47

Sequence of events:

  1. I didn't touch my phone all day (at work, busy day, know it didn't even come out of my pocket, but was on).
  2. 5:20pm I get a call by a guy asking me who I am and why I called him at 2pm. Tell him I didn't call him.
  3. Immediately after, I texted the guy who called me to text me if he verified I called him.
  4. ~7pm, he sends me a text with a screenshot of his call list, he had a call from me at 2pm (according to the screenshot). I sent him back a text of my call list with no call, end of story.

So, if I take this at face value (and not as some elaborate scam which I don't understand), someone called this guy from "my" phone number. Also, I think it's relevant that the guy was local, based on his area code.

  1. What are the risks?
  2. Should anything be done about this?
Rodrigo de Azevedo
  • 242
  • 2
  • 13
VSO
  • 523
  • 1
  • 5
  • 10
  • 52
    spoofing callerID is trivial, and is a common way for spammers to get people to pick up. In North America they often try a number with the same first 3 digits as your own after the area code, in an attempt to trick you into thinking a neighbor is calling you. – Steve Sether Oct 31 '19 at 14:35
  • @SteveSether I know nothing about this, so just to clarify - spoofing is nothing like cloning - they shouldn't be able to receive calls made/texts sent to me? – VSO Oct 31 '19 at 14:48
  • I'm confused. The title of your post is "someone called someone with my phone number", which is spoofing. What does that have to do with cloning? – Steve Sether Oct 31 '19 at 15:22
  • Nothing, I guess. Was wondering if I had to be concerned about cloning, I am getting that the answer is no. – VSO Oct 31 '19 at 15:42
  • 5
    Cloning is very unlikely. I can't say I'm terribly familiar with modern cell phone hacking but IIUC they would have had to clone your SIM, which requires physical access. – Steve Sether Oct 31 '19 at 16:22
  • 4
    Possible duplicate of [Someone is making random calls spoofing my phone number. What to do?](https://security.stackexchange.com/questions/173621/someone-is-making-random-calls-spoofing-my-phone-number-what-to-do) – Michael Oct 31 '19 at 23:35
  • 2
    There are a bunch of prank call websites that let you do this sort of thing... Nothing new. – multithr3at3d Nov 01 '19 at 03:16
  • 1
    @SteveSether your comment is a good answer to the question, can you please post it as such instead of using the comment section for answers? – Captain Man Nov 01 '19 at 17:44
  • @CaptainMan I don't think my answer is really any better than the accepted answer, and I posted it after it was created. I often use the comments section to encourage answers, and clarify the question rather than try to write up a full, formal answer. I find the comments often more helpful than answers since it encourages more informal discussions rather than being limited to posting something "correct". – Steve Sether Nov 01 '19 at 18:03
  • 3
    @SteveSether I understand your point but the comments are only for "ask[ing] for more information or suggest[ing] improvements" as said in the text box before posting one. It also explicitly says "avoid answering questions in comments". – Captain Man Nov 01 '19 at 18:09
  • @SteveSether Oddly, it has the opposite effect now – Azor Ahai -him- Nov 01 '19 at 20:57
  • It would be just like someone saying they received a letter with your address on the envelope as the return address. About as difficult, too. – spuck Nov 01 '19 at 21:59
  • 1
    @CaptainMan I'm not much of a rule follower, sorry. – Steve Sether Nov 02 '19 at 01:12
  • Related: https://security.stackexchange.com/q/211778/83382 – Machavity Nov 02 '19 at 23:16
  • Skype used to let you set whatever number you wanted as caller id, on my phone right now but think it still does. – Gman Nov 03 '19 at 01:15

