Telephone scams are on the upswing, and they’re often enabled by caller ID spoofing. That name and number that appears when someone calls you can be faked, so you can’t place all your trust in it.
Caller ID is more of a convenience feature. If a friend, family member, or business is calling you, you can easily see who it is before you answer. It’s not a security feature, and scammers can appear as any phone number and name they like.
Caller ID numbers and names can be faked. The how and why aren’t as important — everyone just needs to know this is possible.
This is often illegal, of course. In the USA, FCC rules “prohibit any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value.” But, if someone is already trying to scam you, they won’t necessarily be scared of breaking another law. This is especially true if those calls are coming from outside the US, as those fake Windows and Mac tech support calls often do.
You might assume that, because the phone company theoretically knows where the phone call is coming from, they can show you an accurate number. But that’s not how the system works. Instead, an incoming phone call comes with a bit of data attached to it — the number it claims to be from and, sometimes, a name. In other cases, your phone company may look up the number in a phone directory and automatically attach the name.
Phone calls are more like letters and emails. When you mail a letter, you can write anything in the “Return address” area — it’s not checked. When you send an email, you can modify the “From” field and claim it’s from anyone — that’s usually not checked, either.
That’s the main thing to bear in mind. Caller ID doesn’t show you where the phone company thinks the phone call is coming from. It shows where the caller claims the phone call is coming from.
This feature isn’t always used for bad purposes. For example, a business owner might want to use caller ID spoofing on their cell phone. The cell phone could report its caller ID number as the business’s landline phone number. People would know the call is from that business and returned calls would go to the business itself rather than the cell phone.
That sort of use wouldn’t be illegal in the US, as it wouldn’t be performed with the intent to defraud.
VoIP equipment generally allows you to set a caller ID phone number to anything you want, and many VoIP providers may just offer this feature.
It doesn’t matter, though — anyone can do it with a quick web search. Plug “caller ID spoofing” or “fake caller ID” into your favorite web search engine. You’ll find websites where you can plug in a phone number and easily call someone with a fake caller ID.
There are also other services that work like calling cards, allowing you to call a phone number, enter a fake caller ID number, enter the number you want to call, and connect you.
So, how do you protect yourself? Easy: Don’t trust what caller ID says.
If you see a number like the local police department, a bank, a legitimate business, or a government agency, remember that number could be fake. Don’t trust the caller just because of the number that appears on their caller ID. If you’re ever in doubt, just assume you’re being scammed, pranked, or otherwise tricked.
If you think it might be a legitimate call, you should try calling them back. For example, let’s say your bank calls you about a problem with your bank account and wants personal information. Rather than giving it to them, hang up and find the bank’s official phone number — on their official website, for example. Call that phone number back so you’re sure you’re actually talking to your bank.
Don’t be fooled into trusting a scammer just because a legitimate number appears when they call you. Always remember that number can be faked.