You screen your phone calls because you know scammers commonly use Voice over Internet Protocol (VOIP) as an attack vector. You also know that scammers typically hide their numbers or use international digits, making it easier to avoid their phone calls. So, when you receive a phone call from your bank, you assume it’s safe, even when the caller warns you about ‘unusual account activity and asks you to shift your money to a different account for ‘your protection.’
You recheck the Caller ID, and it certainly appears to be from your bank. “This can’t be falsified. Can it?” you wonder. Unfortunately, Caller ID spoofing is as real as it is dangerous in the world of scams. It’s often a component of vishing attacks and helps scammers rob thousands of people every year.
What Is Caller ID Spoofing?
Caller ID spoofing is when a scammer calling you spoofs the information on your caller ID to hide or misrepresent their identity. Typically, Caller ID shows the number and name associated with the number calling you. In a Caller ID spoofing attack, a threat actor can use software like VoIP to manipulate this information. Even if the spoofed Caller ID doesn’t show the name of a trustworthy institution like your bank, it may simply show a fake local number. This is effective because scammers know you’re more likely to answer local numbers than out of state or international ones.
What Is a Vishing Attack?
As you’re probably aware, a phishing email is a fake email that uses social engineering to trick you into providing your sensitive information, such as your name, phone number, or bank data, to a threat actor. Similarly, smishing uses text messages instead of phishing. And vishing is a scam that occurs over voice communication.
Modern scams may employ phishing, smishing, vishing, and Caller ID spoofing to steal from you. For example, a scammer may use a phishing email to learn where you bank. They may use smishing to reinforce the scam. And they may use vishing and Caller ID spoofing to complete the scam, with information harvested from their phishing and smishing campaign.
How to stop Caller ID spoofing and other vishing attacks
- Let it go to voicemail instead of picking up, even if it’s a local number. You can analyze the message later for red flags.
- Report any suspicious calls to the authorities. Not only can you contact the police, but you can also contact the company a scammer is spoofing.
- Call the right source if you suspect foul play. For example, if it’s your bank, call them back on the number listed on their website and ask to speak to the person calling you.
- Please stay clear of phone surveys, competitions, sweepstakes, as they may be attempts to gain your confidential information or your money.
- Think twice before sending money to someone on the phone, especially if the caller tells you that you won a competition and need to pay your fees.
- Be wary of any caller using social engineering tactics. For example, a scammer may tell you that there’s a warrant for your arrest because you owe taxes.
- Set your phone to block known spam and spoofed calls. For example, you can activate Caller ID and spam protection on Android devices.