Unmasking Call Spoofing: Why We Need to Act Against It

In the present era of seamless communication and always-available phones, call spoofing is a new and unexpected concern. This scam manages caller identifying (Caller ID) data to maintain the true source of a call.

Imagine a situation when an attacker/hacker/scammer contacts your parents on purpose, but their Caller ID shows your identity and phone number. The fraudster says you were involved in a major car crash and require money immediately to pay for medical expenses. This scary example clearly highlights the serious consequences of call spoofing, particularly when it’s used for phishing attempts and financial frauds.

This year’s Cybersecurity Awareness Month, CISA emphasizes on how to Secure Our World. With this blog, you can get an insight into the attacker’s world and implement all the necessary actions to protect yourself from call spoofing and phishing.

Note: In this blog, we’ll explore call spoofing, its risks, and the need to combat it. We do not endorse or provide guidance on its practical implementation. According to the DOT, using a forged call service violates Section 25(c) of the Indian Telegraph Act. Making use of such a service could result in a fine, three years in prison, or both.

Understanding Call Spoofing

What Is Call Spoofing?

Fundamentally, the practice of call spoofing involves creating fake caller identification (Caller ID) data. To look as though the call is coming from a trustworthy source, even someone close like a family member, attackers change the information displayed on the recipient’s phone.

Voice over Internet Protocol (VoIP) and the Public Switched Telephone Network (PSTN) are two distinct technologies for voice communication:

 

VoIP (Voice over Internet Protocol): 

  • VoIP makes it possible to have voice and multimedia conversations across IP-based networks or the internet.

  • For transmission, it transforms analog voice signals into digital data packets.

  • VoIP is popular for both personal and professional use because it provides cost savings, flexibility, and a host of functions.

  • VoIP is a voice and video calling technology used by applications like WhatsApp, Zoom, and Skype.

  • Although VoIP is vulnerable to possible security and quality problems, these issues have been addressed through evolution.

  • VoIP commonly uses the Session Initiation Protocol (SIP) for communication.

PSTN (Public Switched Telephone Network):

  •  The circuit-switched telephone network that has been in use for over a century is called the PSTN.

  • It connects calls via a particular network of physical lines and switches.

  • The PSTN is the industry standard for emergency services because it is extremely dependable and provides consistent call quality.

  • The PSTN is mostly used by landline phones and older phone systems.

  • However, VoIP has more functionality and flexibility, while PSTN can be more expensive.

  • It uses the SS7 (Signaling System 7) protocol for various signaling and control functions.

In recent years, VoIP has gained prominence due to its cost-effectiveness and versatility, while the PSTN continues to serve as a reliable foundation for essential telecommunications services.

The Evolution of Spoofing Techniques

Techniques for spoofing calls have improved over time and become more complex. Technologies like Voice over Internet Protocol (VoIP) and flaws in the Signaling System 7 (SS7) protocol have accelerated this change. These developments have made it easier for attackers to intercept and alter signaling communications, enabling them to easily change Caller ID data.

How call spoofing architecture works in a real-world situation

Using a variety of techniques and architectures, caller ID spoofing can be achieved in real-time situations. This is how it generally goes:

  1. User Interface and Configuration:

    Through a user interface, the caller (the spoofing party) may use a Caller ID spoofing service. This could be a direct link to a VoIP platform with spoofing features, a mobile app, or even a website.

  2. Selecting Spoofed Information:

    The user selects the caller ID details they wish to show when on the phone. This includes selecting a fake caller ID and phone number. To make the fake number look more legitimate, certain services could additionally let customers choose the desired area code or country code.

  3. Connecting to the Spoofing Service:

    By including the recipient’s phone number and the spoof caller ID information, the caller places a call using the spoofing service.

  4. VoIP or PSTN Call Setup:

    The call may be initiated using VoIP (Voice over Internet Protocol) or the Public Switched Telephone Network (PSTN), depending on the architecture and service being utilized. When using VoIP, the call is forwarded to the recipient via the internet. It follows conventional telephone routing while using PSTN.

  5. Passing Caller ID Information:

    When a call setup request is issued, the spoofing service sends the telecom carrier or VoIP provider the caller ID information (both real and fake). This is accomplished using signaling protocols, such as SIP (Session Initiation Protocol) for VoIP calls or SS7 for classic PSTN calls.

