Can telephone scammers spoof toll-free numbers?

We get a lot of attempted scam calls, mostly we don’t pick up the (landline) phone unless we recognize the number. However, I have been making an exception for toll free numbers, because I assume those calls cost the caller and so they have a higher chance of not being scams.

Until the last few months, I don’t think we had ever had a scam caller using or spoofing a toll free number, but it has started happening more often. Are they able to spoof this, or are they actually calling us on a toll-free line?

I seem to get them all the time. I don’t even know why I still have a landline. I also get bot calls from what shows up as a local number, but I know it ain’t local. Ain’t nothing local here.

Your question is a non sequitur. Nobody can ever call out on a “toll-free line” because there’s no such thing.

A toll-free number is a published number that forwards to a conventional local phone number someplace, and for which the recipient pays any domestic long distance charges from the caller to the recipient.

If you see a toll-free number on your caller ID it is fake. It can’t be otherwise. But …

It might be maliciously fake and you’re dealing with a scammer. Or it might be totally legitimate, where, say, your insurance company or bank wants everyone they call to see their true legit toll free customer service callback number on their caller ID and call history.

Nowadays with most people having unlimited long distance, the “toll free” area codes 8xx should really be thought of as just “generic area codes associated with no particular geographical area; just the whole USA.” That, oh by the way, won’t cost to call them if you’re one of the last 4 people in the USA who pays by the minute for long distance calls.

Your question has a one-word answer:


I would assume, though, that if my bank is calling then the caller ID would show the name of the bank, not “Toll Free Call”. Or that they would leave a message so that we know who called. But, “Toll Free Call” and no message? Then I assume it’s a scammer.

Caller ID will show a number, not a name. If you have a contact in your smartphone with that number, or a service that converts numbers unknown to you into names, then you’ll see something else depending on what service you use.

In general I’d agree that “toll-free call” = scammer. Mostly because there’s no such thing (nowadays) as a toll-free call to a consumer. It’s clearly some social engineering to trick you into thinking “I won’t be wasting my precious minutes paying to talk to whoever is calling.” But toll-free doens’t work that way and never has.

If I see a toll free number on my caller id, I Google the number. If it’s legit almost always the first hit will be the “contact us” page for the company that called. And if it’s a scam often the first hit will be a site where other people have reported it as being used by scammers.

For reasons unknown to me, on a cell phone, you’ll only get the number. On a landline, you’ll get a number and the name. Granted, these days a lot of the names are simply Wireless Caller or something along those lines, but plenty of them have real names (or business names) attached to them.

The text we usually get besides the number are “out of area” and occasionally someone’s actual name (not on our contacts). I always thought that when someone calls and their name shows up when they’re not on our contacts, it’s coming from the telephone company’s directory, i.e. what would have been the white pages assuming they have not elected to go unlisted. Occasionally we see “private caller” too.

Nope. If you don’t know who it is, think it’s a scam. If your bank calls, they will leave a voicemail. Do not call the number that they called from back. Look it up in your records and call a number you know for sure is them.

ALWAYS assume you are dealing with a scam.

Let me be clearer. I was responding to the previous post about what text is usually showing with phone numbers, and not specifically only about scam callers. We don’t have anyone’s name entered on our telephone as contacts. When friends call, their names appear along with the phone number. Those names are not being supplied by us, so I assume they are being supplied by some sort of public records, as in a telephone directory.

As for the rest, you can put your mind at rest as far as we are concerned. We have been around the block once or twice.

Fair question but I know in our case we don’t answer ANY calls on our land line unless we know in advance who’s calling. We will call those back who leave legitimate voice mails but those that say “we’re from Canada revenue agency and unless we hear back from you in 10 minutes we’re swearing out your arrest warrant” won’t get called back. :smile:

Not necessarily. Ignoring cellphones and talking about CLID with name on landlines, there’s a common misconception about how it works.

The number gets transmitted to your local switch (CO) by the sending switch. It could be spoofed: that was a deliberate feature put in so PBXs could show the main number instead of whatever random line the outgoing call happened to use. Clearly there was no thought then about security/spoofing.

When it gets to the local CO, if CLID with name is enabled, it does a “database dip”: it looks up the number in whatever database(s) it has access to. These can be out of date, which is why some real calls show the wrong name.

Or the lookup can fail for various reasons, which is why you then see just the city, state, or country: because the switch says, “Well, that didn’t work, but I know 212 is Manhattan, so let’s show NEW YORK”. For an 800# that has no lookup data, it (or at least my provider) replaces UNKNOWN with 800 SERVICE. Sometimes that all fails and you see UNKNOWN. Since the priority is call delivery, CLID name lookup failing is not seen as significant.

But I think I have received legitimate calls showing an 800# and the real name. If so, that’s just that end spoofing the number, and their main 800# having an entry in the database.

And of course, STIR/SHAKEN will fix all this. We hope.

Thank you very much for the detailed and (apparently) authoritative explanation. I think local providers have different text if they can’t find the number, mine shows things like “out of area” quite a lot, which I believe is a really good clue that the number is spoofed and the system knows that the real origin number is actually not in my area code even though it says it is.

But I don’t understand the quoted bit. What is “STIR/SHAKEN” and how will it fix things?

Let me be clearer. You can’t assume anything. You’ve already been told that anyone can spoof a number.

If you get a call / text/ smoke signal from a “friend” it may not be. This is how some people are fooled. Their “grandchild” is stuck in Mexico. They don’t know which one, or if any of them are stuck in Mexico or have even been there. They just respond and BOOM! they have been scammed.

Assume the worst, and verify. Or be at risk to a scam you don’t understand just because you assume that no one would do that. I’m not sure why you asked the original question if you don’t like the answers?


Combating Spoofed Robocalls with Caller ID Authentication | Federal Communications Commission among others.

Think: certificates for CallerID. You won’t need one for your home–your provider will. So Joe Random VoIP caller from &foreigncountry won’t be able to call you “from” the IRS.

Remember that the beauty of CLID spoofing is that they don’t need to spoof the name–your provider does that for them, based on the spoofed number.

I received a scam from a 1-800 number claiming that my Amazon Prime was renewing and that I could press a number to opt out. This happened yesterday, and the timing could be valid. I still didn’t press a number to opt out. I hung up and then looked it all up to discover it was a scam (not that Amazon Prime isn’t) so I reported it.

Amazon (just like SocSec, the IRS and Microsoft) will never cold call.