democratic society is to ignore these news feeds temporarily because it is ludicrous to assume that social media platforms will be able to successfully locate and remove every single foreign-introduced advertisement or post with the algorithms and limited yet skilled workforce that they have. Try to do your own independent research to confirm the validity of news reports you get off social media or any Internet website before you accept them as gospel. You’ll save yourself a lot of headaches if you do as there are groups and people actively attempting to fool you.