Time To Ban Caller-ID Spoofing (Again)?
Your phone rings, and a quick glance at the area code helps you decide to answer the call. But instead of a forgotten friend or a local business client, you get “Heather from Account Services,” offering to lower your credit card interest rate. Again. Just like yesterday. And the day before. Here's the scoop on what you can do about this annoying problem… |
Should You Answer That Call?
The phone is ringing again. If the area code was one of the toll-free kind (800, 833, 844, 855, 866, 877 or 888) you would never have answered. By now you've learned that nothing good comes from a call made from a toll-free number. After all, toll-free numbers were created for YOUR convenience, so you could contact businesses without incurring the cost of a long-distance call.
Had it been from the Washington, DC, Area Code, 202, you would not have answered yet another fundraising call from your dully (sic) elected Congresscritter. Similarly, a call from the 702 Area Code may mean only that you left your toiletries behind at the Days Inn in Las Vegas.
But in the past year, I've been getting several calls a day that show the incoming number matching not only my area code, but also my local exchange. Ordinarily, that would mean a neighbor calling. But thanks to software that lowers the technical barriers to Caller-ID spoofing, it could be a telemarketer in Toledo, Tacoma, or Timbuktu.
And increasingly, I am getting calls that display only “PRIVATE” instead of a name or phone number. I don’t answer such calls, and if the caller does not leave a voicemail message I will not call back. This seems like a simple, obvious solution to telemarketers who hide behind “PRIVATE” phone numbers. But it has a certain medical practice up in arms.
There is a local doctor who thinks the entire world must conform to his office practices. His phone system sets all outgoing calls made by his staff and his auto-dialing appointment reminder to “private.” Patients who block calls from “private” numbers, as many people do, don’t get important calls from staff or the nuisance of yet another reminder they don’t need. This doctor tells patients that they must unblock all calls from “private” numbers or find another practice. So I found another practice.
Black, White and Gray Areas
Another medical practice spoofed its caller-ID, sending me the number 555-555-1212. That number is so obviously fake that I blocked it instinctively. Then I got irritated because my doctor’s office was not returning my phone calls. It took two months to figure out why. I came very close to "firing" that doctor, too. I am sure I know how it happened.
An office staffer drew the short straw and the task of “programming” the new office phone system. She followed the system’s voice prompts to set things up. When it asked her for the number to send for caller-ID, she thought to herself, “Hmm... I don’t want to send our real number for patient privacy considerations. So I’ll just make one up: 555-555-1212.”
I am not a lawyer, but it seems to me that if a patient signed a form indicating that he wants you to leave all the details of his test results on his voicemail inbox, then he is not at all concerned that a passerby might catch a fleeting glimpse of a phone number and remember that it belongs to a certain medical practice. So “patient privacy considerations” are absurd, in this case. There is no good reason for your doctor to spoof caller-ID data, let alone set all outbound calls to “private.”
As you can see, the Caller-ID spoofing world is not neatly divided into good guys and bad guys. There are plenty of good guys who would call home before battle but would have to do it while disguising their identities. There are plenty of office staffers who don’t think through their cunning plans. So when we debate whether to ban caller-ID spoofing, there is a lot of grey area to discuss.
Will New Laws Solve the Problem?
Kathy Afzali, a politician who represents Carroll and Frederick counties in Maryland, got a taste of caller-ID spoofing that alarmed her. “You should not be able to masquerade as someone familiar or safe to someone on the other end,” Afzali said. Researching federal law on caller-ID spoofing, she found it has gaping loopholes.
That federal law is called, appropriately enough, The Truth in Caller ID Act of 2009. It authorized the FCC to come up with and enforce rules that prohibit any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value.
Well, that lets our medical people off the hook, and a lot of bad guys. Any time a prosecutor has to prove “intent,” he will back away from the case because it’s nearly impossible to prove what someone else was thinking. In practice, caller-ID spoofing won’t be prosecuted unless actual harm can be found that has been done to consumers. And annoying you a dozen times a day doesn't quality as "harm" in a legal sense.
Afzali’s bill, which would apply only in Maryland, eliminates all of that “intent” wiggle room, and all exemptions and excuses. It’s probably flawed, but it's at least a start at addressing a problem that vexes nearly everyone with a phone. Perhaps it will serve as a model for other states to adopt similar legislation, and one of them will get it right. That's the beauty of our "laboratories of democracy" in the USA.
