Phone number swapping scams involve scammers or organisations hiding their authentic phone numbers when contacting the intended victim of a fraudulent scheme. This technique is mainly aimed at defrauding people and carrying out various forms of scams such as phishing attempts, identity theft and financial fraud.
Spoofing involves the deliberate use of data to spoof the identity of the caller making the outgoing call. In most cases, spoofing is done using Voice over Internet Protocol (VoIP) service or an IP phone to use VoIP to transmit calls over the Internet. VoIP users can usually choose which number or name to display when setting up their account profile.
Some providers even offer spoofing services that work like a prepaid calling card. Customers pay to receive a PIN to use when calling their provider. The code will allow them to choose the number of the person they want to contact and the number that appears on the latter's display.
Why is spoofing a phone number a real problem?
Scammers usually use spoofing to trick callers into handing over money, personal information or both. They may claim to be calling on behalf of a bank or charity, or even as part of a competition and offer a fictitious prize. These types of 'vishing' attacks are quite common and often target older people who are unaware of the threat.
For example, a common scam involves impersonating an IRS (Internal Revenue Service) agent. The caller tries to scare the caller into believing that they owe tax debt or that they need to send them confidential financial information immediately. Another common scam is providing fictitious technical support . The caller claims to work for a reputable company, such as Microsoft, and claims that there is a problem on your computer that requires remote access to fix it.
There are also 'SMiShing' or 'SMS phishing' attacks, which involve sending a message that looks like an authority or company and prompts you to click a link. Once you click the link, it can download malware onto your device, sign up for a paid service or even steal credentials for online accounts.
Why is phone number spoofing so common?
The ease with which digital voice signals can be sent over the Internet has led to an explosion of spam and automated calls in recent years. In fact, according to experts, a company offering telephone anti-spam solutions has published that the volume of malicious calls reached 54.6 billion in a standard period, an increase of 108% over the previous one.
Because the calls made by robots are made by automatically dialing pre-recorded messages, marketers and fraudsters can make far more calls than a real person ever could, often resorting to tricks such as making it appear as if the call was made from the recipient's region by changing the area code. This increases the chances that the recipient will certainly answer an incoming call, assuming it is from a friend or local business.
Classification of attackers' actions:
Using advanced technology to manipulate the Caller ID data displayed on the phone. Replacing or "spoofing" the name and number of an outgoing call so that the displayed information reflects the legitimate source.
Caller ID manipulation:
The use of a number that is very similar to the contacts of an organisation that is familiar and frequent in the dialogue - a government agency, a school, a bank, a well-known company - to gain credibility and attenuate attention. This similarity increases the likelihood that the call will be accepted.
The introduction of social engineering techniques to induce the caller to give confidential information, to take a certain action. They pose as representatives of a trusted organisation, government agency and present the call in a way that creates a sense of urgency or fear for the task at hand.
Different scam tactics:
Phone spoofing can be used in conjunction with a variety of scam techniques:
Phishing: Scammers pose as representatives of legitimate organisations and ask for personal information - account numbers, pin numbers, passwords - under the pretext of solving a problem or offering a reward.
Financial scams: scammers impersonate employees of financial institutions or credit card companies and use a variety of means to extort financial details or force them to make unauthorized transactions.
Tech support scams: Fictitious tech support agents report a non-existent issue with your computer or device. They then insist on giving you remote access to your system or ask you to install malware disguised as useful software.
Government scams: Fictitious government agents from tax and immigration authorities claim you are in debt or have problems with your documents. Intimidate with legal consequences or deportation in order to obtain payments or personal data.
Call-back scams: In some cases, scammers may leave a missed call or voice message encouraging you to call back. When you do, you may be connected to a number with a premium rate, resulting in exorbitant charges on your phone bill, or be redirected to an automated system which attempts to classify personal details.
What can be done to prevent fraudulent calls?
To really limit these calls, the first thing to do is to check whether your telephone company offers a service or application that can perform identification, personalization and spam filtering.
AT&T and Verizon, for example, have applications that can filter spam or receive fraud alerts, although they might cost you a little more each month. T-Mobile notifies its customers if a call could lead to fraud as soon as it appears on your phone screen. Its customers can also sign up for a free fraud blocking service.
There are also third-party apps such as RoboKiller and Nomorobo that can help you monitor calls, but be aware that you will be sharing personal information with them.
Once you've registered with the Do Not Call registry and become familiar with the various options offered by your operator, you need to be especially careful when sharing your contact information. If an online form asks for a personal telephone number unnecessarily, you should not fill in the form. Also, do not include your personal details in your personal social media accounts.
If you receive an incoming call from an unknown number, you should not answer it. You can always call back later to check if it is a real person or company. If it is a fraudulent call, you should block the details of the number in your phone book, but unfortunately this is not a panacea, as scammers very often change the number.
Beware of online contests and sweepstakes as they often share data with other companies.
Keep an eye out for the latest updates on the structures and algorithms of the latest scams so you know what to expect. It is not unreasonable to install resources such as Mobile Security on personal and business communications to ensure that confidential data is protected from fraudulent software, viruses and other potential vulnerabilities.