Caller ID should not be trusted because phone numbers are too easy for criminals to fake, Ofcom warns
- Ofcom says caller ID is easy for fraudsters to manipulate to their advantage and so it cannot be trusted as a sole means to detect when you are being scammed
- Criminals are able to change phone number that appears on their target’s caller ID to that of a legitimate organisation such as the bank, HMRC or even the police
- Technique is known as number spoofing and is used to gain their target’s trust
Caller ID is no longer a safe way to protect yourself from fraudsters, the telecoms watchdog has warned.
Ofcom has said the technology is easy for criminals to exploit and can not be solely relied upon to detect scams.
In a method known as ‘number spoofing’, fraudsters can deliberately change their caller ID to disguise who they are or even pose as legitimate organisations.
This means that when they call their target, the number that comes up on their target’s phone makes it look like they are being called by their bank, for example.
Huw Saunders, a director at Ofcom, told BBC Radio 4’s Money Box programme that the problem is global in scale and that the UK is lagging behind when it comes to tackling the problem.
Ofcom has warned caller ID can no longer be trusted as the sole method of detecting when you are being targeted by scammers over the phone as it is too easy for criminals to manipulate
He said: ‘It’s going to take a few years. If you look at a comparable situation in France, for example, they now have a timetable for the implementation of a particular technical solution and that is over a three-year period.’
In the UK, the phone network is being switched over to a new system with the aim to complete this by 2025.
When the new system, known as Voice over Internet Protocol, is in place the industry will be able to stop number spoofing.
There has been an increase in cases of number spoofing in the last year and criminals have been able to steal thousands of pounds from unsuspecting victims who have been reassured by caller ID verification.
A recent report from UK finance revealed that £479 million was stolen from 150,000 people in the UK largely through the use of number spoofing scams.
In one example shared on the BBC, Ope Oladejo, a 21-year-old law student, was scammed out of nearly £2,000 by fraudsters using a number spoofing scam.
A recent report revealed £479 million was stolen from 150,000 people in UK largely through the use of number spoofing scams and that number spoofing scams had almost doubled
While posing as her bank, they directed Ope to check the number to reassure her the call was genuine.
By doing this, Ope was convinced she was speaking to her bank and they then tricked her into handing over sensitive personal information which was used to steal money from her account. The money was fortunately refunded by her bank.
UK Finance, the banking industry body, has said it is working with Ofcom to crack down on number spoofing scams.
This includes the launch of Ofcom’s ‘do not originate’ list which was set up to compile numbers which will never be used to make outgoing calls.
The list protects numbers from some of the most spoofed organisations, such as HMRC and banks.
It applies to numbers that no outbound calls are ever made from, information which is then picked up by the phone network who identify the call as one which should be blocked.
Ofcom has said this work has led to significant successes in preventing criminals from spoofing the phone numbers of trusted organisations.
For example, when HMRC added numbers to this list they reported reducing ‘to zero the number of phone scams spoofing genuine inbound HMRC numbers’.