But as we all know thanks to “Heather from Account Services” and her legion of clones, the existing federal law has not stopped caller-ID spoofing. It’s not as if the FCC has not been trying, though. Penalties of up to $10,000 per violation can be assessed if someone is found to violate the spoofing law.
In August, 2017, the FCC proposed a fine of more than $82 million against a man who made more than 21 million robocalls with false called-ID data. He was trying to sell health insurance. In June, 2017, the FCC proposed a fine of nearly $120 million against a man who caused nearly 100 million robocalls with false caller-ID data to be made.
These cases and others like them are all subject to civil asset forfeiture rules. Just about any assets that may have been obtained with or used to obtain the fruits of a crime can be seized and sold by the federal government. Whether these guys have assets worth anywhere near their fines remains to be seen. But it’s a start.
For now, the best defense is a combination of common sense and technology. Tools like the ones I mentioned in my article on fighting robocalls can help to weed out the spammers and scammers. For those that calls that do ring through, I recommend that you answer only calls from numbers you recognize. Voicemail is your friend. Unless of course, you enjoy toying with the telemarketers.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Apr 2018
For Fun: Buy Bob a Snickers. |
Prev Article: SOPHOS Business-Grade Security for Your Home |
The Top Twenty |
Next Article: [ALERT] Facebook Surveys and Quizzes |
There's more reader feedback... See all 55 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Time To Ban Caller-ID Spoofing (Again)? (Posted: 9 Apr 2018)
Source: https://askbobrankin.com/time_to_ban_callerid_spoofing_again.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Time To Ban Caller-ID Spoofing (Again)?"
(See all 55 comments for this article.)Posted by:
MmeMoxie
10 Apr 2018
This article touches on a problem that affects ALL of us!
I have had my share of robocalls, spamming phone calls & plain irritating phone calls. These have been mostly on my landline phone. My cell phone will get them, once in awhile, but I have been getting messages for "renewing your car's extended warranty", when my car is 14 years old!!!
I just got HiYa and Mr.Number on my phone by reading the comments from William and a couple of others. I am impressed with both of these programs. It may be "overkill" but I don't mind a backup for good service.
Just a note: Both HiYa and Mr.Number are by the same company. Both looked at my phone calls that I missed and told me which ones needed to be blocked and who they were. I really like that, since I do hate having mystery callers! }:O)
Posted by:
JudyB
10 Apr 2018
a note to srsvii - we have Consumer Cellular and I have a list of blocked numbers on my phone. So as far as I know they do allow it.
I have, for years, even in the day of the old answering machine, only answered calls I knew the number. If someone wants me bad enough they can leave a message and I'll call back. My drs. office uses the no number or private number and they always leave a message so I just return the call. These spammer/scammers are a pain but I refuse to let them get any of my time.
Posted by:
pmwill
10 Apr 2018
Hot topic, I know Heather got just last week. I fill up my blocking allocation dump it and go again. I have to remember some in my area code that come unknown and one time for the voice mail and they're done. What a pain and I found from your previous articles that I had opted out in 2015. Not much good is it?
Thanks, PMW
Posted by:
Edward Gwin
10 Apr 2018
I have gotten calls on my house phone showing my cell phone number. I have been using nomorobo for a couple of years. It will catch most of the robo calls,but not all.Best thing is let it go to your answering service.
Posted by:
kevin
10 Apr 2018
To "The Other Al" who asked: "...is there a law against blowing a VERY SHRILL whistle into the phone?"
No, there is no law, but there is a limit to how much volume can actually pass through any phone line, due to the specifications of the equipment used throughout the system. Using an extremely loud voice, even shouting, will not really sound much louder than a normal strong speaking voice to the person at the other end of the line . Blowing a loud whistle will, however, sound annoyingly shrill to the person blowing it and other people or pets in the house (and perhaps innocent neighbors).
Posted by:
kevin
10 Apr 2018
Enrolling with Nomorobo helps, but the most effective remedy I have found for unwanted calls to my landline is to use a callblocker that lets you program "wildcard" numbers into the unit's "block" list. Mine can block entire area codes, OR 3-digit exchanges within those areas, OR any short number string you enter. Unlike most other models, it can also let you specify numbers that you want exempted from those restrictions (like if you want to get calls from a friend who lives in an area code that you otherwise are blocking because telemarketers use that same area code.)
