Spoofing question

665 Views | 9 Replies | Last: 8 days ago by Pinochet
cecil77
How long do you want to ignore this user?
AG
My wife received a call and the caller ID showed what a spam number. Looking up the number it's not a real number.

However, it was actually her mom who left a voicemail.

So her mom called from her landline and left a VM, but an incorrect number was reported on my wife's phone.

How does this work?
Picard
How long do you want to ignore this user?
AG
Mother-in-law flagged as spam? And you're questioning this?

Sounds great to me!

Lathspell
How long do you want to ignore this user?
AG
Very simple. The scammers out there spoof numbers all the time. Apparently enough scammers spoofed her number enough times, causing many of those receiving the calls to mark them as spam.

This number gets added to certain carrier spam lists and is now marked as a spam caller.

If she is marked as a potential spam caller on one provider, it doesn't mean she is with all providers. There are ways to request to be removed from these lists, but it's a pain in the ass.
cecil77
How long do you want to ignore this user?
AG
Lathspell said:

Very simple. The scammers out there spoof numbers all the time. Apparently enough scammers spoofed her number enough times, causing many of those receiving the calls to mark them as spam.

This number gets added to certain carrier spam lists and is now marked as a spam caller.

If she is marked as a potential spam caller on one provider, it doesn't mean she is with all providers. There are ways to request to be removed from these lists, but it's a pain in the ass.

I understand spoofing.

However we get call from her land line on occasion and caller id shows her number. For this call, from her land line, caller id reported ad spam number.
Lathspell
How long do you want to ignore this user?
AG
You didn't read my post.
cecil77
How long do you want to ignore this user?
AG
Lathspell said:

You didn't read my post.
Well I did, but maybe didn't understand fully.

I guess I don't know where the caller ID db is. Do the providers not share "directories" for look up with each other. Is caller id separate DBs maintained by different parties? How does caller id work.
Lathspell
How long do you want to ignore this user?
AG
Was going to start typing an answer, but I'm working and don't feel like spending half an hour typing... so off to ChatGPT!

Carriers generally cannot detect when a caller is spoofing a phone number because of the way the current telecommunications system works. Here are the key reasons:
1. Legacy Infrastructure
  • The telephone network was designed decades ago without strong authentication mechanisms. It operates on a trust-based system where carriers accept the Caller ID information provided by the originating network without verification.
2. Lack of Authentication in Caller ID
  • Caller ID information is sent alongside the call setup data but isn't verified. The system doesn't check whether the number being displayed actually belongs to the caller, allowing bad actors to manipulate the information.
3. Voice over IP (VoIP) Technology
  • Many spoofed calls originate from VoIP services, where users can configure their outbound Caller ID manually. VoIP systems allow this flexibility for legitimate purposes, such as businesses displaying their main number regardless of the specific extension making the call.
4. International Calls
  • When calls cross international boundaries, the originating carrier's information may not be passed through the same way or verified by the receiving carrier. This creates an additional layer of complexity in identifying spoofed numbers.
5. Lack of Universal Standards
  • Until recently, there was no universal framework to authenticate Caller ID information. However, the STIR/SHAKEN framework is being implemented in many countries (e.g., the U.S.) to combat spoofing by verifying the authenticity of Caller ID information. Despite this, it requires participation from all carriers in the call path, and implementation is still ongoing.
6. Resource Constraints
  • Detecting and analyzing spoofing in real time would require significant computational and financial resources. Carriers often prioritize call routing and connectivity over such checks.
7. Legitimate Use Cases for Spoofing
  • Some businesses and services legitimately spoof numbers, such as when displaying a toll-free number for customer support. Carriers would need to differentiate between legitimate and malicious spoofing, which is a challenging task.
8. End-to-End Encryption
  • In some cases, VoIP calls may use encryption, preventing intermediate carriers from inspecting the contents of the call setup data to detect spoofing.
Current Efforts to Combat Spoofing
The implementation of frameworks like STIR/SHAKEN aims to address these challenges by adding cryptographic signatures to Caller ID information, allowing carriers to verify whether the number is authentic. However, these measures are not foolproof and require global cooperation to be fully effective.
Lathspell
How long do you want to ignore this user?
AG
Caller ID is just a stream of data attached to that specific call. If a scammer spoofs your MIL's caller ID, the party receiving the call sees her caller ID. That person answers the call, is asked about their car's warranty, then hangs up and flags the caller ID as Spam.

That person uses AT&T, and their cell phone sends that data to AT&T that your MIL's caller ID is spam. Enough people do this for her number, each time being spoofed, and her Caller ID is added to the STIR database.

Again... very simple, and unfortunately something many businesses have to deal with. I work with many of our customers on getting this flag removed from their various DIDs.
cecil77
How long do you want to ignore this user?
AG
I appreciate the time, thanks. Next there, I'm going to call my cell with her landline and see what it shows. She's advanced age and can't make a call on her own cell, so she has her housekeeper do it for her. The landline call is unusual, so maybe it's just been added to the STIR db.
Pinochet
How long do you want to ignore this user?
Great idea. I'll start marking my in-law's number as spam. Maybe I'll make a bunch of random spam texts and calls from it too.

Genius.
Refresh
Page 1 of 1
 
×
subscribe Verify your student status
See Subscription Benefits
Trial only available to users who have never subscribed or participated in a previous trial.