4

There are several posts here about how easy it is to spoof caller ID and that there is no way to detect it.

I did find one post suggesting the calls to 1-800 numbers could not be spoofed.

being done by forwarding calls to a toll-free number, which then (by virtue of being toll-free) receives the true calling number through ANI (which is distinct from Caller ID and which supposedly cannot be spoofed) and finally forwards back to the original number. Source

Question: Why can't spoofed caller ID's be identified for everyone?


Related posts:

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
James Jenkins
  • 723
  • 1
  • 5
  • 10
  • That assumption about toll-free numbers is wrong. Yes, ANI is distinct from Caller ID, but ANI can be spoofed on toll-free calls. In fact, in certain cases it's easier to do that than on non-toll free calls. Caller ID and ANI can't really be trusted at all, 100% of the time. – InterLinked Jun 27 '22 at 00:23

1 Answers1

4

There are substantial flaws in the way phone routing works that makes this difficult.

Caller ID is specified by the outgoing call and anybody who has control over a private branch exchange (PBX) can mess with it. (This is a "feature" so e.g. a support center can always have the same callback number as opposed to the number of the associate calling you.) I believe there is some limited ability to traverse the call routing, but that stops as soon as it hits a voice-over-IP (VoIP) provider, which effectively provide a screen akin to reputation hijacking (an attacker gets lost in the noise of a shared pool of resources).

(I assume most spam calls come from VoIP, though my spam expertise is limited to email.)

Happily, the US (as of 2021-06-30) and Canada (as of 2021-11-30) now require STIR/SHAKEN, "a suite of protocols and procedures intended to combat caller ID spoofing".

From the FCC's news release PDF:

FCC MANDATES THAT PHONE COMPANIES IMPLEMENT CALLER ID AUTHENTICATION TO COMBAT SPOOFED ROBOCALLS

Industry-wide Deployment of STIR/SHAKEN Will Yield Substantial Benefits for American Consumers

WASHINGTON, March 31, 2020—The Federal Communications Commission today adopted new rules requiring implementation of caller ID authentication using technical standards known as “STIR/SHAKEN.” These rules will further the FCC’s efforts to protect consumers against malicious caller ID “spoofing,” which is often used during robocall scam campaigns to trick consumers into answering their phones.

With strict limitations on Caller ID forgery, spammer blocklists become feasible.

This also hopefully gives more teeth to the US National Do Not Call Registry, forwarding spam texts to 7726 (which is still quite tedious), the 1991 Telephone Consumer Protection Act, and newer proposals.

Adam Katz
  • 10,418
  • 2
  • 22
  • 48