But, for the very best results, many models give you the option of programming in the numbers (or area codes /exchanges) that you DO want to accept calls from, and then blocking ALL others. So, if you know all your friends, family, and business contacts' numbers, you can base the callblocker's "Whitelist" (of OK callers) on those numbers. Then, if an incoming call does not have a Call-ID matching a number on your approved list (or compatible with one of your wildcards on that list), it will not even ring your phone.
Don't worry that the Whitelist approach might mistakenly block wanted calls from contacts you forgot to include on your list, or from new contacts that you neglected to add promptly. Just leave an answering machine connected on the line and it will take messages from those people if they call (theoretically, also from telemarketers, but they rarely leave messages these days). So if you hear a message from a person whose call you would have wanted to accept, it means you will have missed their call, but only once - because you will then know to add their number to your Whitelist. The callblocker I use prevents ringing from almost every one of the many spam calls that l get. If I want, I can see a list of all the blocked calls displayed on the unit's screen, to great satisfaction.
Posted by:
Robert Ames
10 Apr 2018
I never answer a call that doesn't show as being someone on my contact list anyway, knowing that if it is legit they can leave a voicemail and I can call back. I recently installed the callcontrol app so that the ones supposedly from my area code and exchange don't even get to ring my phone.
Posted by:
Greybeard
10 Apr 2018
As Charley posted, the problem isn’t a lack of will or technology, it’s that the system is not built to make CallerID verification possible.
When CLID was developed, they weren’t thinking about VoIP or scammers: they were thinking about company switches, where your desk phone uses some random line for outgoing calls, never the same one twice in a row. They didn’t want that number to show up on CLID, as folks couldn’t call it back and get you (or perhaps anyone). So they made it so a switch can fake the originating number, so a call from E-Corp shows the main E-Corp number, not that random line.
Obviously with scammers, that’s not great. But it’s not at all clear how to fix it, since it would break so many providers (Vonage et al., not to mention many “landlines” which are now also VoIP).
It’s also important to recognize that the way CallerID works is that the name info is NOT transmitted with the call—just the number (if at all). The local switch does a “database dip” – a lookup, reaching out to the carrier’s database. And sometimes that lookup fails: no info (which may be reported as “UNKNOWN” or equivalent), or it just times out. That’s why your neighbor’s call might show full info 99 times out of 100, and that 100th time, it doesn’t: the database dip failed.
In the last decade or so (maybe less, not sure) local switches have started being smarter about these failed lookups, and looking at the nxx (the “exchange”, the first three of a seven-digit number), the area code, or the country code, and reporting based on that. We have a friend whose cellphone has an exchange that’s nominally about 15 miles from her home for some reason; her calls always show as that town, because Verizon Wireless doesn’t make the name database available (for reasons they’ve never been able to explain when I’ve asked, since other providers do so). And we get calls that say “TEXAS” or whatever, or even a country name.
I’m not trying to sound like an apologist here: a design mistake was made, in good faith and for a (then) good reason, and we’re paying the price now. But as others have noted, there has been a lot of thought, effort, and money put into trying to solve this, and there doesn’t seem to be a solution without changing things in ways that people won’t find acceptable.
Use NoMoRobo when available, cellphone apps like TrueCaller and HiYa and the like, and letting it either go to voicemail or just picking up and hanging up immediately seem like the best solution. As others have noted, if it’s a legit call that you just didn’t recognize, they’ll call back. I have yet to get an immediate callback from a scammer, so if I do “bounce” the call and it rings again immediately with the same number, I do pick up.
Finally, be gentle when someone does get through to you who thinks you called them—remember that they’re probably just a victim of a scammer faking YOUR number. I’ve even seen scammers so stupid that they faked the number they were calling; that was one call I was sure wasn’t legit! And yesterday I got one whose CLID showed as “FRAUD”. Truth in advertising for once.
Posted by:
Doug W.
10 Apr 2018
I tend to have some fun with spam callers, and also have a method that virtually eliminates callbacks. I have authority to record all of my landline calls, and have this equipment connected at all times. I answer unknown incoming calls with a simple phrase: "Hello, this call is being recorded." I usually get an awkward pause followed by a hangup on their end!
