Home & Office

Caller ID spoofing more damaging than e-mail

Security company Sophos cautions against using caller ID spoofing, which is easier to con victims into giving up valuable information than e-mail spoofing.
Written by Liau Yun Qing, Contributor

While caller ID spoofing is not illegal, its use could lead to serious scams and identity fraud and is more dangerous than e-mail spoofing, said Sophos executive.

In an e-mail interview with ZDNet Asia, Jim Dowling, Sophos director of sales for Asia, said caller ID spoofing employs a similar technique as e-mail spoofing, which makes e-mail addresses look like they are coming from a trusted source.

With caller ID spoofing, a call can appear to have come from any mobile number the caller wishes. The trouble with phone calls is that people are more trusting compared with e-mails, which makes caller ID spoofing even more damaging than e-mail spoofing, he said.

According to Dowling, there have been cases of vishing in the United States, where a combination of "voice" and "phishing" is used to steal information or money from consumers via the phone.

In defense of caller ID spoofing

That said, SpoofTel, a caller ID spoofing provider, told ZDNet Asia in an e-mail that any technology can be misused if the user is intent on performing malicious acts with it.

"We still sell crowbars in hardware stores even though thieves can use it to break into your house or car," he said. "We still sell many household chemical products such as rat poison or pesticides, which could kill an individual if used by a malicious person."

Caller ID spoofing can be in the professional context, he said. For example, callers can use caller ID spoofing when they want their office phone numbers to show instead of their private phone line to make calls.

For law enforcers, bails bondsmen and repossession agents, caller ID spoofing is used to get hold of people trying to evade them by making the number appear to be from a relative or friend, he added.

SpoofCard, also a caller ID spoofing service by Jersey-based TelTech Systems, agreed that some people do abuse the technology. However, the company does not tolerate misuse of the service and will cooperate with the law to stop that.

Meir Cohen, president and co-founder of TelTech, said in an e-mail the company has many measures to combat fraud. He did not delve into the details, but said blocking law enforcement and financial institution phone numbers from use is one of the ways to prevent misuse and abuse.

Beware of fraudsters on the line
While there is no regulation in Singapore to police caller ID spoofing, the Singapore Telecommunications Act does state that it is illegal to transmit or cause others to transmit messages known to be false or fabricated. The seriousness of the crime is dependent upon whether the message involves reference to bombs.

In an e-mail to ZDNet Asia, a spokesperson from the Singapore Police Force said the public should be cautious when receiving phone calls from unknown persons and be wary of fraudsters who may take the opportunity to trick victims into parting with their money.

"When in doubt, the recipient is advised to verify the caller's identity with the agency or organization that the caller claims to be from, even if the caller ID appears to belong to the said agency or organization," he said.

The spokesperson also cautioned not to reveal personal details such as PIN or credit card details over the phone, and not to transfer money to unknown persons. If approached in such a manner, "notify the police as soon as possible", he urged. The spokesperson also advocated remaining vigilant against other possible variations of phone scams, including kidnap, lottery and impersonation.

Editorial standards