Spoofed Call Scams Are No Joke

 By Catherine Powell

Image courtesy pxhere

In this high-tech world of ours we're all at risk of being scammed.  In previous posts I've revealed all kinds of ways that con artists use technology to rob consumers and small business owners blind.  In this week's blog I'll reveal how phone rooms run by international criminal enterprises are now using sophisticated techniques to fool the average citizen. All too many victims are being conned into revealing sensitive information, while others are being duped into transferring money directly to these crooks.

Cops or Robbers?

On October 15, the Cambridge, Massachusetts police department issued a press release stating that they had received numerous complaints where calls demanding money purportedly came from numbers used by the police itself.  In at least one case, a victim was told his social security number would be suspended if he didn't divulge personal information.  Another was told she needed to verify her social security number, date of birth, and bank account number.  

In December 2022, representatives of the Massachusetts State Police went on the air to warn the public that criminals were making it appear that their office was calling Massachusetts residents posing as police officials.  They would then threaten callers with the promise of being arrested unless they provided information such as their social security number, bank information, or a direct payment.  While the scam wasn't new, one thing was; The number the phone call was originating from appeared to be coming from the State Police Barracks.  That's right, these crooks were able to spoof the caller ID so it appeared that these shakedowns were coming from the cops.  As a result, numerous local citizens filed complaints and some admitted they had fallen for the scam.  This forced the State Police to issue a warning telling the public that anyone receiving such a call should immediately hang up.

On January 6, 2023, Montgomery County Sheriff Rob Streck warned Dayton, Ohio residents to beware of a phone scam that purportedly came from "Major Jeremy Roy" who told callers that they failed to appear in court and if they didn't immediately pay their fine via PayPal, Apple Pay or a money order, they would be arrested.  Just as in Massachusetts, the caller ID made it seem as though the call was coming from police headquarters.  Sheriff Streck explained that his office would never call to threaten citizens about unpaid fines, outstanding warrants or missed court dates.  He also advised people who received such calls to hang up and report the incident to the police.

Can crooks steal your number to spoof you?

It happened to one local celebrity in Tampa, Florida when scammers spoofed radio personality Phoebe Kushner's personal number.  She had no idea that con artists were doing so until one irate listener called Phoebe to tell her if she didn't stop harassing her she was going to take legal action.  It turns out that someone was using Phoebe's number to get local residents to answer their phones.  On the ABC News broadcast that reported the incident, Phoebe herself revealed that she repeatedly received a spoofed call from the same number on a nightly basis.  The report goes on to say that while you can try to block the number, the caller will only use another spoofed number to try to get you to answer the phone.  Even worse, if the purported number comes from someone you really do know and trust, blocking the number won't allow you to receive any calls from that person.  Sorry mom.

How Do They Do It?

Fraudulent calls that spoof everything from the police and the IRS to banks and major credit card issuers have started cropping up in the past few months.  While spoofing isn't new, the scope and scale of the problem has become so pervasive that all too many people are falling for this scam.  The sad fact of the matter is that spoofing a phone number is all too easy.  Here's how it's done:

#1: Using a Voice-Over Internet Protocol service combined with  PBX software allows phone hackers to reconfigure the way their calls appear.

#2: With a few tweaks anyone so equipped can make the caller ID name display any information they want.  This is how some robocall operations manage to make a call that originates offshore seem to originate in your local area.  It's also how spoofed calls can be made to look as though they're coming from any person or organization the scammers want. (When one potential victim told a spoofer she was going to phone the police, the con artist told her he'd call them himself.  A few moments later, she received a second phony call that seemed to originate from the police department while she was on the line with the first fake cop.)

#3: If all that sounds too complicated, there are even services (such as SpoofCard that offer a service that enables subscribers to change the caller ID displayed when they make cellphone calls so  they appear as anyone they choose. (While the company touts the service as a way to protect a caller's privacy, you can see how this could easily be abused by callers with nefarious intentions.)

What's even worse is the fact that spoofing isn't even against the law unless it's done with the intent to defraud.  But by then it's too late.  How is someone who has been scammed going to be able to tell the authorities where a criminal call came from when the caller ID has been intentionally faked?  This loophole has turned into a nightmare for people from around the globe as organized crime has used this loophole to create massive boiler room operations that enable them to con the public out of millions of dollars every year.  If the loophole isn't closed, it won't be long before spoofed calls are as big an economic threat as ransomware has become.  (In 2022, ransomware cost the globe more than $20 billion.)

Don't think it can happen to you?

Spoofers are sophisticated enough to be able to target the most vulnerable citizens.  They think nothing of calling the elderly to make them think that a loved one desperately needs money to get out of jail or into the hospital.  They peruse social media sites to glean information on family and friends before making a felonious pitch.

Some crooks create bogus websites that are identical to legitimate ones in order to set the hook and get their victims to cough up credit card numbers.

When combined with deep fake technology that lets con artists sound and even look like people they know and trust, is it any wonder that so many are duped?  In 2019, a spoofed voice was sufficient to cost one CEO $243,000 when he followed the orders of someone he took to be one of his company's suppliers.  It turns out the call was a deep fake and his bank refused to refund the bogus bank transfer once he owned up to what had happened.

In 2019, the FCC released a report that analyzed 40 billion calls made in the US.  Here's what they determined:

1 out of 3 people who were scammed out of $1,000 or more on the phone thought they were speaking with the representative of a legitimate company with which they had previously done business.

40% of scammers knew personal information about the people they were speaking to on the phone.

1/3 of the callers who answered did so because the caller ID was familiar to them.

17% of felonious callers knew all or part of a victim's social security number.

Since most of the spoofed calls originate outside the US, the FBI can do little to prosecute criminal enterprises that employ this kind of technology to rip off the public.  When you take into account that it's estimated that spoofing and ransomware losses are predicted to rise to more than $275 billion by 2030, it's time for us all to let government officials know that spoofed calls are no laughing matter.

Catherine Powell is the owner of A Plus All Florida Insurance in Orange Park, Florida. To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com