4 Answers4

90

Someone placed a call to 'the guy', and spoofed the caller id to make it look like the call came from your phone number. Caller-id spoofing is not uncommon, and there are even VOIP services that actually offer this as a 'feature'. 'Junk callers' often spoof the caller id to make the call look like a 'local call', so as to make the recipient more likely to answer the call. See https://en.wikipedia.org/wiki/Caller_ID_spoofing for more info.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • 32
    I was sure that spoofing was made very difficult due to new tech in place. I see that I was very, very wrong. – schroeder Oct 31 '19 at 14:51
  • 7
    I know the feeling well. – mti2935 Oct 31 '19 at 16:30
  • 24
    @schroeder - US regulators could very easily stamp out spoofing, but for some reason they don't. – Hot Licks Oct 31 '19 at 23:55
  • 7
    @HotLicks probably because none of the corporations they're in the pockets of have an interest in having it stopped... – Austin Hemmelgarn Nov 01 '19 at 10:21
  • 2
    @schroeder: I assume you're talking about Caller ID Authentication (SHAKEN/STIR), mentioned at https://www.fcc.gov/call-authentication . That won't really have impact until all the carriers have implemented it (one missing carrier means spoofing can just pick numbers that aren't covered). Further, that just means the carriers know whether the number is spoofed. It does not guarantee that they use that information. – Brian Nov 01 '19 at 13:25
  • 3
    Stamping out callerid spoofing is not simple. The primary reason for this is the carrier providing incoming calls doesn't have to be the same one providing outgoing calls. This is what shaken/stir is supposed to address. The other thing you need to understand is that the telecom, and especially the PSTN business are, like most utilities, dinosaurs, and change only very slowly. i.e. this is more complicated than simply government corruption. – Steve Sether Nov 01 '19 at 14:24
  • 1
    It's not uncommon to get phone calls from your own number. I guess this could be on purpose but it seems more likely that it's just sloppiness. I used to get a lot of angry calls from people who had received a call from a scammer that was spoofing my number. I changed my voice mail to say it was a scam and added my number to a few of the "who's calling me" and identified my number as a scam. It seemed to resolve things. – JimmyJames Nov 01 '19 at 15:14
  • 16
    @HotLicks - one thing that's often overlooked: there's an actual need for spoofing in a non-spam/scam context. If a doctor calls a patient using their cell phone, they absolutely need the context of that call to be coming from their office number - otherwise, they're handing out their personal cellphone number to every patient they call. Any profession where the person needs to frequently work out-of-hours, but wouldn't want their clients to have their personal cell, is the business case for caller-ID spoofing. – Kevin Nov 01 '19 at 15:23
  • 1
    @JimmyJames I don't think I've ever gotten junk calls from my own number, but most of the spam calls on my cellphone are from the same area code and exchange. – Barmar Nov 01 '19 at 15:34
  • @Barmar I've seen it at least once on my own phone. I was pretty sure I wasn't calling myself so I didn't answer. Anecdotally, other people have told me of seeing this. I can't remember if there was a message but I'm guessing robo-calls (like the ones I get in Mandarin) and they just randomly select the last 4. – JimmyJames Nov 01 '19 at 15:41
  • 1
    It's happened on my wife's phone, and on the 800 number for the place where I work. It's [illegal now in Nebraska,](http://update.legislature.ne.gov/?p=26191) at least, but they're still figuring out how to effectively enforce it. It won't stop most of the real scammers, but it will make it more difficult for out-of-state entities to legally obtain in-state numbers for caller ID masking when telemarketing. – Joel Coehoorn Nov 01 '19 at 19:04
  • 2
    @Kevin Good point! But surely this doesn't preclude providers having countermeasures against *abusers* of masking, especially since clinics would be able to demonstrate full control over the number (e.g. by receiving a call to confirm permission during setup) – Seldom 'Where's Monica' Needy Nov 01 '19 at 20:46
  • @SeldomNeedy - true, but that depends on *every* provider taking active countermeasures against it, and *every* provider's countermeasure being effective. Don't get me wrong - I freaking *hate* the system in place and get the Silent-Robocall prelim call about 4-5 times a day. But I recognize that it's not a simple fix. – Kevin Nov 01 '19 at 21:12
  • 4
    @Kevin, your use case with the doctor's cell phone is valid, but there are ways to handle this. One that comes to mind is to have the phone system at the doctor's office call both the patient and the doctor, connecting them. – spuck Nov 01 '19 at 21:58
  • 6
    @Kevin the phone companies could allow this when the owner of the spoofed number agrees to it, and prevent it otherwise. Just like e.g. Gmail allows me to send emails with other sender addresses only if I show ownership of that address first. – Paŭlo Ebermann Nov 02 '19 at 00:41
  • @Kevin: That's a very good point, and shows one case where its actually a feature. However, I've had doctors actually give me their personal cellphone (maybe, I suppose they could have two phones or a dual sim) and one who gave out his Google Voice number. – President James K. Polk Nov 02 '19 at 14:02
  • What country are you in? Please tag your question. –  Nov 02 '19 at 15:27
  • If you tell your telecom provider about it, would they be able to find out the true phone number and caller id? – Zheer Nov 02 '19 at 21:23
  • Yes, carriers can usually find the true phone number that the call originated from using ANI. See https://en.wikipedia.org/wiki/Automatic_number_identification – mti2935 Nov 02 '19 at 21:37
  • 2
    @schroeder: I recently had a chat with our messaging team about how CLIP is carried over modern telecom providers . I was like you, thinking that new tech + European regulations would end spoofing (having worked for years for a mobile phone provider i knew the historical part). What I learned is that what is passed in the call, and what is allowed to be passed by the "telecom hops" (intermediate providers) is **completely arbitrary**. Some will allow spoofed information to go though, some not, some depending on the source etc. – WoJ Nov 03 '19 at 15:48
  • @WoJ here's to challenging assumptions and knowledge checking! – schroeder Nov 03 '19 at 15:51
  • @Kevin - But when a caller ID "spoofing" service accepts calls (and money) from offshore baddies who are known crooks, the service should have it's plug pulled. This would be a relatively straight-forward thing to do, as the regulators can sort this out fairly easily. – Hot Licks Dec 22 '19 at 02:22
5

