17

Yesterday, I listened about caller-id spoofing and was left astonished as its misuse can result in severe consequences for victim.

Please tell me how to protect myself from this prank and is there anyway to recognize that it is a fake call?

techraf
  • 9,141
  • 11
  • 44
  • 62
Divyanshu
  • 305
  • 3
  • 13

1 Answers1

20

You've already taken the most important first step to protecting yourself, and that it to recognize that caller-id information can be spoofed, and is not entirely trustworthy. The second step is to apply that knowledge, and stop relying on caller-id. If someone calls you and asks for personal information, even if the caller-id appears to be the legitimate number for an organization you trust, don't assume that it's true. Call them back at a number that you can independently verify is correct.

As to recognizing when caller-id is being spoofed, generally no, you can't. If there were a fail-safe way to do this, then swatting would be impossible, and we know from experience that it is not.

Xander
  • 35,525
  • 27
  • 113
  • 141
  • 8
    Agreed. Caller-ID is a convenience, not an authentication method. – schroeder Mar 22 '15 at 00:23
  • 2
    +1. CID allows for untrusted input, so can be a component of social engineering. – ǝɲǝɲbρɯͽ Mar 22 '15 at 00:50
  • 3
    If you need to rely on CID, the other method would be to call the number back (assuming you originally recognize the number). Should you get some other company/person than was talking to you, it was a spoof. Or, use *69 (or whatever the automatic callback code is) to call the caller back, which doesn't depend on CID, but rather information from the telco switches (assuming I understand this feature correctly). Either way, you should never provide personal/confidential information to a caller without verifying/challenging their identity. – phyrfox Mar 22 '15 at 07:39
  • How about [Google Verified Calls](https://developers.google.com/business-communications/verified-calls) technology? Seems like a legit defence against Caller ID spoofing. – dzieciou Jul 25 '21 at 15:41
  • 1
    @dzieciou I would say that while it certainly looks like it has technical merit as a solution, it isn't really a practical defense given its limitations; specifically that it just isn't going to be available for most calls. – Xander Jul 25 '21 at 18:52