In the present era of seamless communication and always-available phones, call spoofing is a new and unexpected concern. This scam manages caller identifying (Caller ID) data to maintain the true source of a call.
Imagine a situation when an attacker/hacker/scammer contacts your parents on purpose, but their Caller ID shows your identity and phone number. The fraudster says you were involved in a major car crash and require money immediately to pay for medical expenses. This scary example clearly highlights the serious consequences of call spoofing, particularly when it’s used for phishing attempts and financial frauds.
This year’s Cybersecurity Awareness Month, CISA emphasizes on how to Secure Our World. With this blog, you can get an insight into the attacker’s world and implement all the necessary actions to protect yourself from call spoofing and phishing.
Note: In this blog, we’ll explore call spoofing, its risks, and the need to combat it. We do not endorse or provide guidance on its practical implementation. According to the DOT, using a forged call service violates Section 25(c) of the Indian Telegraph Act. Making use of such a service could result in a fine, three years in prison, or both.
Understanding Call Spoofing
What Is Call Spoofing?
Fundamentally, the practice of call spoofing involves creating fake caller identification (Caller ID) data. To look as though the call is coming from a trustworthy source, even someone close like a family member, attackers change the information displayed on the recipient’s phone.
Voice over Internet Protocol (VoIP) and the Public Switched Telephone Network (PSTN) are two distinct technologies for voice communication:
VoIP (Voice over Internet Protocol):
VoIP makes it possible to have voice and multimedia conversations across IP-based networks or the internet.
For transmission, it transforms analog voice signals into digital data packets.
VoIP is popular for both personal and professional use because it provides cost savings, flexibility, and a host of functions.
VoIP is a voice and video calling technology used by applications like WhatsApp, Zoom, and Skype.
Although VoIP is vulnerable to possible security and quality problems, these issues have been addressed through evolution.
VoIP commonly uses the Session Initiation Protocol (SIP) for communication.
PSTN (Public Switched Telephone Network):
The circuit-switched telephone network that has been in use for over a century is called the PSTN.
It connects calls via a particular network of physical lines and switches.
The PSTN is the industry standard for emergency services because it is extremely dependable and provides consistent call quality.
The PSTN is mostly used by landline phones and older phone systems.
However, VoIP has more functionality and flexibility, while PSTN can be more expensive.
It uses the SS7 (Signaling System 7) protocol for various signaling and control functions.
In recent years, VoIP has gained prominence due to its cost-effectiveness and versatility, while the PSTN continues to serve as a reliable foundation for essential telecommunications services.
The Evolution of Spoofing Techniques
Techniques for spoofing calls have improved over time and become more complex. Technologies like Voice over Internet Protocol (VoIP) and flaws in the Signaling System 7 (SS7) protocol have accelerated this change. These developments have made it easier for attackers to intercept and alter signaling communications, enabling them to easily change Caller ID data.
How call spoofing architecture works in a real-world situation
Using a variety of techniques and architectures, caller ID spoofing can be achieved in real-time situations. This is how it generally goes:
- User Interface and Configuration:
Through a user interface, the caller (the spoofing party) may use a Caller ID spoofing service. This could be a direct link to a VoIP platform with spoofing features, a mobile app, or even a website.
- Selecting Spoofed Information:
The user selects the caller ID details they wish to show when on the phone. This includes selecting a fake caller ID and phone number. To make the fake number look more legitimate, certain services could additionally let customers choose the desired area code or country code.
- Connecting to the Spoofing Service:
By including the recipient’s phone number and the spoof caller ID information, the caller places a call using the spoofing service.
- VoIP or PSTN Call Setup:
The call may be initiated using VoIP (Voice over Internet Protocol) or the Public Switched Telephone Network (PSTN), depending on the architecture and service being utilized. When using VoIP, the call is forwarded to the recipient via the internet. It follows conventional telephone routing while using PSTN.
- Passing Caller ID Information:
When a call setup request is issued, the spoofing service sends the telecom carrier or VoIP provider the caller ID information (both real and fake). This is accomplished using signaling protocols, such as SIP (Session Initiation Protocol) for VoIP calls or SS7 for classic PSTN calls.
- Carrier’s Role:
The call setup request with caller ID information is sent to the telecom carrier or VoIP provider. This information is normally verified in a legitimate scenario and delivered to the recipient in its current state. However, when Caller ID is spoofing, the fake data is sent together with the request.
- Intercepting SS7 (if applicable):
The attacker may now intercept and change SS7 signaling packets to manipulate the caller ID data if the design uses SS7 (Signaling System 7) for call routing and they have access to SS7 vulnerabilities.
- Recipient’s Phone Rings:
As soon as the recipient’s phone rings, the fake caller ID information appears on their screen. This includes the caller’s selected phone number and fake caller name.
- Call Completion:
If the person receiving the call picks up, they are connected to the caller. The fake caller ID is shown while the discussion is still being carried out.
- End of Call:
The spoofed caller ID information usually appears in the recipient’s call history after the contact has ended, giving an illusion that the call originated from the spoofed source.
It’s critical to highlight that Caller ID spoofing can be employed maliciously as well as for good. While some services have legitimate applications, such as showing a reliable business number, others can be used for fraud, phishing, and scams. Furthermore, the security of the architecture can differ significantly depending on the service provider and the safeguards in place to guard against abuse.
The Need for Action
- Protecting Vulnerable Populations: Call spoofing targets elderly people and other vulnerable people. These victims are more attractive for scam artists since they might be less tech-savvy and more prone to trusting fake incoming calls.
- Legal and Regulatory Efforts: Call spoofing is forbidden by laws and regulations, and offenders are prosecuted. Successful prosecutions serve as evidence that consumer protection laws are being followed.
- Caller ID Authentication: Through the use of STIR/SHAKEN technology, caller ID authentication confirms the accuracy of the information. It is more difficult for attackers to spoof numbers with this additional degree of security.
- Anti-Spoofing Measures: Telecom companies are taking action to cut down on call spoofing. Among precautions in place are network-level screening and blocking of well-known forged numbers. Users are given control over incoming calls by providers, allowing them to recognize and stop potentially fraudulent calls.
Staying Informed and Vigilant
Educating the Public
In order to identify and report forged calls, public awareness and education are essential. We can all work together to increase awareness and defend ourselves against these dangers by remaining informed and discussing information with friends and family.
Example Video POC:
In this example, we have demonstrated a call spoofing demo. Please note that we have not provided any instructions on how to configure call spoofing or utilize any third-party services. This is purely a demo video intended for educational purposes and to raise awareness about the potential risks associated with call spoofing.
In this video POC, we have configured a VOIP service on a separate device, which we’ll refer to as the “attacker device.” In this scenario, the attacker is initiating a call from “Device B” to “Device A.” This serves as a perfect example of call spoofing, showcasing the potential risks and vulnerabilities associated with such practices.
Call spoofing is an increasing issue that affects both people and businesses. The use of it in phishing scams and money-laundering schemes highlights how urgent it is to act against this developing threat. We can defend ourselves and our communities from risk of call spoofing by remaining aware, supporting legal restrictions, and implementing technology solutions. In this digital age, education and awareness are our best weapons.