Caller ID Spoofing

I understand this is what happens in the US. My mother also got a call a couple of months back from what showed up as a ‘local’ number. I already get emails from myself, so cannot imagine phone calls are too much more difficult to spam.

As I understand it, for phone network calls, the calling line id is provided by the telco, not by the caller. So it should be possible to prevent all spoofing of local numbers provided that all Australian telcos act with integrity.

That could be coupled with measures that ensure that no phone network call originating outside of Australia can ever appear to originate within Australia. (So if the call originates outside Australia then you can be confident that you will be told this but you can’t be confident in the actual identified number.)

However it is unclear how much scamming those two measures would really stop. By analogy, you can be 100% confident in the domain name of a secure web site, but the web site can still be a scam / spam. So you know the web site is not the real thing if it is attempting to spoof a well-known web site but some people will still fall for it.

Another complication is that a phone number really represents an inbound call so may not have any meaning or relevance to an outbound call (which most spam / scam is). This is more of an issue for VoIP services.

A related problem is spoofing of the number appearing on text messages.

One would need to distinguish between authentic and authenticated.

In a conventional phone call there is no realistic way for the originator of the call (the actual calling party) to authenticate. (This is by contrast with VoIP where it should be the case that the calling party’s VoIP provider can always authenticate the calling party, perhaps even on every call. This is done by username/password. Of course if that information is stolen then VoIP is much easier then to do spoofing.)

Let’s see what telcos come up with.

I don’t think this is right. It is far easier to spoof email addresses - because, while in theory mail service providers could demand authentication

a) they don’t necessarily do so

b) those providers can be anywhere in the world and hence not appropriately subject to Australian law

c) there can be any number of such providers, who appear and disappear at will

d) always demanding authentication will cause problems in legitimate scenarios.

There are a range of measures that combat email forgery but the topic is too large to digress onto in a topic that is focused on phone numbers.

I use an ‘email to SMS’ service to provide alerts from my home security, in my account setup with the service provider I nominate the number to appear as the originator so on my phone it appears I send messages to myself.

Right. By “provided by” I should have made clear that I meant that the telco (service provider) fills it in. So they are free to ignore what you nominate if it violates any business rules or laws.

If any pollie stepped up to legislate a change then the service provider would be obliged to verify your right to nominate a given number. You would need some means of proving your right. The service provider would need some means of verifying it.

(This is different from email where the sending identity is literally supplied and filled in by the sender, so need not have any integrity, and is usually passed through unchanged by all intermediaries who handle the email.)

This memo re RFC 7340 from September 2014 may be insightful as to the problem and problem with solutions.

My mobile just rang and a recorded female voice said “Hello” prior to a recorded male voice informing me that I was being investigated and may be arrested for tax fraud if I did not press “1”. Both voices sounded Australian.

I called the number back and used the override code, 1831, and received a message “Optus advises that the number you have called has been disconnected”.

So these scumbags are obviously spoofing disconnected Australian numbers to try to make the scam seem legitimate though I would expect that a legitimate Government call would display as a private number.

I like to press “1” and then leave the phone off the hook until they give up.

I don’t know why there are two topics on Caller ID Spoofing, so I’ll just link to my earlier comments. https://choice.community/t/spoofing-caller-id-phone-numbers-we-need-a-pollie-to-step-up/15438/14

There were actually 3, now just one (I hope).

It appears there were originally multiple issues, two being about the technology and one the problem, but they kept crossing in the night so here is compendium in (I hope) chronological order.

Do not do this! If you are able to get through to someone, they may have it directed off-shore, and keep you on the line for a while to rack up enormous international call and ‘premium number’ charges.

With a lot of luck Australia will introduce secure caller ID eventually.

I originally posted it under Scams but it was moved.

Your link displays this.

https://choice.community/t/spoofing-caller-id-phone-numbers-we-need-a-pollie-to-step-up/15438/14

No compendium is shown?

The topic is a compendium of all posts from 3 topics.

one of the definitions of compendium: a collection or set of similar items.

I am now disappointed that I didn’t.

I don’t think what I said during the call was heard by the scammers and it would only have taken a few seconds to say it after pressing “1”.

I think the tax scam is designed to extract money from you by scaring the hell out of you. The call back scam to charge you for accessing a premium service seems to be dying out now that the major telcos are clamping down on premium services.

For example, as a customer, you may have had the option to disable altogether any use of premium services.

It is more than that. The major telcos are not passing on premium service charges to their customers unless the premium service is approved by the telco. That alone has knocked out most of those scammers since the telco wont pay.