Is there such a thing as phone phishing?

My sister received a phone call from me last night while we were both asleep. Any explanations?

Of course there’s such a thing as phone phishing-- that’s how a large fraction of phishing occurs, and it phishing can be done over any communication medium at all.

I’m guessing, though, that what you’re actually wondering about is phone spoofing, that is, making a call look like it came from someone else. That’s possible, too, and although I don’t know the details, I’d guess that it’s not even very hard.

I ass/u/me you mean your Caller ID showed up on her phone, not that some mysterious doppelganger actually called and spoke with her?

You sleep-dialed? You rolled-over-on-your-phone-dialed? She was mistaken?

Caller ID is almost trivially easy to spoof and fake, and one common ploy is to use the CID of the number being called, as it will seem familiar and “okay” if the recipient doesn’t think too long about it. Possibility: it was a same-number spoof, and her phone line or service has your name on it for some reason (credit, etc.)?

Hell, I’ve gotten a call from myself on a couple of occasions! Caller ID spoofing is the most likely explanation.

That wouldn’t work for me, since I’m extremely unlikely to get any real call from Montana (where my phone’s area code is), other than one specific friend who’s in my contact list by name. If I see a Montana phone number and it doesn’t say “Call from Joe”, then I’d just assume that it was a wrong number (at least, until I looked twice and recognized the number, which is the only Montana number I’d recognize specifically).

There’s an etymological connection as well. “Phone phreaks” were people who exploited holes in the old telephone system to make free long distance calls and such. The substitution of “f” by “ph” within that community became more common and by the mid 90s they starting exploiting dial-up online communities to get access, credit card numbers, etc. For a while the difference between a phreaker and a phisher was small.

With VoIP being a virtually no cost way of making a lot of long distance calls, a phisher can go back to using phone exploits (like faking caller ID) to run a scam.

And it being an election season, all of us with landlines are getting hit continuously with phishing polls.

Caller ID is like email, where it’s only going to tell you who the sender is claiming they are. There’s no checking or verification. So spoofing is easy. I’ve often received a phone call claiming to be my own number, I generally don’t bother to answer.

Or like snail mail, for that matter. A sender could write anything they want in the corner of the envelope for the return address.

True enough!

And email does actually have checks that are used by spam detectors. You can see the chain of servers that the email went through. If those seem fishy, your email provider will probably mark it as spam.

So I’d argue it’s easier to spoof snail mail, since I don’t know any mail carrier who checks.

I certainly get an annoyingly large amount of junk snail mail that doesn’t have any return address at all.