Spoofing is the practice of falsifying information to gain an advantage, usually monetary. Specifically, it is when a caller changes the caller ID to transmit a different phone number than the actual number of the originating call or text. It is ridiculously easy to do with apps and instructions freely available on the Internet or as a paid service. Spoofing is made possible by weak authentication of caller ID.
The Federal Communications Commission (FCC) offers tips on how to avoid becoming the next victim of a spoofing scam. However, despite the tips, warnings, and information available to consumers, spoofing continues to be a wide-spread problem. The following paragraphs describe an example of the depths to which malicious individuals will sink to achieve their objectives via spoofing, as well as the action lawmakers are taking to combat the problem.
Cancer patients at a trusted and reputable cancer-treatment hospital in Florida thought their health-care provider was calling, only to discover that a malicious party spoofed the phone number to make it appear as though the calls originated from inside the hospital. As a result, cancer patients, on whom one can depend absolutely to answer a call from their hospital, shared personal information with the criminal imposters.
Such was the testimony of Dave Summit, Chief Information Security Officer (CISO) of the H. Lee Moffitt Cancer Center and Research Institute, before the United States Congress on April 30, 2019. This testimony is part of an effort to pass legislation called the TRACED Act, introduced last January by Senator John Thune, which would increase the power of the United States Government to penalize malicious parties with bigger fines, with the intent of deterring criminal activities and compelling carriers to make it easier for consumers to identify spoofed calls via a system called SHAKEN/STIR that authenticates caller ID.
An update to the nation’s robocall rules needs desperately to deal with caller ID spoofing techniques. The last time the federal government passed such legislation was the Telephone Consumer Protection Act of 1991 which was intended to protect consumers from unwanted calls. This 28-year-old law is inadequate for current times, especially with changes in mobile. If you suspect you are the target of spoofing, then file a complaint with the FCC. Additionally, for advice on spoofing and call authentication, email us or give us a call today!