Caller ID Spoofing

The Caller ID Con

I received a phone call from my credit union the other day informing me that they noticed some suspicious activity on my account and wanted to confirm possible fraudulent activities. 

I have a spam alert filter on my phone. Although the number from the caller did not trigger the alert, for the sake of at least awareness, I responded, “Thank you, how can I help?”

The caller then asked to confirm whom he was speaking to and if I could confirm my account number.  Without being obnoxious, I asked, “Who do you think you are calling? Please read off the last four digits of the account in question, and I will confirm if that is my account.”

The agent replied that the process did not work that way – that he needed to enter the account number into his system to pull up my information so he could continue to help me.

Sensing this was a scam, but somewhat interested in how this scheme worked, I tried a different tactic.  I asked what was the fraudulent activity causing concern.  He replied that they noticed a number of attempts to change my password.  I asked if he could confirm if the password change was successful.  He stated this was an automated process and he does not know. 

Caller ID Spoofing

Be Caller ID Savvy

I have a rule of thumb that when in doubt: take control of the situation.  I simply thanked him for his time and told him I would call back on the customer support line on the website.

After calling the customer support line, I was informed that I was almost a victim of caller ID spoofing.  Caller ID spoofing is a technology that allows the originator to alter the information forwarded to your caller ID in order to hide the true number. With caller ID spoofing, a person can send and receive outgoing or incoming phone calls or texts that appear to be from any phone number they choose.

The interesting thing is that caller ID spoofing by itself is perfectly legal.  Many service businesses provide what appears to be local area phone number so that people feel they are dealing with a community business, when the actual business may be several hundred miles away.  It is only illegal if the purpose of the spoof is to defraud, or cause harm to the called party.

Tips and Tricks:
Avoid Caller ID Spoofing

  1. Always be suspicious when a “service agent” calls and requests personal information.
  2. Never confirm whom they are speaking to; ask the caller to identify who they are calling.
  3. Always ask what activity initiated the call.
  4. Always go back to the legitimate web portal and call the organization service line.
  5. When in doubt – always change your password.

Why Choose ASCERTIS Solutions

ASCERTIS Solutions can conduct a security assessment of a small business in a week and provide a roadmap for your company to implement a cyber defense strategy that fits your budget.  Trained security professionals can be hired on a part-time basis to fill the role of Chief Cyber Security Officer (CISO) to assure that your roadmap is implemented in a timely and cost-effective fashion. 

If interested, please contact assessments@ascertis.solutions.