Want more insights?
Sign up to join our mailing list.
A cybercriminal who devised a multi million pound fraud case in the UK and worldwide has been sentenced to more than 13 years, for running the website iSpoof – a platform which provided number spoofing services for users globally.
An additional 169 further cybercriminals were also arrested as part of the investigation.
At its peak, 20 potential fraud victims were called every minute using the website software, which could only be downloaded via the dark web. Payments could also only be made using Bitcoin an attempt to ensure anonymity for the estimated 59,000 users.
Number spoofing is a technique used by scammers to change the phone number that appears on a caller ID display. It involves changing the caller ID information to make it appear as if the call is coming from a different number, often one that is familiar to the person being called. The aim of this technique is to gain the trust of the person and to trick them into providing sensitive information or transferring money, as cyber criminals undertake phishing calls to a business’s customers.
Although this tactic is commonly called number spoofing, it is also often referred to caller ID spoofing or voice phishing.
Unlike emails scams or other types of online fraud, number spoofing attacks usually rely on the scammer contacting your customers direct, so they can build trust and ascertain personal information.
Number spoofing scams typically involve the scammer pretending to be someone they are not, such as a representative of a government agency or a financial institution. They may tell the person being called that they owe money or that there has been suspicious activity on their account. Alternatively, they may offer a prize or ask for personal information, such as credit card details. Other common tricks can include charity scams, employment and medical scams.
Once the scammer has gained the trust of the person being called, they will try to obtain sensitive information or money from them. They may ask the person to provide this information over the phone or to transfer money to a specified account. In some cases, they may even ask the person to buy gift cards and provide the card details over the phone.
How fraudsters position themselves tends to vary and, the more insights they have into a customer’s personal details, the better they can make their calls/fake numbers seem more relatable. Some of the most common types of phone spoofing tactics are;
Insurance scams use number spoofing in several ways to trick victims into giving away personal information or making payments for fake insurance policies or claims. One common tactic is for scammers to use spoofed phone numbers to impersonate insurance companies or agents. They may use a legitimate insurance company’s phone number or a number that appears to be from a known insurance provider to create the impression that the call is genuine. Once they have gained the victim’s trust, they may then request personal information, such as credit card details or other payment information.
Insurance scammers use number spoofing to target individuals who have recently filed a legitimate insurance claim.
They may use a spoofed number to call the victim and offer to help them with their claim, but then request payment for their services or try to obtain additional personal information.
IRS scam calls are a type of phone scam where fraudsters pretend to be representatives from the Internal Revenue Service (IRS) and try to trick people into revealing personal information through paying fake tax bills.
Cyber criminals use phone number spoofing to make it seem like they are calling from a genuine IRS phone number. IRS scam calls can have a high success rate as they are designed to create panic and concern with the targeted victim, meaning they can act out of fear of wider consequences.
The IRS does not initiate contact with taxpayers by phone or email, and they will never threaten to bring in local police or other law enforcement agencies to arrest someone for non-payment of taxes – all of which can be scare tactics used by scammers.
Telephone and online banking are a common target for number spoofing scams. They focus on calling banking customers using fake numbers, to try and find out personal information. This includes account details and personal identification details, allowing cyber criminals to commit fraud using these details.
This type of scam is particularly prevalent in the banking industry as fraudsters know that people are often more likely to trust a call from their bank and they are also able to target large amounts of potential funds.
Using VoIP, fraudsters can manipulate the Caller ID system to display a fake phone number on the victim’s caller ID. They can make it appear as if the call is coming from the victim’s bank or other legitimate financial institution, increasing the likelihood that the victim will answer the call and provide personal information.
Another method used by scammers is known as “neighbour spoofing,” where the fake phone number displayed on the victim’s caller ID is similar or identical to their own area code and exchange, making it more likely that the victim will answer the call. In some cases, the spoofed number may even belong to a legitimate business or organisation, adding further credibility to the call.
Fraudsters may also use other methods, such as Caller ID spoofing software or spoofing apps that allow them to change the phone number that appears on the victim’s caller ID.
