Caller ID Spoofing: Is There an Answer? -- THE Journal

Caller ID Spoofing: Is There an Answer?

By Doug Gale
01/13/09

Caller ID spoofing causes the caller ID display on a phone to display something other than the real caller. It isn't a new technology; it's been around since caller ID became popular. While the original spoofing implementations were somewhat kludgy, with the advent of Voice Over IP (VoIP) they became much better. It's an easy hack that endangers institutional data through "social engineering." Are your faculty and staff aware of this potential threat?

Legality
In 2004 the first commercial service offering to spoof caller IDs for a fee was launched. By 2006 commercial spoofing was covered by the popular press when SpoofCard, now one of the largest and most feature-rich of the spoofing services, suspended Paris Hilton's account because it was being used to harass Lindsay Lohan and to access her voicemail account. Now Googling "caller ID spoofing" yields more than 200,000 returns--including scores of companies who offer the service for a fee.

But is It Legal?

Yes.

While legislation has been proposed to restrict caller ID spoofing, it is currently legal, although some states have passed laws that make it illegal to spoof caller ID for certain purposes, such as "to mislead, defraud or deceive the recipient of a telephone call." Even in those states, calls for amusement or revenge are generally legal. If you are interested in a more detailed history of caller ID spoofing, check out calleridspoofing.info.

Potential for Abuse
While the companies providing these spoofing services emphasize "amusement," the mischief sometimes goes a good deal further, as in the case of a Washington State teanager who was sentenced to 30 days in jail and a $24,000 fine for using caller ID spoofing to send SWAT teams to the homes of innocent individuals--a practice known as "swatting."

It is worth noting that even though providers of spoofing services treat their call records as confidential, they do make them available under court order in cases of illegal activity. For this to be an effective deterrent to misuse, however, you have to assume that the criminal is dumb enough to use their real identity when they subscribe to the spoofing service.

There are other uses that are still merely potential threats to insitutional data security.

Does caller ID spoofing have legitimate (versus legal) uses? Certainly. For example, a professional who returns a call from a number he would rather remain private might spoof his own business number. Or the call recording feature offered by some providers could be used by a businessman to have a record of a verbal order or transaction.

How It Works in Practice
To see how the system works in the real world I went to Spoofcard.com on the Web and, being the cheapskate that I am, selected their free trial. I had to enter three telephone numbers: mine, the number to be called, and the number to appear on the called phone's caller ID. For the latter two I used my spouse's line and the phone number of one of her friends. A few seconds after I hit the "submit" key on my computer, my phone rang with the message "enter 1 to complete your call." I did so and my wife answered, "Hello Marilyn," which was her friend's name.

If that isn't easy enough, Macintosh users can even download a Widget to their desktop to make the process even easier.

The cost, after the first free call, is minimal: 60 minutes for $10. And there are additional options available, including:

Change your voice to male or female in real time.
Record your conversation for later download (although the company points out that it is illegal in many states to record a telephone call without informing the other party that the call is being recorded).

For the more technically inclined who want to set up their own VoIP-based caller ID spoofing service or understand how the service works, the instructions can be found in "Fake caller ID: Fun, legal and easy to do" and Rootsecure.net.

What This Means to Education
Caller ID spoofing is a really easy hack--no technical skill required. Because it is so easy and has the potential to be so damaging, we need to make sure that faculty and staff understand three basic rules:

Protect your voicemail with a password. (When you call your own phone number you are automatically routed into voice mail.)
Only give information to people whose voice you recognize or phone numbers that you yourself have dialed.
Don't accept calls from financial institutions asking for account information. If you are unsure, call them back using a phone number obtained from an independent source.

The fundamentals are even easier to remember and can be summarized with a single rule:

Rule No. 1: Caller ID is not to be trusted.

READ MORE DAILY NEWS

Comments

Sun, Dec 11, 2011 Tammy TX

I had an entire weekend of people calling me saying that I've been calling them. I've spoken with AT&T 4 times over the last two days and they have no way of protecting me from caller-id spoofing. I had to permanently change my phone number. Why can't the phone companies do something about it? And why are caller-id spoofing allowed to exist and be so readily accessible for anyone to do this to someone?