Thinking in other way that this is kind of Social Engineering attempt.

When he(stranger) sent you the screen shot of his phone call list which might be a tailored (using photoshop tools) one i guess. But what you sent to him(stranger) is real screenshot of your call list. In my opinion we don't need to send our call list to stranger. In fact its better call your Telecom provider and cross check.

  1. What are the risks?

Ans: Risk is social engineering attempt to steal some info\activity about you.

  1. Should anything be done about this?

Ans: Call Telecom provider for cross check about this unusual activity.

user1808556
  • 124
  • 5
  • 2
    This is really unlikely, since the OP deliberately asked Stranger to send the screenshot and then voluntarily (without prompting) sent back their own screenshot. If there was any suggestion that the Stranger had prompted the screenshot exchange, then maybe, but Stranger calling randomly and claiming to have received a call and counting on that to generate a screenshot exchange seems...not plausible. – user3067860 Nov 01 '19 at 14:23
  • 4
    Both I and the stranger blacked out other calls. I also took a screenshot of the edited file in case any edit history is stored. – VSO Nov 01 '19 at 14:59
  • 1
    I think you meant to say the screenshot might be [*doctored*](https://dictionary.cambridge.org/dictionary/english/doctoring). – muru Nov 03 '19 at 03:45
4

Should anything be done about this?

I think you should do something about it. In particular, I think you should report it to a regulatory agency so they have the data point.

If you are in the US, then you can file a complaint with the FCC. The FCC handles spoofing where someone pretends to be you. Head over to FCC Consumer Complaints, Form 39744. It is a web form. For Phone Issue select Unwanted Calls. Then, for Unwanted Calls Sub Issue select My Own Number Is Being Spoofed.

You might be able to file a complaint with the FTC, too. The FTC complaint form is at Do Not Call Complaints. But the FTC usually handles unwanted incoming calls, and not the additional games like having your own number spoofed.

Carriers like Verizon are mostly (completely?) useless. I once received 7 calls in 90 minutes from a miscreant pretending to be me. The miscreant used my name and landline number to call on the landline. I reported all of the calls to Verizon's Unlawful Call Center in realtime and initiated a call trace for each call. Verizon did not block any of the spoofed calls even after they were reported to the company.

What are the risks?

Speaking in the context of the US... Law enforcement rarely investigates these matters unless there is a threat of physical or bodily harm, so you probably don't have to worry about law enforcement.