Although phone number spoofing scams are becoming increasingly more prevalent and sophisticated, there are still several key characteristics or red flags you can look out for to help you stay protected. These include:
Suspicious Calls from Unknown Numbers
If you or your customers find that you’re receiving an increasing number of calls from unknown, withheld, or private numbers, then it’s possible that your number is being targeted by scammers.
Automated Calls with Recorded Messages
Another strong indicator that you are being targeted by scammers. Important information from your bank or other institutions is never communicated by recoded message and you will always be asked to confirm your identity before any discussions with your actual bank.
Urgent Demands for Personal Information
If you are repeatably being asked for personal information, sometimes across multiple channels, such as phone and email, then this can again be an indication of fraudulent activity.
Threats of Legal Action or Arrest
Scammers are known for making threats against the customers they target, even advising that law enforcement will become involved through failure to make payment.
Demands for Payment via Gift Cards or Wire Transfers
Trusted companies and organisations will only ever ask customers to make payment though relevant, official channels. This would never include gift cards or wire transfers to individual users.
When a business’s customers are targeted by online scammers, this can be a risky issue which can also escalate quickly if cyber criminals are left to operate with impunity. These can be both short term in the form of fines for improper fraud prevention, and/or longer term damage to your business which can take time to resolve and in turn cost a lot of money.
Damage to your Corporate Reputation
Even if a business is not directly at fault, your customers being targeted by number spoofing scams can have on your future business reputation. If customers no longer trust an organisation, then they can be quick to leave in favour for a different provider. This is particularly true if you’re a financial provider or company tasked with safety storing large amounts of sensitive customer information.
Financial Losses to your Business
Phone number spoofing scams can have significant negative impact on your business, based on the financial losses this can generate. There are several ways this can happen, from the loss of business a dent in your reputation can bring, right through to the large fines issued to companies in regulated industries who don’t keep their data safe and secure. Even in cases where the organisation is not directly at fault, expensive downtime or having to refund customers can continue to add up the more this happens.
Customer Identity Theft
Once a customer’s information has been compromised it can be extremely difficult to put the genie back in the bottle and make their personal information private again. Therefore, if compromised it’s likely that your customers will have to spend time and effort changing their details where possible – a headache for customers and businesses alike.
Emotional Distress & Lack of Customer Trust
In turn, when a customer falls victim to a phone number spoofing attack, or other forms of online fraud, this can have a large impact on them personally. Not only does changing personal information require time and effort, but it can also cause significant emotional distress, resulting in lack of trust in the future. Given the efforts businesses take around customer onboarding, mistrust or lack of confidence can quickly undo these efforts.
There are steps you can take to both protect yourself and make sure your customers are aware of the potential risks to their accounts.
There are several sets of authoritative data which companies can use to cross reference the phone numbers engaging with your business, which help you ensure that you’re taking all possible measures to protect yourself and in turn your customers.
This data is provided by organisations such as Mobile Network Operators (MNOs) and government bodies, depending on the country/location from where the phone number is registered. This data can be accessed globally and in real time, meaning that you are only ever a matter of milliseconds away from the latest validation data.
This allows your business to:
Phone number spoofing, telephony fraud and other online scams are a serious risk to businesses and their customers. As tactics become increasingly complex it’s important that organisations take measures to reduce this risk and remain complaint with the fraud prevention measures which must be taken in different industries.
Call spoofing scams rely on social engineering tactics which are manipulative and can cause real damage to a brand’s integrity when their customers become a victim of online fraud such as phishing text messages, fake debt collectors, insurance scams, romance scams and other types of fraudulent calls where individuals are directly targeted for their personal information.
That said, there are now also several additional security measures your business can implement to offer greater protection, through additional transparency and insight around phone number data which may suggest a greater risk of fraud.
CMO AND CO-FOUNDER
Sign up to join our mailing list.
Take a look at our latest white paper, Tackling Mobile Identity Fraud in Financial Services. Our our product experts are always on hand to answer any questions!