  6. Carrier’s Role:

    The call setup request with caller ID information is sent to the telecom carrier or VoIP provider. This information is normally verified in a legitimate scenario and delivered to the recipient in its current state. However, when Caller ID is spoofing, the fake data is sent together with the request.

  7. Intercepting SS7 (if applicable):

    The attacker may now intercept and change SS7 signaling packets to manipulate the caller ID data if the design uses SS7 (Signaling System 7) for call routing and they have access to SS7 vulnerabilities.

  8. Recipient’s Phone Rings:

    As soon as the recipient’s phone rings, the fake caller ID information appears on their screen. This includes the caller’s selected phone number and fake caller name.

  9. Call Completion:

    If the person receiving the call picks up, they are connected to the caller. The fake caller ID is shown while the discussion is still being carried out.

  10. End of Call:

    The spoofed caller ID information usually appears in the recipient’s call history after the contact has ended, giving an illusion that the call originated from the spoofed source.

It’s critical to highlight that Caller ID spoofing can be employed maliciously as well as for good. While some services have legitimate applications, such as showing a reliable business number, others can be used for fraud, phishing, and scams. Furthermore, the security of the architecture can differ significantly depending on the service provider and the safeguards in place to guard against abuse.

The Need for Action

  • Protecting Vulnerable Populations: Call spoofing targets elderly people and other vulnerable people. These victims are more attractive for scam artists since they might be less tech-savvy and more prone to trusting fake incoming calls.
  • Legal and Regulatory Efforts: Call spoofing is forbidden by laws and regulations, and offenders are prosecuted. Successful prosecutions serve as evidence that consumer protection laws are being followed.

Technological Solutions

  • Caller ID Authentication: Through the use of STIR/SHAKEN technology, caller ID authentication confirms the accuracy of the information. It is more difficult for attackers to spoof numbers with this additional degree of security.
  • Anti-Spoofing Measures: Telecom companies are taking action to cut down on call spoofing. Among precautions in place are network-level screening and blocking of well-known forged numbers. Users are given control over incoming calls by providers, allowing them to recognize and stop potentially fraudulent calls.

Staying Informed and Vigilant

Educating the Public

In order to identify and report forged calls, public awareness and education are essential. We can all work together to increase awareness and defend ourselves against these dangers by remaining informed and discussing information with friends and family.

Example Video POC:

Note:
In this example, we have demonstrated a call spoofing demo. Please note that we have not provided any instructions on how to configure call spoofing or utilize any third-party services. This is purely a demo video intended for educational purposes and to raise awareness about the potential risks associated with call spoofing.

In this video POC, we have configured a VOIP service on a separate device, which we’ll refer to as the “attacker device.” In this scenario, the attacker is initiating a call from “Device B” to “Device A.” This serves as a perfect example of call spoofing, showcasing the potential risks and vulnerabilities associated with such practices.

Conclusion

Call spoofing is an increasing issue that affects both people and businesses. The use of it in phishing scams and money-laundering schemes highlights how urgent it is to act against this developing threat. We can defend ourselves and our communities from risk of call spoofing by remaining aware, supporting legal restrictions, and implementing technology solutions. In this digital age, education and awareness are our best weapons.

Subscribe to our Newsletter
Subscription Form

Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.

Subscribe to our newsletter

Subscription Form

Services

Products

Conference

Resources

About

Iot Security Testing
Red Team Assessment
Product Security
AI/ML Security Audit
Web Security Testing
Mobile Security Testing
DevSecOps Consulting
Code Review
Cloud Security
Critical Infrastructure
SOC Service
ExPLIoT
CloudFuzz
Nullcon
Hardwear.io
Blog
E-Book
Advisory
Media
Case Studies
MasterClass Series
BugBazaar
Securecode.wiki
About Us
Career
News
Contact Us
Payatu Bandits
WhatsApp Community
Hardware-Lab
Disclosure Policy
Corporate Partners
Youtube Linkedin Facebook Twitter Instagram Whatsapp
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trade Ledger takes privacy and security of it’s customers and system very seriously. We needed an independent audit to check our systems, and wanted to partner with a team that understands the compliance environment of banks.
MARTIN MECCAN
MARTIN MECCANCEO - TradeLedger Australia

Trusted by