Caller ID spoofing (this is an old social engineering trick actually) is where a hacker causes a recipient’s phone to display a Caller ID number that appears to originate from a legitimate business or individual from your contact list. Fraudsters are always looking for new opportunities and with the rise of mobile use, they now have an added attack platform.
Phone-calling (and most prominent right now and into the future will be mobile) mobile social engineering scams* are an easy way to extract customer and financial details to commit account takeover. Why would you doubt a number possibly stored in your contact book?
A recent study highlighted more than 1 million fraudulent calls were received in the US in the second half of 2011. Quite amazing that these stats were recorded, so what about those that were not recorded? Have any of you been victims of Caller ID spoofing?
*Microsoft Windows users will know about this as Windows users are frequently targeted via phone and then asked to allow remote access software access to fix a virus issue, which isn’t there. Instead of fixing a problem, they drop a malicious payload onto your Windows system.
Spoofing is an art. Not everyone has this skill. Frank Abagnale and Michael Sabo were two of the most prominent well known spoofers/impersonators since the end of WWII. I actually know Michael. Frank also had a film produced about his life called ‘Catch Me If You Can’ (although Steven Spielberg wanted the film to be about Michael). If you wanted to learn how easy it is to spoof, then Frank and Michael would be the best known tutors!
Spoofing hasn’t changed much since Frank and Michael started out, however cyber criminals realise that not everyone is fooled online, so the good old telephone call can still be quite persuasive. I’ve heard on many occasions where people have divulged their data of birth, bank password and passcode as well maiden names, account transactions and more. Caller ID spoofing isn’t going away, so be extra vigilant when taking calls from in particular your financial institutions.
Safe surfing folks!