Scammers can fake caller ID info

[stockhausen]

I was not aware of this until just now. For ages now I have had calls from Asian sounding gents allegedly from the incredibly noisy call centre of my ISP (as it happens, they have the wrong ISP) telling me that there have been reports of problems with my router and that they want access to my Router / PC in order to investigate and correct the problem.

These calls used to come from "number withheld" numbers. However, they are now coming from numbers beginning 0209. I was puzzled about this and so had a quick Google which provided the following information:

Your phone rings. You recognize the number, but when you pick up, it’s someone else. What’s the deal?

Scammers are using fake caller ID information to trick you into thinking they are someone local, someone you trust – like a government agency or police department, or a company you do business with – like your bank or cable provider. The practice is called caller ID spoofing, and scammers don’t care whose phone number they use.

I accept that these Spammers are probably bright guys with degrees who can find no other work and I am invariably polite to them.

What amazes me is that they clearly work for large, sophisticated criminal organisations that the Indian Government seems to have no interest in shutting down.

 

[Werewolf]

The faking of caller ID has been relatively easy to do for well over a decade (it's one of the ways the SWAT'ers cause so much mayhem), and is somehting that's intended to allow the likes of legitimate companies/organisations make outgoing calls from a number that isn't intended to receive them (IE all the lines at your GP or hospital displaying their official "incoming" number rather than the one belonging to a specific consultant).

Part of the problem seems to be that there is pretty much no incentive for the telecoms companies to fix the issue (although BT has made a bit of a start), and the companies that provide the lines simply don't care as they can make their money and shut down before the telecoms regulator can take action (assuming the regulator can take any action at all).
Another part of the problem is that the "line id" as displayed to the receiver of the calls was never (from what I understand) designed with any thought to making it secure or having checks that it's legitimately used in order to allow interoperability between different providers of kit, and backwards compatibility with systems that were older/legacy, a little like email (which has exactly the same problem with spoofed "from" fields).

I suspect the reason we're seeing more of the calls from what appear to be legitimate numbers is simple, people started routinely blocking withheld numbers :/

Personally I would like to see ALL the UK phone companies required to share information about bulk calls and start dealing with them like Gmail/Hotmail do with Spam emails, as I think BT have made a start with Call Protect, but if all of them shared the information it would probably make it even more effective.


I've joked in the past that if Al'Quada or ISIS ever wanted to gain some sympathy and support in the UK blowing up a few of these call centres would certainly get my vote (when I was looking after my mother we were getting around 15-20 of these calls a day and couldn't block numbers we didn't recognised because we never knew quite what numbers the likes of the hospital/social care people would be using, although a call guardian phone set to divert international & unknown calls to answerphone did cut it down).

 

[Haze]

I thought for a 2nd that someone had bumped a thread from 10 years ago lol, this is nothing new, or am i missing something

 

[stockhausen]

am i missing something

You may think that, I couldn't possibly comment


Thanks Werewolf for the explanation, I wasn't aware of that. I assumed that Hospitals, GP surgeries, etc. would either use premium rate numbers (now stopped I believe) or a switchboard where you wouldn't know the extension. I know that my local GP always uses a mobile to make calls but has it on silent and never answers it.

 

[LeeUK]

It all started back in the days of the rip off 0870/0845 number con so companies could display their rip off number instead of their real 01/02 number.

 

[peterwalkley]

.... and I am invariably polite to them.

Why ? They are engaged in fraud, would you be polite to a local scummer stealing from your home ? I always tell them to go and have carnal relations with themselves.

 

[BDEE]

Ahhh those guys. They love me. I got on first name terms with "Steve" at one point they were calling me that much.

Had an in-depth conversation with him about how much they get paid (300 rupee for every 3 connections they make) and targets etc.

He was a qualified air conditioning engineer but couldn't find work. Said he wanted to move to the UK. It was very surreal. We even shared facebook profiles (I gave him one of George from Phonejacker, not my real one).... very very odd.

They have stopped calling now.....

 

[pepp77]

BT on fixed lines are very strict with the numbers that can be displayed on outgoing calls. SIP providers are less so, yes you have to tick a box saying you agree that any numbers you display you are legally entitled to display, but that doesn't then stop you from displaying anything. I am based in London but have in the past set my extension to display a NY number on outgoing calls when I was testing for a NY install I was about to work on, I also for a while set my CLI to be my mobile number just for the kicks.