I get one or two sales calls on my cell phone every day. I know they are “cardmember services” calls because they have the same prefix number as mine. The company spoofs their number to make it look like mine.
So my question is why is this possible? This has to be an intentional feature of the system.
Can’t the providers put a stop to this?
Sorry if this has been covered. I tried to search on this subject but kept getting errors.
Why is this even legal? I can maybe see it being used in law enforcement sting operations, but what possible legitimate use does it actually have?
I have one hard and fast rule that works real well for me. If I don’t recognize the caller, I let it go. If it’s really a legitimate call for me, the person will leave a message. If not, I block the number and delete the call. It’s not a perfect system, but it works pretty well for me.
I did actually get a message yesterday from some crooks. The message claimed they were the IRS and … blah, blah, blah, you know the rest. I deleted it as soon as I heard “IRS” and “seriously in arrears”.
What if you do recognize the caller? I have received calls supposedly from friends, neighbors and even my own company.
Does their name actually show up on the ID? If the number is being spoofed, it shouldn’t. If so, that has to be illegal.
If spoofing the number is illegal, how do I go about getting these people arrested? I get three or four calls every day that have the area code and first three digits matching mine. All of them are spoofed. What can I do to get them in trouble or OFF MY PHONE?
I’m pretty sure that caller ID only supplies the number. It is your phone (or computer) that is linking the number to a name, so yes if they happen to spoof a number stored in your phone, the call will be identified as from that person.
Is it?
That’s your fault for having too large a pool of phone numbers you’re willing to respond to. 
Caller identification is provided by the phone company directly if the phone is directly serviced by the company’s own circuits; the telco can determine authoritatively what circuit or device a call originates from and therefore its number.
However, it the call originates in a switch system outside of the telco’s own, the telco has no idea. Numbers in a PBX or a cell network are assigned by that network’s administrator and handed off along with the call initiation between networks. It has to be trusted – the network receiving the call has no information to the contrary regarding the members and number assignments of another network.
The current spoofing implementation is probably VOIP, where a call appears on the phone network from an apparently legitimate network provider through the internet. Like a PBX, the call-receiving network has to take the word of the call-originating network. Hence, spoofable.
Much network design dates from a time where very few people had sufficient technical assets and knowledge to do something nefarious, and those few were well-enough known and invested in the status quo so they wouldn’t risk that by doing something transparently nefarious with their trusted status. Therefore, much communications technology today depends on trust to an inappropriate degree nowadays. But there isn’t much interest in overcoming those issues by redesigning the foundational technologies, because the cost and impact could be huge, some of it can’t be done without completely changing how differing entities interact (negotiation headaches galore), and as long as it doesn’t hurt the service providers much, it’s not cost-effective. The fact that it pisses off consumers is unfortunate but acceptable.
Call your Congressman and Senator and tell them to support H.R.423 - Anti-Spoofing Act of 2017?
I apologize if this is considered politicking and not allowed in GQ, but it is an answer to the question. I don’t think this problem can be stopped without legislation.
Not only is it legal, there is a thriving business providing spoofing services. They sell calling cards that will spoof your number, record calls, and modulate your voice to change your apparent sex.
It’s the internet. It’s world-wide. Good luck enforcing a US telecom law in Bangalore or Saigon or Minsk.
Yeah, you’re right. I guess I’ve just been lucky.
Plus no shortage of apps.
I did some research, and spoofing per se is not illegal. Spoofing for criminal purposes is, however. The obvious problem is establishing some kind of proof that the purpose is, in fact, criminal in nature.
And there’s no shortage of information about who your friends, family, neighbors and professional contacts may be thanks to Facebook and other online social meeting places.
Thanks for the answer.
I believe I hit a nerve with this.
Also, thanks for this. It has been enacted! According to GovTrack it was signed by the President on March 23, 2018.
ETA: It looks like it is only about criminal acts, so non-criminal would still be allowed. We need a bill that says it just can’t be done!
Who is supposed to enforce it, and where is the funding coming from? Without the will and the backing, this is just another law that will be ignored.
Great, problem solved! :rolleyes:
I hope it does but I’m not holding my breath.