CHOICE membership

Spoofing Caller ID Phone Numbers - We need a pollie to step up

Edit: the title has been corrected. (plse note extra “o” in title as bot would not except the string with double “o”.)

This is related to many threads here from scammers to nuisance callers where persons outside any Australian jurisdiction are purporting to be in Australia. The journalist in the linked article says it will most likely get worse and I agree.

Does anyone else here think we should be starting to ask the Minister/Shadow Minister for communications if they are going to do something? I would think there would only be positive support from the electorate in addressing this issue. A start would be penalties for telcos allowing unauthenticated traffic on their network.

9 Likes

Our local Neighborhood Watch often has the local Police expert talk about cyber crime and also phone spoofing, I was concerned that if now even the Tax Office uses your voice to identify you " In Australia Your Voice Identifies You" then anyone taping your words on a phone could potentially create your Australian Government login. He was unaware of this but did mention lots of callers just want you to say the word “Yes” ( do you have solar panels?) because with US banks voice recognition of you saying “Yes” in now part of how to access your bank accounts by phone. He thought Australian banks may pick up this technology or people could unknowingly open USA bank accounts for money laundering. So just saying Yes to phone scammers is moving way beyond an annoyance. We should be raising this with the people who can do something about it - Federal politicians.

6 Likes

I am not sure if this is possible, as long as we have caller ids attached to a phone. The only way may be to have some sort of authentication software which verifies the caller id matches the unique id of the user. This might be more possible when moving to VOIP technologies as IP addresses could be potentially used for such verification…however, this may only work for static IPs and not dynamic ones.

Maybe others may know if spoofing could be prevented without a major disruption to the existing network.

3 Likes

I’m not a full bottle on phone network protocols but I expect because telcos use id’s to manage billing there are ways to manage the integrity. If the onus was put on telcos to ensure the caller id was authentic then a means would be developed.

5 Likes

We’ve been free from Spam calls for months, if not years, but I inadvertently answered a call that hung up with the recorded “Good Bye”. Since then we have been getting spoofed number calls. Very crafty, using a number we would regard as “local”. Since then I have been letting calls go through to the answering machine while I do an on-line search. Most come up as legit with no complaints of spam. Eg. Blue Care, private residences in Tasmania, Melbourne etc. But none leave a message, and we have no relationship with them. Also got a couple of 11 digit numbers. Fortunately we have Caller ID.
My husband has been banned from answering the phone as he is not savvy to scams as I am.
We are lucky to get and make 2 calls a week. So ringing many times a day is quite annoying.

6 Likes

Yes, this is a serious issue and needs a solution!

Add our frustration with one or more calls every day that do not respond when answered or leave no message. And if you call back the number often does not

And NO IT’s NOT Acceptable that as consumers we should have to change our behaviours to circumvent these calls. It’s possible to suggest numerous reasons why you can’t just let it all go through to the message bank!

For older Australians who deal with government departments, many of these are difficult to return calls to! Miss a call and you may soon be back in the endless queue of prompts. For private business eg ‘health fund, super, banks’ it’s back to the long phone in trap system that tries to do anything but connect you to some one to talk to.

For smart mobile phone users you can add filtering based on your contacts list. For the cordless wall phone not so.

Technically there may not be a simple solution without an international agreement on how calls our routed.

Per Geoff2 it would be great to have some expert feedback on what is and is not possible.

It may also be that VOIP is even more difficult to manage given it is a universal technology that can function independent of telcos and access anywhere globally thru VPNs?

3 Likes

Yes you can create a whitelist on most mobile phones, I don’t think it is plausible though to capture all numbers, for example will you risk the ED number being blocked when a family member is rushed there?

While trying to track back a nuisance number calling my phone recently a came across the so called owner of the number, an IT business that offers Australian numbers to anyone worldwide. Could not work out physically where the people behind it were but I guess it is one of many that open the doors for residents of Australia to be harassed and scammed.

A question for any Choice staff, is this organisation on ACA’s radar?
http://www.commsalliance.com.au/

5 Likes

An interesting one … I was outside and heard our cordless phone ring, but not the Telstra wall phone. The caller hung up before reaching the answering machine. Caller ID was 05551. Googled ‘Australian phone 05551’ and got nothing.

