When caller ID first arrived on the scene it seemed like a godsend to many people: Now you could easily identify who was on the line and ignore unwanted calls, whether from telemarketers, an ex-boyfriend or an unfriendly collection agency.
But as often happens, unscrupulous individuals soon began manipulating the technology to defraud people by pretending to be someone else. Their scheme is called "caller ID spoofing" and disturbingly, it's perfectly legal in many cases.
Here's how caller ID spoofing works and what precautions you should take to avoid being victimized:
For a very low cost, businesses and individuals can use widely available caller ID spoofing software to generate calls which alter the telephone number and/or name that appear on the recipient's caller ID screen.
Police, private investigators and collection agencies have used legal spoofing services for many years. Others who might have a legitimate reason to hide their identity when making a call include domestic violence victims and doctors returning patient calls who don't wish to release their private telephone numbers.
Beyond that, the lines of legality begin to blur. The Truth in Caller ID Act of 2009 prohibits anyone from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongfully obtain anything of value. Violators can be penalized up to $10,000 for each infraction. Unfortunately, such penalties haven't dissuaded many scammers.
One common caller ID scam involves spoofers pretending to represent a bank, government agency, insurer, credit card company or other organization with which you do business. They count on you being reassured after recognizing the company's name on your screen.
Under the pretext of warning about an urgent situation (breached account, late payment, pending insurance claim, missed jury duty summons, etc.), the spoofer will try to coax you into revealing personal or account information, supposedly to verify their records.
Often these are robocalls, where a recorded voice asks you to stay on the line to speak to a representative or call another number for more information. Do not. Probably thousands of other people are receiving the same message at the same time. If you suspect the call might possibly be genuine, contact the company yourself at the toll-free number found on your card, account statement or the company's website.
You should never reveal your full Social Security number, mother's maiden name, credit card number, passwords or other private information over the phone unless you initiated the call yourself. Someone possessing such information could use it to gain access to your existing accounts to withdraw or transfer money, raise credit limits or snoop around your recent activity, among other intrusions.
ID thieves also can use your personal information to open new credit accounts (e.g., credit cards, mortgage or car loan), create a new identity or even obtain a job fraudulently. Often, you won't even realize something's wrong until a collection agency -- or the IRS -- starts hounding you for unpaid bills or taxes.
Another common caller ID spoof involves hacking into someone's voice mail account. Many cellphone users never bother to set up passwords on their voice mailboxes (big mistake). And, since many voicemail systems grant access to callers phoning from their own number, a hacker could easily spoof your number and gain access to your messages. (You may recall this practice brought down the British tabloid News of the World in 2011.)
The increasing popularity of voice over Internet protocol (VoIP) phone services like Skype and Vonage also has increased caller ID spoofing activity. These services use computer addresses instead of actual phone numbers to connect via the Internet, so scammers can choose any available area code and phone number, making it even harder to determine who's who on your phone.
Other related identity theft scams to watch out for include:
Email phishing: Like spoofing, but with email. A supposedly trusted source (often from a fabricated email account) tries to trick you into supplying or confirming account information, log-in IDs or passwords, often by trying to create a sense of urgency; for example, saying your account will be frozen if you don't respond immediately.
Legitimate organizations rarely, if ever, ask you to verify sensitive information through a non-secure means like email. When in doubt, look up their contact information separately and call to verify if it's legitimate. And don't click on links or attachments in unsolicited emails, which could install malicious software on your computer.
SMiShing (for "Short Message Service" phishing): Like phishing, only it uses text messages sent to your cellphone. Even if you don't click on any links or share information, just by responding you're verifying that your phone number is valid, which means it could be sold to others who will try to trick you into their own scams.
- The National Cyber Security Alliance's StaySafeOnline.org.
- The FBI's Be Crime Smart page, which highlights the latest scams and tells you how to report crime and fraud.
- The Federal Trade Commission's ID Theft, Privacy and Security page, which contains extensive information about identity theft, privacy and information security.
- My employer, Visa Inc., offers VisaSecuritySense.com which contains fraud-prevention tips for online transactions, when traveling, at retail establishments and ATMs, deceptive marketing practices, and more.
Bottom line: You wouldn't give your personal information to a stranger on the street. Take the same level of precaution with strangers on the phone -- or online.
This article is intended to provide general information and should not be considered legal, tax or financial advice. It's always a good idea to consult a legal, tax or financial advisor for specific information on how certain laws apply to you and about your individual financial situation.