Fraudulent caller ID spoofing on the rise

In March 2014 a Windsor, Ont., car shop had its phone number hijacked by a telemarketer peddling duct cleaning services. The owner, Jim Gibbs, endured hundreds of calls from people furious at him for the harassment and lost business as a result of the ordeal. Speaking to the Windsor Star, he described the experience as “insanity.”

Just a few months earlier, BC Hydro was forced to send out a warning that fraudsters were calling customers and demanding credit card and bank information over the phone. The calls being received looked to be coming from legitimate BC Hydro numbers.

These types of fraud, made possible by a technology known as caller ID spoofing, are on the rise, according to the Canadian Anti-Fraud Centre. Caller ID spoofing is a practice used by some telemarketers and fraudsters to disguise calls so that they appear to be coming from a different phone number.

“Just to give you an example of the complaints recorded here, in 2013 we had 134 calls for the whole year and in 2015, as of June, we had over 472,” RCMP Cpl. Josée Rousseau with the anti-fraud centre tells Yahoo Canada News. “Of course not everyone [who gets these calls] reports them to us, I received some myself and didn’t bother reporting it.”

Last month, after issuing $6.2-million in fines and sending more than 190 warning letters, the Canadian Radio-television and Telecommunications Commission (CRTC) called for a public consultation on illegitimate spoofing calls.

According to the Canadian Anti-Fraud Centre, caller ID spoofing is increasingly being used to illegally circumvent the National Do Not Call List and dupe trusting Canadians into divulging personal information.

“There’s really no problem with a spoofed number. It’s what is behind that spoofed number that’s a problem. What I mean by that is if it involves fraud,” says Rousseau. While caller ID spoofing is illegal in the United States, there are no laws against it in Canada.

Spoofing works by allowing individuals to use software, an analog telephone adaptor or a smartphone app, to mask their real number and display a fake one. Spoofers are able to choose which number will show up on caller ID, often opting for a local number or the number of an established agency or company.

According to Rousseau, many of the scams feature a message, which tells the receiver that she or he has won a vacation or a cruise. These calls often appear to come from trusted companies like Air Canada, WestJet or Marriott hotels. Other scams involve calls appearing to come from the Canada Revenue Agency or utility companies, demanding payment for overdue accounts.

Cantech Letter online magazine founder Nick Waddell writes that call spoofing became popular in 2004 thanks to Star38.com. The website, which allowed users to spoof calls online, came down a year later but was quickly replaced by others. Today, an app search for “caller ID spoofing” brings up 7,560 results.

In response, the CRTC has asked the public to share their thoughts on solutions to help manage illegitimate spoofing calls, as well as what barriers they may encounter putting those solutions into practice.

The CRTC also asked the telecommunications industry to provide information on the features currently available to help Canadians manage illegitimate calls. Responses are expected to be compiled and published in a consumer-friendly volume.

Telus spokeswoman Jill Yetman told Yahoo Canada News that she didn’t have information specific to the company’s CRTC filing, but she did offer this suggestion for those who have received questionable calls.

“If you do receive a suspicious phone call, we recommend you simply hang up, or ask for the caller’s name and phone number — which you can then verify online against a trusted source. Then you can phone the organization back and rest assured you are speaking with a trusted representative. In fact, we recommend that Canadians never give out their personal information over the phone to an untrusted source, or visit a suspicious website when they are on the receiving end of a suspicious phone call, as this can lead to identity theft, credit card fraud or a virus on your computer.”

Bell spokeswoman Jacqueline Michelis confirmed that spoofing is an industry-wide concern.

“With the technology used by fraudsters making it very difficult to identify the source of a spoofing call, which could be anywhere in the world, the CRTC’s consultation and work with international agencies are important initiatives in which we look forward to participating.”

Since the launch of the National Do Not Call List seven years ago, the CRTC has received more than 900,000 complaints about fraudulent and unsolicited telemarketing calls. It is estimated that 40 per cent of those calls involved caller ID spoofing.