What is Spoofing?

Have you ever received a phone call from a number you did not recognize, but answered anyway. You probably thought,

"I don't owe anyone money, and I have nothing to hide, so I'll answer this phone call."

You proceed to tentatively say

"hello?"

and immediately you get an animated

"Hello! How are You?"

"Good! So glad you are doing well,"

replies the other person on the other end before you even finish saying how you are. By now you probably realize that you are talking to a computer and the call is a joke. If you dial the number that shows up on your phone i.d., you will come to find out that the person that answers has no idea what you are referring to should you decide to call back that number.

This is better known as Caller ID Spoofing, and it is a technology that has been around a for a while. Initially this service was mostly used by policed departments, collection services, investigators and other similar types of businesses. This service would allow these agencies to make phone calls while simulating a different phone number so as to not alert the receiver of the phone call as to who was actually calling. This technology basically allowed the caller to show a different phone number on the caller id of the recipient.

Around 2004, the Caller ID Spoofing service went commercial to the public, and that is when certain problems began to arise due to the use of this service. Yes, this service helps businesses trying to collect on debt or locate stolen merchandise or even locate fugitives but it has also come at a price for the public in general. This service has basically allowed anyone with access to a credit card, the internet and a phone to start making crank phone calls called spoofing.

The problem with this is that it allows the caller to remain practically anonymous, and if done correctly possibly even completely anonymous. That is not the problem per se, but when these said callers start to abuse of this system called Caller ID Spoofing, it can lead to fraud, ID theft and even deadly situations.

As the spoofing technology has become more prevalent, what started out as joke calling and spoofing has now turned more sinister. Criminals have not stepped up their game by using the Caller ID spoofing services to fool people into believing that they are speaking to someone known to them. For example, someone receives a phone call that shows to be a local number. Hackers/spoofers have figured out that most people won't answer strange numbers with unknown area codes, but that some people will answer unknown phone calls with local area codes. Then what hackers will do is maybe use the local Farmer's Insurance Agent's local phone number and call local area residents. The goals is to fool some one into believing they are speaking with their local insurance agent and possibly give up valuable information that could lead a hacker to more of your data, information and possibly your money. Or they could fool you by pretending to be a credit card company or the bank by simply putting the local branche's number on your caller ID. There is no way to know if it is a true phone call from one of your business dealing. The only way would be to hang up, and dial the number directly to the agency in question. This is similar to what happens with spoofed or faked email, where the senders address is fake, and the content within the email is meant to direct you to a malicious website.

For the recipient of these annoying and possibly dangerous phone calls, there is not much one can do. There are ways to block phone numbers, and now there are even apps to help with keeping track of these blocked numbers. Yet, there is a worse form of spoofing called "swatting." Here, the Spoofer fakes his the number he is calling from, dials 911, the police emergency line, and then states or claims that there is a life and death situation from the "fake" number he is calling from, knowing that the police emergency response unit will go to the registered address for the "fake" phone number he is using. This has been done to celebrities, luckily with no one getting hurt. This act of swatting was also done about 6 months ago, and resulted in the death of an innocent man who had nothing to do with the "spoofer" or the person who the perpetrator was actually trying to intentionally spoof.

Thankfully in serious and egregious cases like these, police have the technology to find the criminal spoofer. Unfortunately for the public, there is a limited ability to combat spoofing. Most spoofing is a 1 or 2 time prank, and then the spoofer moves on to new victims for their laughs. In some cases the spoofer is trying to DOX you for personal gain so beware. Then there is the annoying spoofer who just won't go away.

That is what I had to recently deal with, an annoying spoofer calling my company's business line over and over again. I can handle one or two times, but once you start becoming annoying, then I too will put on my thinking cap as to how to respond. And yes, I could have easily blocked the different numbers he kept calling from but that would only be a solution until he found a new set of phone numbers to call from. Plus I imagine the technology has advance enough where the caller simply has to put and area code and the spoofing service will automatically fill in the rest. So block numbers was not an option for me.

I tried doing reverse lookups on the phone numbers for a possible hint and even Google searches but only found where others also complained about similar phone numbers spoofing and attempting to Dox them. The spoofer had gotten our company phone number from the internet and that is where I finally had a chance. On our website, we can also receive web texts that hit our company cell phones, and the spoofer decided to do just this not realizing that he would give up some clues by doing so, including an IP address.

Once this spoofer did this I them immediately logged in to the web server to look for access logs. I found the web server access logs and then was able to locate an IP address that put the caller in Greece. I could not place the accent on the spoofer's English until I had this piece of information, and then it made sense. The accent I was hearing sounded middle eastern and now it made sense, it was a Greek accent. So I then went on Google to find Greek bad words to learn and even play back via Google. Lo and behold this worked. I let the spoofer know that I knew they were calling from Greece by playing the Google sound of these Greek bad words and they immediately hung up. They haven't called back but it is still early, so we shall see if this worked.

If anyone is having serious trouble with spoof calls to their business or home, there is a service you can enable on your phone lines, which we will also be looking into if this annoying form of harassment continues. The service is called a Trap line. You enable this service, forward you phone lines to this new phone number/service (the trap line) and it will show you the true phone number calling your phone line. This service works against people trying to spoof, use the *67 code to hide the number and/or simply make harassing and annoying phone calls. If these service is eventually needed, I will post about this subject and the result of using a trap line.

07/18/2018
Full Steem Ahead!
@streetstyle