You might find your phone number is blocked by software like NoMoRobo. That's because called parties may report a call from your name and number to the FTC. The FTC maintains the Do Not Call (DNC) Registry and publishes the database at Do Not Call (DNC) Reported Calls Data Files. Services like NoMoRobo use the FTC data files.

I report every call like that to the FTC so the FTC has a data point. Usable data is paramount for policy and enforcement decisions. If the FCC and FTC don't have the data, then there is nothing to act upon.

Reporting to the FTC cuts both ways. I am also in the FTC database from miscreant spoofing my name and number.

If interested, it is not just you being spoofed. Apple is currently taking a beating in the Northeast United States.

I wrote software to log all incoming calls (in addition to killing calls, initiating call traces and filing FCC and FTC complaints). It has been running for about 8 months. Here is Apple's results:

sqlite> SELECT name,number,date FROM call_log WHERE name = 'APPLE INC' ;
APPLE INC|9492551500|2019-07-08 12:05:00
APPLE INC|2122263126|2019-08-08 17:59:00
APPLE INC|2122263126|2019-08-08 18:40:00
APPLE INC|2122263126|2019-08-08 19:12:00
APPLE INC|6784020725|2019-08-09 12:36:00
APPLE INC|6784020725|2019-08-09 13:09:00
APPLE INC|7049720980|2019-08-09 13:52:00
APPLE INC|7049720980|2019-08-09 14:32:00
APPLE INC|7049720980|2019-08-09 15:14:00
APPLE INC|6468023800|2019-08-09 15:51:00
APPLE INC|5126340520|2019-08-30 18:29:00
APPLE INC|5126340520|2019-08-30 19:12:00
APPLE INC|3236179800|2019-09-12 21:21:00
APPLE INC|8184779010|2019-10-23 19:47:00
APPLE INC|8184779010|2019-10-24 11:41:00

Those are real Apple Store phone numbers. It got so bad for Apple when you call one of their stores the welcome message alerts you of the spoofing.

Extrapolating my results for Apple, imagine 15 calls in 4 months x 182 million land lines + 240 million cell phones. That's nearly 6,330,000,000 (6.3 billion) spoofed calls claiming to be from Apple in four months.

  • 1
    *I report every call like that to the FTC...* Really? For me that would be thousands of calls each year. Or perhaps you were referring only to calls that spoof your own number. – President James K. Polk Nov 02 '19 at 14:06
  • 3
    @James - Yes, every suspicious incoming call. I wrote some Python scripts that use Selenium to file the online complaints. See, for example, [How to detect a button.click() failure in Selenium?](https://stackoverflow.com/q/55943908/608639) And it is a couple thousands calls a year for me also. –  Nov 02 '19 at 14:12
3

Spoofing is likely, especially if a business user previously had the number.

And if it is spoofing, they are a likely a cold call centre, so people calling you will be annoyed.

What country are you in? In Australia we have an odd situation for the (02) area code, where a lot of numbers have been issued as (02) 6141.... for some reason.

Fast forward to a Senior Citizen getting a call on their mobile phone from another mobile phone, generally 041......

Caller Id, as it should, packs on the country code and displays +6141.......

Ethel or Sid or whatever their name is, reads this as 6141... and dials it on a land line. Of course they don't know the "+" is an IDD prefix.

I worked somewhere that had a large number of these affected land line numbers, and we would get at least one a day. It was a good test of the intelligence of the phoned person.

mckenzm
  • 469
  • 2
  • 6
  • The information about (02) 6141 numbers being issued widely is false - calls from these numbers are made using caller ID spoofing. – fabspro Nov 01 '19 at 08:29
  • I can assure you that blocks of these numbers are used by Government departments, so yes some may be spoofed. But I have actually asked these callers what number they were dialling and there were extra digits. It is very common for spoofed numbers to be taken from directories. It adds credibility and adds to the "OK" count on reporting websites. – mckenzm Nov 02 '19 at 10:25
  • These scammers are always fascinating. Thanks for sharing your thoughts @mckenzm – fabspro Nov 23 '19 at 04:13