10

For the past six months, I've experienced call-backs from foreign numbers (all within the EU) telling me that I had called them earlier. At first, I thought the calls are malicious. However, due to the frequency and other details (searching the numbers, etc.), I concluded that these people are actually receiving calls from my number.

My Details

Austrian mobile phone with "Drei" (Hutchinson) There is no log of outgoing calls on my provider's backend

Conclusion

Someone must be spoofing my number and dialling EU phone numbers at random.

Questions

  • What threat models could the spoofer be exploiting?
  • What can I do (beyond changing my number)?
  • How easy is it to spoof a number in this context?
Anders
  • 65,582
  • 24
  • 185
  • 221
pw_v
  • 131
  • 2
  • 8
  • 3
    spoofing is easy and one does it to hide their true identity - raise a ticket with your provider so they can trace the problem – schroeder Nov 16 '17 at 15:44

3 Answers3

3

Not sure about Austria, but in the US it's quite easy to find software that masks the outgoing call's origination and replaces it with something else. (I receive several calls per week from different numbers, all across the US, offering me a reduced rate on my credit card. The recording is the same, so I know it's the same scammer calling.)

Based on that, I don't think that they're exploiting a threat - they could just be using this to spoof your number as the outgoing call. Changing your number will help, but if this person or party decides to use your new number as the originating number, that will only give you relief for a short while.

I don't think that there's much you can do to stop it. Finding who's spoofing your number is pretty hard - @Schroeder has a good suggestion.

More than anything else, the effect on you is the annoyance factor. ,,Sie haben mich angerufen...'' ,,Leider nicht, jemand verfalscht sein Telefonnummer. Tut mir Leid'' is about all you can do.

I say Reinstate Monica
  • 652
  • 1
  • 7
  • 16
baldPrussian
  • 2,778
  • 2
  • 11
  • 14
  • The reason they spoof the OPs number is unknown. I consider it likely that they just picked a number, so if the OP changes his/hers, the relief may be permanent. –  Nov 16 '17 at 15:50
  • 1
    @JanDoggen: correct, they most likely picked a number at random. Based on what I've seen with my situation, the number they pick changes regularly. I also believe that multiple different scammers do this. I agree that the relief may be permanent, but there is a chance (albeit small) that the same thing may happen with the new number. – baldPrussian Nov 16 '17 at 15:59
3

My number is being spoofed by a scammer or robomarketer as I type. The first day was hell. I received 70+ calls, txts or voice mails from people who thought I called them. (BTW, who returns calls from an unknown number these days?) My phone was basically unusable since calls or txts were coming in so frequently.

So, what can you do besides turning off your phone or changing your number? Your phone operating systems has a feature called "Do Not Disturb". It is your new best friend. Note, this doesn't "solve" your problem. Someone will still be spoofing your phone number. There isn't a currently any solution to that problem in the USA or any other local to the best of my knowledge. However, this solution will make your phone usable again.

I'll explain how to set this up for iPhone (maybe someone can edit the answer and add Android details).

  1. Go to settings | Do Not Disturb
  2. Turn on DND
  3. Set Silence to "Always"
  4. Set Allow Calls From to "All Contacts"
  5. Turn off "Repeated Calls"

Do Not Disturb settings page with the relevant controls indicated

At this point any call from someone who is not in your contact list will be suppressed. You will still have a record of the call in missed calls, they can still text you and they can still leave a voicemail. However, you won't get notifications for any of it. So, you can at least continue to use your phone. Hopefully the spoofer will move on to another number soon and you'll be free. Until that time you'll need to clear your texts and voicemails.

Another thing you may want to do is change your voicemail message to alert people to the problem. That way they hopefully won't leave you a message.

Obviously, if you rely on your phone to receive calls from unknown callers (maybe you're a sales person or business owner?), then this solution isn't so great. But at least people can leave you a message and you can get back to them.

Joe Friend
  • 131
  • 4
  • The same setting exists on Android, and it's called the same thing; it even has all the same options, as far as I know. Unfortunately, I don't have an Android device handy to test with. –  Jul 26 '19 at 19:31
  • If you are in the US, then you can file a complaint with the FCC. The FCC handles spoofing where someone pretends to be you. Head over to FCC Consumer Complaints, Form 39744. It is a web form. For *Phone Issue* select Unwanted Calls. Then, for *Unwanted Calls Sub Issue* select My Own Number Is Being Spoofed. –  Nov 01 '19 at 21:24
0

The way the trick works is that someone is trying to sell you something (may be legitimate or a complete scam). They obtain a list of phone numbers (or try them at random), and they spoof their caller ID such that some of the beginning numbers are the same as the number they are calling. In the US, we have 10 digit numbers and they usually set the first 6 numbers to be the same as yours. The reason they do this is so that it appears to be a local call, perhaps even one of your neighbors, and they're hoping you'll be more likely to answer the call compared to some number you don't recognize at all. This is actually helpful to me because now I know whenever I see a call where the first 6 digits are the same as mine, I know for sure it's a spam caller and I can ignore. Even if the caller knows that some people are wising up to this, they still benefit from continuing to do it because then when someone does answer, there is a greater chance that the person could be sold something (as people like me that definitely can not be sold something don't bother answering).

Years ago, when I used to always answer my phone, in one weekend two different people called me from similar numbers to mine, and they asked me why I had called them. I had to explain to them that I didn't, and related to them my explanation above. One time, the robocall screwed up and actually called me from my own number, which I answered and was admittedly confused until I figured out what had happened.

To specifically answer your questions:

What threat models could the spoofer be exploiting?

In most cases there is no threat, just an annoyance. It's possible that you could be targeted and someone could spoof a number of someone you know, and make up a story about them and perhaps persuade you to do something you wouldn't normally do, but this is probably unlikely. I'd just keep it in the back of your mind though that this is possible.

What can I do (beyond changing my number)?

Changing your number most likely won't help, since your number is not being singled out. Millions of robo calls are being made daily and (in the way they do it in the US) whenever someone is called that has the first 6 digits as your number, there is a 1 in 10000 chance that your exact number will be used as the caller ID.

How easy is it to spoof a number in this context?

It is extremely easy to spoof caller ID. One time I received a call from 00001, I answered, and it was my friend testing out a new VOIP system. I asked him about the caller ID and he said, "Oh, I haven't typed in what I want the caller ID to be yet."

TTT
  • 9,212
  • 4
  • 20
  • 32