Are You iSpoof-Proof? Number Spoofing Scams & How to Stop Them

Are You iSpoof-Proof? Number Spoofing Scams & How to Stop Them

A  cybercriminal who devised a multi-million pound fraud case in the UK and worldwide has been sentenced to more than 13 years, for running the website iSpoof – a platform which provided number spoofing services for users globally.

An additional 169 further cybercriminals were also arrested as part of the investigation.

At its peak, 20 potential fraud victims were called every minute using the website software, which could only be downloaded via the dark web. Payments could also only be made using Bitcoin an attempt to ensure anonymity for the estimated 59,000 users.

The UK was a major target for cybercriminals, with around 35% of calls targeted towards British phone numbers – second only to the USA (40%).

What is Number Spoofing?

Number spoofing is a technique used by scammers to change the phone number that appears on a caller ID display. It involves changing the caller ID information to make it appear as if the call is coming from a different number, often one that is familiar to the person being called. The aim of this technique is to gain the trust of the person and to trick them into providing sensitive information or transferring money, as cyber criminals undertake phishing calls to a business’s customers.

Although this tactic is commonly called number spoofing, it is also often referred to caller ID spoofing or voice phishing.

Unlike emails scams or other types of online fraud, number spoofing attacks usually rely on the scammer contacting your customers direct, so they can build trust and ascertain personal information.

Understanding Number Spoofing

Spoofing scams are technologically facilitated through VoIP (Voice over Internet Protocol) services that allow fraudsters to mask their real phone numbers by displaying a different number on the recipient’s caller ID system. This is often executed via software or a specialised service that obfuscates the origin of the call.

Common Types of Spoofing

Neighbour Spoofing: Scammers mimic local numbers, often duplicating the first six digits of your own number to increase the likelihood that you answer the call.

Robocall Spoofing: Automated calls programmed to deliver pre-recorded messages with the caller ID disguised as local businesses or trusted organisations.

Text Message Spoofing: Similar tactics are applied through SMS, where text messages are sent from a number that appears to belong to a legitimate source, often prompting urgent action from the unsuspecting recipient.

Recognising Number Spoofing Scams

Are there clues you might be getting spoofed? Key indicators include incongruence in the information provided during the call with what you know, requests for immediate financial transactions or personal information, and pre-recorded voices or oddly timed delays indicating a robocall setup.

A robotic, emotionless voice or a caller who fails to interact naturally during the conversation can be a significant red flag, suggesting a robocall rather than a human on the other end of the line.

The Dangers of Spoofing Scams

Victims of spoofing scams can face extensive financial loss, identity theft, and a breach of personal security, which may take years to fully rectify. Instances include unauthorised purchases, funds transferred under false pretences, and personal data being exploited to open new accounts or gain further illegal access to financial services.

How do Number Spoofing Scams Work?

Number spoofing scams typically involve the scammer pretending to be someone they are not, such as a representative of a government agency or a financial institution. They may tell the person being called that they owe money or that there has been suspicious activity on their account. Alternatively, they may offer a prize or ask for personal information, such as credit card details. Other common tricks can include charity scams, employment and medical scams.

Once the scammer has gained the trust of the person being called, they will try to obtain sensitive information or money from them. They may ask the person to provide this information over the phone or to transfer money to a specified account. In some cases, they may even ask the person to buy gift cards and provide the card details over the phone.

What are Common Number Spoofing Scams

How fraudsters position themselves tends to vary and, the more insights they have into a customer’s personal details, the better they can make their calls/fake numbers seem more relatable. Some of the most common types of phone spoofing tactics are;

Insurance Scams

Insurance scams use number spoofing in several ways to trick victims into giving away personal information or making payments for fake insurance policies or claims. One common tactic is for scammers to use spoofed phone numbers to impersonate insurance companies or agents. They may use a legitimate insurance company’s phone number or a number that appears to be from a known insurance provider to create the impression that the call is genuine. Once they have gained the victim’s trust, they may then request personal information, such as credit card details or other payment information.

Insurance scammers use number spoofing to target individuals who have recently filed a legitimate insurance claim.

They may use a spoofed number to call the victim and offer to help them with their claim, but then request payment for their services or try to obtain additional personal information.

IRS Scam Calls

IRS scam calls are a type of phone scam where fraudsters pretend to be representatives from the Internal Revenue Service (IRS) and try to trick people into revealing personal information through paying fake tax bills.

