This month's topic is about caller id manipulation.
Recently, Caller ID spoofing has become much easier and more
prevalent. Millions of people have Internet based telephone equipment
that can be set to make any number appear on a Caller ID system.
And to make this process even easier, several web sites have popped
up to provide Caller ID spoofing services. These sites eliminate
the need for any special hardware or software.
For purposes of this article, we will examine the site, http://www.spoofcard.com.
They sell a virtual "calling card" for $10 that provides you with
an hour of calling time. The user dials a toll-free number, then
keys in the destination number and the Caller ID number to display.
The service also provides you with an optional voice scrambling
feature, to make the caller sound like someone of the opposite sex,
either male or female. Currently Caller ID spoofing appears to be
legal, though many of its uses are not and according to the Federal
Communications Commission web site, it has never investigated this
Some Caller ID spoofing web sites appear to be used by people who
buy stolen credit card numbers. They will call a service such as
Western Union, setting Caller ID to appear to originate from the
card holder's home and use the credit card number to order cash
transfers that they then pick up. Exposing a similar vulnerability,
Caller ID is used by credit-card companies to authenticate newly
issued cards. The recipients are generally asked to call from their
home phones to activate their cards. Some card companies claim that
they use additional means to confirm new cards. And caller ID
spoofing may not work for calls to toll free numbers, where the
hardware can identify calls using an additional technology.
Telephone companies can trace calls to their origin regardless of
the Caller ID information they carry, but the process is labor
intensive, since a call may be carried by several companies before
reaching its destination. The fragmented nature of the telephone
network also makes it technically difficult for the carriers to
prevent spoofing. It's also fairly easy to break into a cell phone
voice mailbox using spoofing, because many systems are set to
automatically grant entry to calls from the owner of the account.
Stopping that requires setting a PIN code or password for the
mailbox. In a similar incident, spoofing was part of the technique
used by a hacker who broke into Paris Hilton's cell phone voice
mail in 2004. The hacker apparently called her by posing as a
support person from her carrier and persuader her to give up her
password. This technique is known as a "pretext" call, where someone
poses on the phone as a customer or employee to obtain personal
information from companies and individuals. And while spoofcard.com
seems to be a service that is used for "entertainment purposes,"
it also notes on their web site that "Private Investigators and
Law Enforcement" will find Caller ID spoofing valuable for pretext
There you have it. False caller identification is more serious than
pranks, or the annoyance of intrusive telemarketing. It facilitates
fraud and can be potentially used for more sinister practices. So
the next time you receive a phone call from a familiar number and
you do not recognize the voice on the other end, you might want to
ask who it is.
To respond to this or previous newsletters or to inquire about an
on-site presentation, please feel free to call us at 508-995-4933
or email us at [email protected]
We Manage Risk, So You Can Manage Your Business
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Michael Desrosiers
© 2011-03-22 Michael Desrosiers