Security hole / Uncategorized

Call ID Spoofing – Tricksters pretend to be police officers!

Call ID Spoofing – Tricksters pretend to be police officers!

Suddenly the 911 calls – the scam is called Call ID Spoofing. The ability to change the phone number makes it easier to convince people of a scenario. Particularly frequent to hear when the 110 calls. In Gelsenkirchen, some fellow citizens are affected by this.

It is a scam that often focuses on older people.

Tricksters look for names from the telephone book that sound like an older year of manufacture. The telephone number is supplied directly. A short search often reveals the address, if it is not already in the telephone book. Sufficient information to call the potential victim.

Often the seriousness of police officers is relied upon. When the fraudster calls, the phone number of the police, the 110, is shown on the display. Whoever answers the phone now will be told a story. The story is often used by the series of burglaries in the immediate area. Unfortunately, the wrong policeman cannot do anything about the potential danger – but what can be done: The potential damage can be reduced! The most important thing for the wrong policeman is therefore to know whether the victim has jewellery, cash or even both in large quantities in the house.

This information should not be communicated under any circumstances! It is the relevant information that the trickster needs to prepare his break-in. In some cases, the fake policeman will also announce the visit of a colleague who will secure the cash and jewellery so that it cannot be stolen. Victims do not realize until later that they have fallen victim to con artists. The number of undetected cases is probably quite high, as many are ashamed.

The police never call at 110. If everyone knew that, it would be much harder for criminals to make a profit with this scam. Also the fact that the police never ask for valuables in the apartment or house is an important insight to expose the con artists. Tips for behaviour in this case are:

  • Note the time of the caller
  • Write down the name of the alleged policeman
  • From which telephone number is the fraudster calling?
  • Report the incident

With the help of Call ID Spoofing, calls can also come from other people – not only from the police. The scam is not limited to calling 110 or 112, any other landline or mobile number can be used. The mobile phone rings, Mum is on the display. A Dr. Müller from the nearest hospital answers the phone and tells about a tragic accident? A scam that could be implemented with the help of the mum’s telephone number. The challenge for the attackers is to get the appropriate number.

Dubious apps should be granted access to the contact NOT for this reason alone! If you receive a strange call – from whatever number – you can do the crosscheck: Do not pick up the call and call back. Or interrupt the call and then call back. Then you will end up at the real number. If you receive a call from 110, it also means you should call the police. But calls from phone companies can also be faked to get important information.

Call ID Spoofing detection and prevention!

Since the Call ID Spoofing is increasingly used by cheats to trick people, we have been pushing the problem in our Live Hacking scenarios and have been sensitizing young and old since mid 2017. We show how the scam can be detected – even in everyday life – and which reaction is the right one. In the past, the scam has caused high cost traps. Especially dubious craftsmen resort to fake or unassigned phone numbers. Damage caused by false craftsmen can hardly be recovered in this way.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.