Sat, Oct 8, 2011 elaine scotland

My cell number has been spoofed and i have 3 young kids, my husband died 9months ago and someone has been using my cell number to make threats and text messaging to someone elses cell phone. they have now got the police envloved to make it look like it was me, how do i prove that i have been a victim of a spoofed caller ID.

Mon, Apr 4, 2011 Cell Spy

I think that Spoof Card do provide some good services but there are some people that use it for some bad things. Pranks are one thing but taking advantage of someone is a bad use of this servicethecellphonespy.info/s DOT poofcard

Fri, Jan 21, 2011 roy moore pa.

is it ilegal to use stalking spoof calls in pa.?

Fri, Nov 26, 2010 Cindy PA

actually, I believe you are legally allowed to record a phone call without the other party's awareness if the other party is calling to harass or threaten.

Fri, Mar 5, 2010 Tweety6676 Florida

It's incredible that caller id spooking is legal in most scenarios, in most states (even those who have laws prohibiting the use in certain circumstances)- however as this site points out, if you are a victim of spoofing as my husband is (we just found out), we can't even have the conversations by the alleged spoofer recorded because that is deemed illegal. What the hell. Its seems like the criminals have more rights than the victims who are simply trying to track down the person basically using their identity for God knows what? Bottom line, unless this is done for legal reasons there should be no reason why someone gets to use your phone number for them to have their way and do all sorts of things basically using you as a scapegoat

Mon, Feb 22, 2010 seo company http://www.the-web-manager.com/

amazing...the more technology we gain, the more we find ways to exploit it and hurt ourselves. We are our own worst enemies.

Wed, Jan 20, 2010 GraciaF

The www.spooftel.com website lets you try it for free

Tue, Dec 29, 2009 Craig NJ

Caller ID Spoofing providers include www.spooftel.com (the cheapest to use) www.spoofcard.com, and www.spoofem.com. Some offer voice changing and call recording. Some also have free trials. A lot of people haven't heard of spoofing your caller ID but I think it's going to become a lot more popular. It does have its uses.

Wed, Dec 23, 2009 Tasha CA

Spoofing your caller ID can actually have its benefits. A lot of people block their calls (*67) and some phones don't accept blocked calls so you can make up a number. If you have clients and you don't want them to know your home number or cell phone number, you can make up a number (or use your office number). Sadly people take advantage of spoofing sometimes but it is used for good. Some spoofing sites cooperate with law enforcement to help find people who use their service for fraud, threats, etc. www.spooftel.com states on their site that they will cooperate with any law enforcement to ensure that the service is not misused.

Sat, Nov 28, 2009

I am so tired of criminals having all the rights. This spoofing stuff should be illegal. It has been proven to be used for harrassment and stalking purposes. If you don't want someone to know who you are, don't call. Spoofers are cowards. They lack the guts to say what they want to say because they are afraid of something or someone. I believe in karma. Spoofers will get theirs the right way.

Thu, Oct 29, 2009

does this really work

Tue, Oct 20, 2009 Jen IL

Someone called my cell phone using my home phone as their spoof number and made some serious threats (I was not home at the time). I was unaware of this "spoof the call" application and thought someone was in my house. I have 3 children and eneded up calling the police. What a waste of their time. Is there anything that can be done legally to find out who did this to me?

Sun, Oct 18, 2009

zenofon has a promotion going where you can get 83 minutes of free spoofing. check it out at zenofon.com/?AC1YR

Wed, Oct 14, 2009 Caller ID Spoof

There's a website that does this: http://www.calleridspoof.net

Sat, Oct 10, 2009 BobA NY

Lots of SickO's out there. Call the provider, explain the situation. They will trace the call and block it. I would want to know who this PondScum is.

Sun, Sep 27, 2009 Linda NJ

My friend's son died, and someone is calling, using her son's name and cell phone # on the caller ID. A very cruel joke. Is there any way to trace the caller? If she blocks his number, will that prevent the call coming through?

Add your Comment

Your Name:(optional)

Your Email:(optional)

Your Location:(optional)

Comment:

Please type the letters/numbers you see above

THE Journal

What is your e-mail address?

Do you have a password?