We kept the Telstra wall phone because it has a loud ring, the cordless is hard to hear outside even at the top of its volume, but I can put the scam numbers on a different ring-tone. We are on Satellite NBN, so we have to keep our copper land-line as the internet is not reliable (so the NBN tells us).

3 Likes

Sitting down having dinner the other night and the landline started ringing, the handset was on the table so I looked at the display and it appeared to be a mobile. So I answered it and they got me, “Hello this is Pauline Hanson” grr.
I shot off the following email.

"Hello Senator Hansen,
If you send your home telephone number to myself I will call you at home during your dinner time and play a recorded message to you.

Sound fair?

If not then don’t do it to me!

People and organises that treat me like that go down in my opinions of them.

Regards"

4 Likes

Thanks for the heads up @Geoff2. We are aware of the Comms Alliance and have referenced them in some our submissions on the issue.

4 Likes

https://www.acma.gov.au/articles/2019-11/acma-recommends-immediate-action-combat-scams

Hopefully they can get telcos to have some sort of authenticity for CIDs.

4 Likes

It would be interesting to see how it is done.

There has been some media about creating a known phone list which could be used to filter unknown numhers…but I expect that this will push the scammers into finding a way to spoof real numbers to bypass this potential block.

3 Likes

I understand this is what happens in the US. My mother also got a call a couple of months back from what showed up as a ‘local’ number. I already get emails from myself, so cannot imagine phone calls are too much more difficult to spam.

3 Likes

As I understand it, for phone network calls, the calling line id is provided by the telco, not by the caller. So it should be possible to prevent all spoofing of local numbers provided that all Australian telcos act with integrity.

That could be coupled with measures that ensure that no phone network call originating outside of Australia can ever appear to originate within Australia. (So if the call originates outside Australia then you can be confident that you will be told this but you can’t be confident in the actual identified number.)

However it is unclear how much scamming those two measures would really stop. By analogy, you can be 100% confident in the domain name of a secure web site, but the web site can still be a scam / spam. So you know the web site is not the real thing if it is attempting to spoof a well-known web site but some people will still fall for it.

Another complication is that a phone number really represents an inbound call so may not have any meaning or relevance to an outbound call (which most spam / scam is). This is more of an issue for VoIP services.

A related problem is spoofing of the number appearing on text messages.

One would need to distinguish between authentic and authenticated.

In a conventional phone call there is no realistic way for the originator of the call (the actual calling party) to authenticate. (This is by contrast with VoIP where it should be the case that the calling party’s VoIP provider can always authenticate the calling party, perhaps even on every call. This is done by username/password. Of course if that information is stolen then VoIP is much easier then to do spoofing.)

Let’s see what telcos come up with.

I don’t think this is right. It is far easier to spoof email addresses - because, while in theory mail service providers could demand authentication

a) they don’t necessarily do so

b) those providers can be anywhere in the world and hence not appropriately subject to Australian law

c) there can be any number of such providers, who appear and disappear at will

d) always demanding authentication will cause problems in legitimate scenarios.

There are a range of measures that combat email forgery but the topic is too large to digress onto in a topic that is focused on phone numbers.

2 Likes

I use an ‘email to SMS’ service to provide alerts from my home security, in my account setup with the service provider I nominate the number to appear as the originator so on my phone it appears I send messages to myself.
https://www.smsbroadcast.com.au/

2 Likes

Right. By “provided by” I should have made clear that I meant that the telco (service provider) fills it in. So they are free to ignore what you nominate if it violates any business rules or laws.

If any pollie stepped up to legislate a change then the service provider would be obliged to verify your right to nominate a given number. You would need some means of proving your right. The service provider would need some means of verifying it.

(This is different from email where the sending identity is literally supplied and filled in by the sender, so need not have any integrity, and is usually passed through unchanged by all intermediaries who handle the email.)

3 Likes

This memo re RFC 7340 from September 2014 may be insightful as to the problem and problem with solutions.

5 Likes