Cyber criminals use phone number spoofing to make it seem like they are calling from a genuine IRS phone number. IRS scam calls can have a high success rate as they are designed to create panic and concern with the targeted victim, meaning they can act out of fear of wider consequences.

The IRS does not initiate contact with taxpayers by phone or email, and they will never threaten to bring in local police or other law enforcement agencies to arrest someone for non-payment of taxes – all of which can be scare tactics used by scammers.

Bank Scams

Telephone and online banking are a common target for number spoofing scams. They focus on calling banking customers using fake numbers, to try and find out personal information. This includes account details and personal identification details, allowing cyber criminals to commit fraud using these details.

This type of scam is particularly prevalent in the banking industry as fraudsters know that people are often more likely to trust a call from their bank and they are also able to target large amounts of potential funds.

Using VoIP, fraudsters can manipulate the Caller ID system to display a fake phone number on the victim’s caller ID. They can make it appear as if the call is coming from the victim’s bank or other legitimate financial institution, increasing the likelihood that the victim will answer the call and provide personal information.

Another method used by scammers is known as “neighbour spoofing,” where the fake phone number displayed on the victim’s caller ID is similar or identical to their own area code and exchange, making it more likely that the victim will answer the call. In some cases, the spoofed number may even belong to a legitimate business or organisation, adding further credibility to the call.

Fraudsters may also use other methods, such as Caller ID spoofing software or spoofing apps that allow them to change the phone number that appears on the victim’s caller ID.

Phone Number Spoofing – The Red Flags to Look out for

Although phone number spoofing scams are becoming increasingly more prevalent and sophisticated, there are still several key characteristics or red flags you can look out for to help you stay protected. These include:

Suspicious Calls from Unknown Numbers

If you or your customers find that you’re receiving an increasing number of calls from unknown, withheld, or private numbers, then it’s possible that your number is being targeted by scammers.

Automated Calls with Recorded Messages

Another strong indicator that you are being targeted by scammers. Important information from your bank or other institutions is never communicated by recoded message and you will always be asked to confirm your identity before any discussions with your actual bank.

Urgent Demands for Personal Information

If you are repeatably being asked for personal information, sometimes across multiple channels, such as phone and email, then this can again be an indication of fraudulent activity.

Threats of Legal Action or Arrest

Scammers are known for making threats against the customers they target, even advising that law enforcement will become involved through failure to make payment.

Demands for Payment via Gift Cards or Wire Transfers

Trusted companies and organisations will only ever ask customers to make payment though relevant, official channels. This would never include gift cards or wire transfers to individual users.

How do Scammers Spoof Numbers?

Phone number spoofing is a deceptive technique used by fraudsters to manipulate caller ID information, making it appear as though a call or message is coming from a trusted source. Scammers exploit this method to impersonate banks, government agencies, and well-known businesses, tricking individuals into providing sensitive personal or financial information.

Techniques Used to Spoof Phone Numbers

VoIP (Voice over Internet Protocol) Spoofing
Fraudsters use VoIP technology to modify caller ID information before making a call. Many VoIP services allow users to configure their outbound caller ID manually, making it easy for scammers to disguise their true identity.

SIP (Session Initiation Protocol) Trunking Exploits
SIP trunking, which enables voice calls over the internet, can be manipulated to insert fraudulent caller ID information into outgoing calls. Scammers exploit weaknesses in telecom protocols to make their calls appear to originate from legitimate businesses or local numbers.

Caller ID Spoofing Software & Apps
Numerous spoofing applications and online services enable scammers to change their displayed phone numbers at will. These tools are readily available and often marketed as harmless, but they are frequently misused for fraudulent activities.

SIM Farms and GSM Gateways
Some fraudsters use SIM farms—collections of multiple SIM cards connected to automated dialers—to make thousands of calls while displaying different numbers. This method helps evade spam detection and makes it harder to track the origin of scam calls.

Compromised PBX Systems
Hackers infiltrate business phone systems (Private Branch Exchange – PBX) to reroute calls and inject spoofed numbers. This allows scammers to use legitimate business infrastructure to place fraudulent calls without raising suspicion.

Legal Background and Protections

In many jurisdictions, the law explicitly prohibits the use of misleading or inaccurate caller IDs for harmful or deceptive purposes. For instance, in the United States, the Truth in Caller ID Act of 2009 outlaws such practices.

Despite existing laws, enforcement can be challenging, especially when calls originate from international locations or are routed through multiple networks, complicating traceability, and jurisdictional authority.