Posted by:
greg
11 Apr 2018
all calls touch phone providers equipment first. Display the real number to the called. multi line buss. can use their equipment thru the provider to display the number they want to be the call back. I know they can do it. Till then Mrnumber has my back
Posted by:
RandiO
11 Apr 2018
To ALL Ladies and Gents who use the services of NoMoRobo:
Please consider donating to the tipping jar for them. As that is a very great FREE service which we don't want to go belly up or *shudders* in desperate need for $$ >> they may think of pawning all our phone#s.
Posted by:
Lionel
11 Apr 2018
Talk about spoofing - I have been getting calls from actual local real numbers. One that was particularly troubling identified as the local hardware store (their number). It was one of the credit card callers. How do they get actual numbers to ID? That is really troubling. I can't block them.
Posted by:
Gar Suitor
12 Apr 2018
I think it should be possible to create a 'whitelist' of phone numbers from which you will accept calls, if that's what you wish to do. All others would simply be disconnected.
I pay for my phone, which I have for MY convenience. No one else. If I don't want to be bothered by calls from anyone, for any reason, I should have that right. That includes politicians, charities, or anyone else I don't want to hear from. When the politicians, charities, or whoever starts picking up my phone bills, then they can claim they have a "right" to access my phone.
Posted by:
kevin
12 Apr 2018
Retaliating with a clever response, or any other "solution" that still involves letting the bad calls ring your phone in the first place, is really no solution at all. The main nuisance is not so much receiving a call that turns out to be unwanted as it is having had to stop whatever you were doing at the time. Even if you plan to simply not answer (and let your machine record their message), just being disturbed (perhaps awakened) by the ringing is enough of a problem in itself. So it's better to use callblocking techniques that don't even let your phone ring if the caller-ID is likely to be a spammer. I describe this approach in a previous post on this topic.
Posted by:
GeordieLad
12 Apr 2018
To add to Kevin's comment, I too have been plagued by fake number callers here in the UK (my BT directory tells me that the five digit area code is unrecognised). Usually, to callers claiming to be from Microsoft, BT or whoever, I respond very forcibly in the hope that my bad language will put them off further calls. However, one such response recently simply provoked another nuisance call advising me that my landline would be disconnected forthwith! It wasn't, of course, but clearly these phone pests won't take NO (or anything else) for an answer.
Posted by:
bruce
14 Apr 2018
I agree that if you don't recognize the phone number don't answer it. My wife is tired of being a prisoner of the phone. Meaning that she should not have to stop answering the phone because of unscrupulous lowlives. The other day she answered a call from a different area code. It was someone claiming to be from some tech company. They said I have a computer virus, yet they still asked me if I have a computer. Really? So I decided to mess with them and act stupid. After a few minutes this dude says to me, with anger, for the last 3 minutes you are "bullshitting" me. I said, hey, you called me. He then hung up the phone. I loved it!!!
Posted by:
Reginald Mastengie
20 Apr 2018
I refuse to answer any number I don't know period. If you want me to call back, leave a message. My daughter, however, answers most calls and sometimes gives me the phone. The dirty look I give her doesn't mean a thing. I usually then hang up. I constantly hear her complain when she gets the usual telemarketer on the phone. When will she ever learn?
Posted by:
Reggie
20 Apr 2018
I refuse to answer any number I don't know period. If you want me to call back, leave a message. My daughter, however, answers most calls and sometimes gives me the phone. The dirty look I give her doesn't mean a thing. I usually then hang up. I constantly hear her complain when she gets the usual telemarketer on the phone. When will she ever learn?
Posted by:
Left Coast Bill
03 May 2018
We recently purchased a set of Panasonic phones at Costco. When we answer a call from an unknown, we say "hello" a few times, wait for a response and if we don't like the results we push the "CALL BLOCK" button on our phone. If that number calls us again, our phone will ring one time and cancel the call. It is that simple.
Posted by:
bill
02 Jan 2019
"Why can't we reverse the law and make rule that the phone companies can only put through calls from numbers the customer allows?"
Do you have a list of every number that you MIGHT want to receive phone calls from - including in the future?