When caller ID gets spoofed
by David Lazarus, Los Angeles Times
Ed Stoecker’s brief, unintended and unhappy stint as a telemarketer occurred recently when he spent several days receiving angry calls from people who didn’t appreciate his bothering them.
“They all saw my number on their caller ID screen,” Stoecker, 58, told me. “They were upset that I seemed to have called them and then hung up just as they picked up the phone, like I was a robo-caller.”
Needless to say, he wasn’t the culprit. Stoecker was a victim of a growing problem called spoofing, a telephone sleight of hand that allows a scammer, telemarketer or debt collector to trick a caller ID system.
For example, instead of the name of a company or an 800 number, your caller ID screen might say “Customer Service” or show what looks like a non-commercial number.
The goal of spoofing is to fool people into picking up the phone, as well as to get around the federal government’s Do Not Call list. It also can be used to dupe people into sharing personal information.
“The caller ID might say ‘Los Angeles Police Department,’ and the person at the other end of the line might ask for all sorts of information about you,” said Robert Siciliano, an identity theft expert with security technology company McAfee.
“If you’re not careful,” he said, “you can get into real trouble.”
And here’s the real kick in the teeth: Spoofing isn’t necessarily illegal.
The federal Truth in Caller ID Act makes it a crime to use a bogus phone number or caller ID message to commit fraud or cause harm to others, such as trying to con someone into giving out a Social Security number.
But it’s not against the law to engage in what courts have called “non-harmful spoofing.” The Fifth Circuit Court of Appeals last year said examples of non-harmful spoofing include a domestic-violence victim trying to hide her whereabouts or a consumer withholding his or her call-back number from a company.
But that loophole, no matter how well-intended, has been embraced by businesses as a way to “non-harmfully” get through a household’s phone defenses.
“I bought a time share a few years ago,” Siciliano said. “Now I get calls every day from people trying to sell me time shares, and they all use spoofing technology.”
A Web search for “caller ID spoofing” will turn up numerous companies legally providing the service, such as SpoofCard, which offers 60 minutes of disguised calling for $9.95. “It’s fun and affordable to spoof your friends,” the company’s website says.
The Federal Communications Commission declined to make anyone available to discuss regulation of spoofing. But a spokesman pointed me toward a 2011 agency report on the Truth in Caller ID Act.
“Not all instances of caller identification manipulation are harmful, and some may be beneficial,” the report says.
For example, it says, “doctors responding to after-hours messages from their patients or other medical providers may want to use their cellphones to return the calls, but choose to transmit their office number rather than their cellphone number as the calling number.”
However, the report also cites the example of “swatting,” in which a spoofed line is used to report a bogus 911 emergency at a celebrity’s home, prompting a response by the police SWAT team.
Recent swatting victims in Southern California have included Justin Bieber, Miley Cyrus and Justin Timberlake.
Swatting is clearly illegal under federal law. Using a spoofed line to trick someone into picking up their phone, apparently, is not.
Stoecker, of Van Nuys, oversaw phone operations for Los Angeles Valley College before he retired last year. When he recently saw his own number come up on his caller ID box, he immediately knew what had happened.
“Somebody had spoofed my number and was using it to make telemarketing calls,” he said.
For three days, Stoecker said, he was flooded with calls from people telling him to knock it off. He contacted his phone company, AT&T, to ask for help. But a service rep said the company was powerless to do anything.
Stoecker called the FCC but was again informed that there was nothing anyone could do. Under the terms of the Truth in Caller ID Act, he was told, spoofing is illegal only when it’s done “with the intent to defraud, cause harm or wrongfully obtain anything of value.”
Stealing someone’s phone number, or misrepresenting yourself with a fake number, apparently is not seen as an act of fraud under the law.
The FCC advises consumers never to give out personal information to people who call their home. AT&T offered me the same advice.
For his part, Stoecker believes the law should be tightened to make all acts of spoofing illegal except for a narrow set of circumstances, such as those involving victims of domestic violence.
He also said phone companies should make clear to customers that caller ID is not a foolproof weapon against telemarketers and other unwanted phone visitors.
“I pay extra every month for caller ID,” Stoecker said. “But what’s it actually good for?”
Other than the fun of believing you’re being called by Justin Bieber? Not much.