Protecting Customers from Scammers Using Call Spoofing
The hyper-connectivity of our era presents a paradox: We now have more ways than ever to communicate with each other, yet it has become increasingly challenging to know with whom we’re really communicating. Bad actors have exploited this dynamic for years.
For example, caller ID spoofing—the process of changing the caller ID to any number other than the actual calling number—has been on the rise. Americans lost over $29 billion from phone scams in 2020, more than double the amount lost over the previous year. Simple web-based call-spoofing services allow criminals to match the 1-800 numbers of legitimate companies and gain the trust of prospective victims. Savvy companies recognize that customers need help in protecting themselves from these attacks.
Call spoofing tactics increase in sophistication
Fraudsters have adeptly exploited the disruption and isolation caused by the COVID-19 pandemic. Fraud victims were over twice as likely to divulge their personal information to criminals in 2020 as compared to pre-pandemic times. Phone calls figured into 31 percent of consumer fraud reports to the Federal Trade Commission in 2020. The true number may be much higher. Only one-in-six victims of phone fraud filed complaints with the FTC in 2020.
Today’s scammers have also become adept at social engineering, applying a combination of urgency and fear to spur victims to cooperate. Whether it’s impersonating law enforcement or posing as health department officials, attackers understand how to take advantage of the immediacy of phone communications.
Caller ID spoofing also underpins schemes targeting financial institutions. Scammers attempt to extract information about recent transactions on a customer’s account—data that can make targeted phone scams even more effective. Nearly 60 percent of call center leaders reported an increase in the use of call spoofing to impersonate customers in 2020.
Protect customers now and over time
In response to the robocalling epidemic, the Federal Communications Commission mandated the STIR/SHAKEN call identification framework to protect consumers from both illegal robocalls and from fraudsters abusing caller ID spoofing. STIR/SHAKEN enables phone companies to verify that the caller ID information transmitted with a call matches the caller’s real phone number, a signal of potential spam or spoof threats. Consumers will have more reason to trust phone calls again thanks to how STIR/SHAKEN distinguishes legitimate calls from questionable ones.
However, the best fraud prevention strategy takes a multi-layered approach, giving equal weight to both the latest technologies and resilient workflows. Companies can do the following to best protect their customers from scammers attempting to leverage caller ID spoofing:
- Educate consumers and workers: Humans will always be susceptible to social engineering. No technology can prevent individuals from sharing private credentials with someone whom they trust. Customers need regular reminders about basic security principles, as do customer-facing workers—especially in contact centers—who are ultimately responsible for authenticating inbound callers.
- Monitor behavior for anomalies: Phone-based scams culminate with the victim transmitting funds or sharing personally identifying information. To distinguish normal interactions from anomalous activities that could indicate potential fraud threats, institutions need to establish a behavioral baseline of their customers. Integrating behavioral analytics into the authentication process can later help flag signals within a device or network that indicate risk.
- Increase trust in the phone channel: Restoring trust to caller ID will help consumers to determine the legitimacy of callers with confidence. However, businesses can further enhance the call experience for customers by registering outbound numbers as legitimate non-spam and displaying their logo alongside a reason for the call.
Combined, these efforts give consumers more reasons to trust the calls they receive, including calls from unrecognized numbers. Increased trust improves customer experience, raises customer lifetime value, and optimizes contact center operations. The agile enterprise that proactively protects customers from call spoofing and other brand-damaging threats over the phone channel will be most likely to thrive in the omnichannel future.
 First Orion, Infographic: 2020 Scam Call Report
 Aite, U.S. Identity Theft: The Stark Reality
 Krebs on Security, Would You Have Fallen for This Phone Scam?