So, what exactly is phone spoofing?

Image showing the connected nature of phones that allows phone spoofing

One of the most nefarious ways to annoy an unsuspecting person, but, what does ‘spoofing’ mean?

‘Spoofing’ is the shortened version of “caller-ID spoofing” and means using various techniques to disguise the source of a phone call, and make it appear to be coming from a known source. 

Sounds like hacking, right? Well, it’s not quite that complex, but understanding what spoofing means is actually important to the increasing wave of robocall scams.

As always, first there is the history.

Before Spoofing, there was nothing to spoof

Do you remember the dark ages before caller ID became a thing? Or before phones even had a display?

It was a time of utter madness! The phone would ring and there was no possible way to determine who was on the other end or where they were calling from. Screening calls was a matter of deciding

Image of old rotary phone and phone book demonstrating how old tech made phone spoofing nearly impossible

Older phone technology made phone spoofing nearly impossible

whether to roll the dice or not. 

Thankfully, caller ID slowly rose to prominence and suddenly phones had displays that would at least provide the number of the incoming call. It was up to you to remember who’s number that actually was, but at least you had a shot.

Then the modern age dawned and not only would the caller ID provide a number but it also provided a name! Now you could decide you didn’t want to talk to old Aunt Betty for the third time this week before answering the phone. 

How does caller-ID work?

Caller ID was originally invented by a Greek communications engineer named Theodore George Paraskevakos in 1968. At the time, Paraskevakos devised a way to transmit the originating caller’s information via frequency shift keying between the first and second ring. 

This is just a fancy term for alternating tones transmitted by a modem. One tone is received as a binary one and another tone as a binary zero, with the receiving device decoding this transmission into the numbers that appear on the display for people to read.

Jumping ahead to the late 1980’s saw American Telecom giant, Bell Telephone, bringing the technology into the American mainstream market (Memphis, TN was the lucky ‘original’ in 1988).

The important piece of this history is that the original technique was nearly impossible to spoof without exceptionally fancy equipment and access to the telephone lines. All caller-id transmission relied on the telephone company switching boards which transmitted the signal from originator to receiver. The only way to introduce a spoofed number was to physically intercept the phone line from sender to receiver. 

So if it’s impossible, why does it happen now?

VOIP paved the way for phone spoofing

Ironically enough, Voice-Over Internet Protocol (VOIP) really began its development at the same time that Paraskevakos was creating caller-ID. In 1969, the US Government’s Advanced Research Project Agency (ARPA) created the first packet-switched network, which is another fancy way of saying, ‘transmitting information without having a physical connection between sender and receiver.’ 

As we previously covered, legacy phone systems relied on a physical connection between sender and receiver, via the telephone company’s switching equipment. (Also why long-distance calling carried such a high price-tag). Packet-switched networks allowed data to be sent through a series of modems, thus negating the telephone company switching equipment. 

Despite ARPA’s success, VOIP didn’t reach mainstream customers until 1995, when VocalTec became the first for-profit VOIP application company, and most American’s were not aware of VOIP in their daily lives until the launch of Skype in 2003 and Vonage in 2004. 

So what does all this have to do with phone spoofing?

VOIP and phone spoofing

Traditional caller-id was based on modem signals from originator to receiver through a physical connection. VOIP packet-switching networks, on the other hand, rely on the originator to send their ‘id’ information as a digital packet. And since these calls are largely internet-based, there is no authority to examine the packets in-transit. Ultimately, this means that VOIP technology allows someone to send a phone call to your phone with the ID packet of any phone number in existence. Even your own. 

Worse yet, legacy phone systems relied on voltage across phone lines to transmit information. If the phone line was in use, no other users could transmit their own signals (hello busy signal!). Internet-based calls have no such limitation which means any individual with a computer can initiate thousands of phone calls simultaneously. Add to that the ability to send any ID information the originator wants, and you get a record-breaking 5.7 billion robocalls received by Americans in October of 2019 and the FCC reporting that ‘half the calls you receive will be spam’.

Phone spoofing and you

So what does this mean for you? Well, phone customers used to have a very effective means of blocking phone numbers from calling. That is, until the phone numbers changed every single time they called. 

Phone spoofing means there is no reliable way to block scam calls on a number-by-number basis by a single person. Even if you blocked every single call as it came in, there would still be tens of thousands of calls coming in from different numbers every single time.

 

Image of question mark and human profile indicating how confusing phone spoofing can be

Phone Spoofing is nearly impossible for an individual person to detect with just their caller-ID.

Worse yet, many scammers intentionally spoof numbers that appear close to your own in area code or numbers, to appear more trustworthy and make it more likely that you will answer. This so-called ‘neighbor spoofing’ is the latest threat to your peace, sanity and wallet in the growing list of ways phone scammers attempt to get into your finances.

Ways to protect yourself from phone spoofing

Because of the nature behind phone spoofing, it can be very difficult to determine which calls are genuine and which are scams. The FCC offers guidance such as ‘don’t answer unknown numbers’ or ‘file a complaint’, but those options still don’t prevent the phone from ringing.

If you want to both protect yourself from phone scams, as well as significantly reduce the number of scam calls that actually ring your phone, consider employing a spam prevention app like Spam Fighter.

Spam Fighter maintains a database of known scam numbers (so you don’t have to) and also identifies calls that are likely to be scams. More importantly, Spam Fighter can also let you know when an incoming call is likely to be part of the ‘neighbor spoofing’ type of spam, so you can better determine how to respond. 

Robocalls are on the rise and with the current telephone technology at hand, there is shockingly little phone companies or the government can do to prevent the issue. It falls to the individual consumer to take the necessary steps towards prevention and sanity preservation.