What are the Impacts of Number Spoofing Scams on Business?

When a business’s customers are targeted by online scammers, this can be a risky issue which can also escalate quickly if cyber criminals are left to operate with impunity. These can be both short term in the form of fines for improper fraud prevention, and/or longer term damage to your business which can take time to resolve and in turn cost a lot of money.

Damage to your Corporate Reputation

Even if a business is not directly at fault, your customers being targeted by number spoofing scams can have on your future business reputation. If customers no longer trust an organisation, then they can be quick to leave in favour for a different provider. This is particularly true if you’re a financial provider or company tasked with safety storing large amounts of sensitive customer information.

Financial Losses to your Business

Phone number spoofing scams can have significant negative impact on your business, based on the financial losses this can generate. There are several ways this can happen, from the loss of business a dent in your reputation can bring, right through to the large fines issued to companies in regulated industries who don’t keep their data safe and secure. Even in cases where the organisation is not directly at fault, expensive downtime or having to refund customers can continue to add up the more this happens.

Customer Identity Theft

Once a customer’s information has been compromised it can be extremely difficult to put the genie back in the bottle and make their personal information private again. Therefore, if compromised it’s likely that your customers will have to spend time and effort changing their details where possible – a headache for customers and businesses alike.

Emotional Distress & Lack of Customer Trust

In turn, when a customer falls victim to a phone number spoofing attack, or other forms of online fraud, this can have a large impact on them personally. Not only does changing personal information require time and effort, but it can also cause significant emotional distress, resulting in lack of trust in the future. Given the efforts businesses take around customer onboarding, mistrust or lack of confidence can quickly undo these efforts.

How to Prevent Number Spoofing Scams

There are steps you can take to both protect yourself and make sure your customers are aware of the potential risks to their accounts.

There are several sets of authoritative data which companies can use to cross reference the phone numbers engaging with your business, which help you ensure that you’re taking all possible measures to protect yourself and in turn your customers.

This data is provided by organisations such as Mobile Network Operators (MNOs) and government bodies, depending on the country/location from where the phone number is registered. This data can be accessed globally and in real time, meaning that you are only ever a matter of milliseconds away from the latest validation data.

This allows your business to:

• Eliminate surcharges from Origin Based Rating fraud
• Prevent domestic and international call-back fraud costs
• Seamlessly access real-time data when needed
• Eliminate up-front investment in hardware and software

Our TeleShield product can be integrated into existing business processes to provide enhanced information on whether a number has been assigned by a service provider to a customer or has recently been ported. This information can be used to shield a company from a wide range of telephony fraud.

The Future of Mobile Number Data in Fraud Prevention

As number spoofing techniques become more sophisticated, the role of mobile number data in preventing these scams will likely expand. Future advancements may include more intricate data analysis techniques that can predict and prevent spoofing activities before they reach the consumer. Additionally, as global data privacy and security laws evolve, so will the strategies to utilise mobile number data.

Proactive Steps to Protect Personal Information

Keeping personal and financial information secure is critical. Avoid sharing sensitive details over the phone unless you are certain of the caller’s identity and have initiated the call yourself. Regularly update passwords and account information, enable two-factor authentication on vulnerable accounts, and be vigilant about monitoring transaction histories for any unauthorised activity.

How to Handle and Report Spoofing Incidents

If you suspect a spoofing scam, here’s what you should do:

• Do not provide any personal information
• Hang up and call the official number of the organisation the caller claimed to represent
• Report the call to the relevant authorities, including the FTC for U.S. residents

Key Contacts and Resources for Reporting Spoofing Activities

Federal Trade Commission (FTC) for U.S. consumers
Canadian Anti-Fraud Centre (CAFC) in Canada
Action Fraud in the United Kingdom

Conclusion

Phone number spoofing, telephony fraud and other online scams are a serious risk to businesses and their customers. As tactics become increasingly complex it’s important that organisations take measures to reduce this risk and remain complaint with the fraud prevention measures which must be taken in different industries.

Call spoofing scams rely on social engineering tactics which are manipulative and can cause real damage to a brand’s integrity when their customers become a victim of online fraud such as phishing text messages, fake debt collectors, insurance scams, romance scams and other types of fraudulent calls where individuals are directly targeted for their personal information.

That said, there are now also several additional security measures your business can implement to offer greater protection, through additional transparency and insight around phone number data which may suggest a greater risk of fraud.

For helpful advice on flash calls, you can read our related article.