Blog

Caller ID Spoofing, Voice Fraud, and How To Put a Stop To It

61% of the world’s population has received scam calls in the last 12 months, according to GASA. Telecoms fraud, and in particular caller ID spoofing, is a rapidly rising problem for both mobile users and telecommunications companies alike. Many of these attempts to defraud are uncannily convincing and vast numbers of people, especially more vulnerable members of society, fall prey to the tactics: last year mobile users worldwide lost an eye-opening $58 billion to scam calls (Juniper Research). It’s costing operators dearly too. 2023 saw a 12% increase in fraud loss reported, equating to an estimated $38.95 billion lost in 2023 and representing 2.5% of telecommunications revenues according to the Communications Fraud Control Association.

Until very recently, one of the dead giveaways for these scam calls was that they came from an unknown number – often from an international number that is immediately suspicious and gives people cause to hesitate before they answer, if they answer at all. However, that is now changing as caller ID spoofing becomes more common.  When it comes to caller line identification (CLI), there are two numbers at play – the network number, and the “presentation” number. The latter is what recipients see when their phone rings, whereas the former is what it shared with providers to identify where the call came from.

In the vast majority of cases, these two numbers are the same. However, there are some legitimate reasons they might be different, such as a call center making calls on behalf of a business they represent or distributed public bodies that want to display one common phone number.

Caller ID spoofing is when phone fraudsters exploit this system to disguise their identity and “present” as a legitimate business or contact with which their victims already have a relationship. When a phone number looks legitimate, they are, of course, more likely to answer the call.

The Vulnerability of Voice Services

It wasn’t too long ago that most financial transactions were based on in-person relationships; opening a bank account, buying a new house or car, applying for a business loan, choosing stocks and shares. These decisions and many more were based on trusted relationships that were developed in person. Digital transformation has altered these processes almost beyond recognition. However, even though we can access many services with just a few clicks, voice is still a key go-to service for choosing service providers, resolving customer service issues, checking information, and verifying the legitimacy of businesses.

This, of course, varies through generations. According to eMarketer, 53% of consumers aged 18-44 prefer digital to phone when interacting with a business, whereas only 35% of consumers aged 45-75 prefer it. In both cases voice calls still play a signicant role, but older generations tend to depend on it even more, and as such have become more heavily targeted by fraudsters.

This sheer dependability of voice services makes them vulnerable, a fact that fraudsters have been quick to exploit. Caller ID spoofing doesn’t just result in financial losses, it erodes mobile users’ trust in brands, digital communications and society as a whole.

 

 

The Response From Regulators

Fortunately, action can be taken to mitigate the risks around scam calls. As well as advice for consumers and businesses on how to spot and report scam calls, regulators worldwide are considering other ways to reduce this type of fraud. In the UK, all calls offering financial products are banned, which means that if consumers are targeted in this way they can confidently assume it’s a scam. One common tactic is that fraudsters actually pretend to be calling to prevent fraud, pursuading the victim that they must log-in or identify themselves in order to secure their account or prevent fraud from taking place. These types of calls are much harder to prevent.

In Singapore, regulators have proposed a shared responsibility framework for scam emails and calls in which operators will be held accountable and liable to fines. Similarly, regulators in Europe are in discussions with operators to minimize scam calls by improving the way operators identify and handle spoofed numbers, modelled on the approach taken by the Finnish regulator, Traficom, which provides clear technical guidance to operators on how to prevent voice spoofing.

Technical Approaches to Protect Voice Calls

Finland has led the way in demonstrating how spoofed calls can be stopped in their tracks by following a zero-trust model. Each incoming call on the network is treated with the same suspicion which is best summarized as “never trust, always verify”. This approach is rapidly gaining favor and has significant advantages over the trust-based approach known as the STIR/SHAKEN framework.

While STIR/SHAKEN is mandated by the FCC in the US and by the CRTC in Canada for VoIP (internet-based calls), it is seen as a relatively expensive framework to implement and much of the world has opposed to adopt it. Ofcom, the UK communications regulator, has dismissed STIR/SHAKEN altogether in favour of a “zero trust” model, as has much of the EU, which allows operators to implement their checks regardless of the source of the call.

How Zero Trust Signaling Reduces the Threat to Voice Services

Many operators are now embracing the zero-trust approach to mitigate caller ID spoofing as well as other threats to voice services, such as Wangiri calls, flash calls and SIM box fraud. Integrating a zero-trust platform, such as Enea’s voice firewall, within the core network enables operators to verify the authenticity of calls in real-time. It’s a cloud-native system robust enough to authenticate every call while being flexible enough to be able to be customized with additional security features, future enhancements and comply with the evolving regulatory landscape.

 

 

 

What’s Next For Voice Services

MNOs face a growing threat from cybercriminals abusing the oldest and most trusted communications protocol – voice. Many of the top fraud methods are now voice-related and almost all involve caller ID spoofing. Consumers, businesses and operators are suffering losses from this type of fraud running to billions each year, but recent innovations in cloud-based signaling security with a zero-trust model of cybersecurity have helped pioneering operators significantly improve voice security, protect revenues and strengthen their brand.

Nevertheless, operators should remain on high alert. While regulations guiding operators on how to protect against spoofing are coming, meeting these regulatory requirements with a “tick-box” solution is doomed to fail as fraudsters are quick to find their ways around inadequate protection. Instead, a solution that adapts quickly to new and evolving threats as they surface is needed to keep subscribers safe.

To learn more about combating voice service threats and Enea’s Signaling and Voice Firewall, get in touch here.

Related insights

Forbes logo

Enea’s Research on The Mobile Network Battlefield Featured in Forbes Magazine

Read more

Tags: Mobile Security

Mobile phones being used by both sides to identify targets in Ukraine war

Read more

Tags: Mobile Security

National telecom regulator reveals new telemarketing registry and alert service

Read more

Tags: MNO, Voice Security

webinar

Rising Above the Noise – Managing Risk in a Barrage of Voice Fraud

Read more

Tags: Voice Security

Control Plane Threats in Mobile Networks

Read more

Tags: Cybersecurity, Mobile Network Threat, Mobile Security, Mobile Surveillance