Você está aqui: Página Inicial / Blog / Caller ID Spoofing: What is it and how can you protect yourself?

Caller ID Spoofing: What is it and how can you protect yourself?

Imagine the following situation. You receive a call from a contact number on the screen that appears exactly the same as your bank’s telephone number. Everything should be just fine, right? So you answer. 

An employee calmly explains that there is a security problem with your account and that your password is required to prevent a major incident. 

You believe you’re talking to a real employee and so you provide the requested information. The thing is, you’ve just fallen for caller ID spoofing.

Caller ID Spoofing and how it works

Caller ID spoofing is nothing more than a technique used by cybercriminals to falsify a phone call number. Basically, they manage to hide the real phone number used to place the call by overlaying it with a legitimate phone number that is identical to that of the institution they’re impersonating.

Different techniques can be used by cybercriminals to pull off the caller ID spoofing scam. The main one includes the use of legitimate software that helps disguise the origin of certain calls. This is the case with VoIP (voice over IP) services, for example, which can make phone calls over the Internet instead of using traditional telephone networks. Using VoIP, you can decide and configure the outbound number displayed during calls. That’s why all you see on your screen is a real number. 

So, by using a legitimate number, criminals pose as financial institutions, government agencies, legitimate companies and even friends or family of the victim. Since many people do not answer calls from unknown numbers, criminals use this strategy to sidestep this habit and gain greater success in applying the scam.

How to protect yourself

  1. Be wary of suspicious and unexpected contacts: the main technique used by cybercriminals who apply spoofing scams is social engineering. When you get a call and the person on the other side tries everything to convince you to perform some suspicious action, like providing or confirming certain confidential information, be extra suspicious.

  2.  Never give out personal or financial information: never give out personal or financial information over the phone, especially if contact was initiated by someone else and not you. ID numbers, tax numbers, addresses, passwords... none of this information should be given out over the phone.

  3. Hang up and call the official phone number: if you receive a call and the person on the other end of the line claims to be an official representative of a bank, store or any other institution, asking you to provide certain information, it’s best to hang up and call the official phone number of the entity in question yourself. However, wait a few minutes before making this call. Some criminals can "hold" the call for a few minutes even after the call is supposedly disconnected. So if you try to call back immediately afterward, the same criminal just might answer.

I’ve fallen victim! What should I do now?

If you suspect that you’ve fallen victim to caller ID spoofing, there are some actions you should take. Take note:

  1. Inform the company or organization being spoofed: contact the impersonated entity to report the incident. This way the institution can take action to alert other customers and help prevent future caller ID spoofing attacks.

  2. Report it to the authorities: If you’ve suffered a financial loss as a result of caller ID spoofing, report the incident to the authorities, like a police station specializing in online scams. They can investigate the incident and try to track down the perpetrators.

  3. Update your passwords: If you provided passwords or other sensitive information during the call, change them immediately. Make sure you use strong and unique passwords for each account.

Other best practices

Though caller ID spoofing normally uses recognizable numbers, you have to be careful with unknown numbers, too. After all, just like in phishing scams, many criminals apply mass fraud with random numbers, never bothering to make them look real.

Finally, make sure your phone number is not used in spoofing scams. Remember that your phone number is also personal information and should not be shared with anyone or published anywhere. Only provide your phone number for signing up for services when necessary and do not leave it visible on your social networks.

Article originally written in Portuguese by Perallis Security Content Team: Spoofing de chamada: o que é e como você pode se proteger? — Perallis Security
Conteúdo relacionado
HACKER RANGERS - GAMIFICATION FOR CYBERSECURITY AWARENESS