spoofing
spoofing

Though you’re probably used to ignoring phone calls from unknown numbers at this point, you might be more willing to pick up if that number looks familiar.

That’s what happened when Aaron Craven, 39, who lives in the Minneapolis area, got a call from what appeared to be his ex-wife. “I answered the call, but it was a telemarketer,” he said. “I had gotten spoofed calls before, but I didn’t realize they could spoof numbers that are real.”

 

 

 

 

 

 

The latest robocall strategy, called “neighbor spoofing,” is a growing problem. As consumers across the U.S. receive more than 5.1 billion robocalls every month, according to call-blocking provider YouMail, the Federal Trade Commission (FTC) said the number of complaints specific to neighbor spoofing doubled in the first few months of 2018. Here’s how to stop neighbor spoofing calls and what the regulators and telecom industry are doing about it.

What is neighbor spoofing?

In the last few years, neighbor spoofing has evolved from simple robocalling, which is a less-targeted approach with the same goal: Trick someone into giving away valuable information.

But for a phone scam to work, the recipient has to pick up the call. Neighbor spoofing is when a scam artist falsifies a caller ID so it displays a phone number similar to your own, usually the first three or six digits. The idea is you might be more willing to pick up the phone instead of letting it go to voicemail.

“People frequently won’t answer a call if it looks like it’s overseas or out of state, but they typically will answer a call if it looks like it’s from a local number,” said Michael Levin, a security expert and CEO of the Center for Information Security Awareness.

How does neighbor spoofing work?

Recent advancements in technology make it cheap and easy to make robocalls and mask the caller’s true identity. Here’s a quick overview of how it works.

  • Step 1:The scam artist records a message that will play when the recipient picks up the phone call. It may promise a low-cost vacation or tell you to pay an overdue tax bill from the IRS (Note: The IRS never calls taxpayers to demand specific payments). “They use any sense of urgency to try and scare people,” Levin said. Then, the fraudster will either illegally purchase phone numbers or use technology to generate random phone numbers.
  • Step 2:The scam artist pairs voice over internet protocol (VoIP) with spoofing technology to dial thousands and thousands of numbers a minute using the internet instead of a regular phone line. When a call reaches you, the caller ID seems to match the first three or six numbers in your own phone number—specifying these as neighbor spoofing calls.
  • Step 3:If you answer the call or engage with the message, you may be transferred to a call center where someone is waiting to read from a script. “It’s like a boiler room in the old movies, where a room full of people are sitting there trying to get people to buy stuff,” Levin said.

According to the FTC, different pieces of the operation could span the globe. For example, the telemarketer could be in Canada, the phone carrier may work out of the U.S., and the VoIP server and call centers may be located in Asia.

What are these robocallers after?

The goal is typically to sell you a product or trick you into giving out financial information, or simply to verify the number is active.

“When you answer the phone and engage with them, they know you’re a good number,” Levin said. Scammers who get through to a person may put your number on what’s known as a “sucker list.” That could mean you’ll get more scam calls in the future.

How to trace a spoofed phone number

If you get a neighbor spoofing call, try looking up the phone number so you can report it to the Federal Communications Commission (FCC) Consumer Complaint Center. You can also look up the phone number to try and uncover the name of the owner and where the number originates. Because robocall calls use VoIP services and generate fake phone numbers, it’s often difficult to trace these calls back to an individual or company. But when a reverse phone search doesn’t return any results, that could be a sign you’re dealing with a spoofed call.

Is neighbor spoofing illegal?

There’s no gray area here. The 2009 Truth in Caller ID Act says callers can’t deliberately falsify a caller ID with the intent to harm, trick or defraud others. Penalties for each violation can reach $10,000, and regulators are getting tougher on organizations that flout the law. In May 2018, the FTC fined a Florida telemarketer $120 million for malicious neighbor spoofing, which was part of a massive robocalling scheme in which the telemarketer sold travel packages.

However, “there are legitimate reasons why the number that shows on your caller ID might not be the number you’re actually getting a call from,” said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America.

For example, someone calling on behalf of another company or charity can adjust the caller ID to reflect the company or charity’s information (and not the telemarketer’s). But the caller ID must show the phone number that the recipient can dial and ask to “unsubscribe” from future phone calls. You may also set your own caller ID to “unknown” if you choose to keep your number private—it’s not considered spoofing.

How to stop neighbor spoofing

Regulators and lawmakers are trying new ways to shield consumers from receiving endless fake phone calls, but they remain a few steps behind the criminals.

In November 2017, the FCC approved new rules allowing phone companies to proactively block telephone numbers that are likely to be fraudulent. As a response, the telecom industry is creating a type of caller ID authentication system that goes by the name Stir/Shaken. The system could be ready later this year. Although the technology won’t stop calls coming through, it can flag them as potentially fraudulent and let the consumer decide whether to answer.

“It will only really work if every carrier is using it,” Grant said. “Not only U.S. carriers, but because a lot of scam calls come from overseas, it really is going to be necessary for cooperation from overseas carriers as well.”

As for the average consumer, who gets about 15 spoofed phone calls every month, there are several ways to handle these calls. Craven said he lets Google Assistant screen any call from a number not in his contacts list, which happens about five times a week. “In the big picture it’s a slight nuisance, having to handle these calls,” he said, “but it would be beneficial to not have to deal with it.”

Until a one-size-fits-all solution emerges, here’s how you can block neighbor spoofing and report the crime:

  • Ignore calls from unfamiliar numbers and let the call go to voicemail.
  • Call your phone carrier and ask about call blocking tools they may have. For example, AT&T and Verizon offer call-blocking services.
  • Consider using an anti-robocall tool such as the Nomorobo and RoboKiller apps.
  • Report your experience with the FCC’s Consumer Complaint Center.
  • Register your number with the National Do Not Call Registry. Your landline or cellphone number will be removed from call lists that companies use, which should cut down on the number of calls you receive from legitimate telemarketers. However, you may still receive illegal robocalls.

What if your number is spoofed?

As Craven realized, scammers can use a real number to spoof calls, so there’s a chance one might mimic yours at some point. If this happens, people might call you back and ask why “you” dialed their number. Grant recommends you report the incident to your phone carrier and the FCC.

Then leave a message on your voicemail that explains the situation. For example: “Please be advised my number was spoofed by a fraudulent company, and I did not call you. Disregard any calls from this number.” Let all calls go to voicemail, and in a few days the scam artist will move on from using your phone number.

Remember to set a password on the voicemail, as hackers who spoof your phone number may be able to access this feature if it’s unprotected.

Tips to avoid neighbor spoofing scams

Security and telecom experts suggest never answering a call from an unknown number, or hanging up immediately if you answer the phone but suspect foul play. However, if you get pulled into a conversation with a potentially fraudulent telemarketer, here’s advice from the FCC:

  • If a recording tells you to press a button—for example, to confirm that you no longer want the phone calls—just hang up. It may be part of the scam.
  • Don’t answer any questions, especially ones that can be answered “yes” or “no.”
  • Never give out personally identifiable information, sometimes called “PII.” This includes your Social Security number, credit card information or any other identifying information such as where you live.
  • If you receive a phone call or voicemail from a company you do business with, tell the person you’ll call them back. “But don’t use the number they leave; it may be part of the scam.” Levin said. “Go to their official website or look at your account statement for the phone number.”
  • Don’t respond if you’re being pressured to provide information quickly.

In the meantime, consumer advocates are urging regulators and the telecom industry to implement stronger solutions to reduce fake phone calls and fraud. After all, said Grant, “it makes your phone less convenient to use, when you have to go through these precautions” to simply answer a call.