Fake Caller-ID is a longtime favorite technique used by marketing companies. This technique involves using automatic dialers, also known and robocalls, to target and call consumers.
It’s pretty common knowledge that this type of marketing isn’t very effective and is, in fact, quite annoying from the consumer’s perspective. That changes when the FCC decided in March of 2020 to regulate how marketers use caller-ID. Specifically, the regulation states that voice providers must implement a caller-ID authentication base on the STIR/SHAKEN protocol.
But what exactly is this protocol? Is caller-ID spoofing always such a bad thing? Let’s break these questions down and more.
When Caller-ID Spoofing Becomes Problematic
There are indeed scenarios in which caller-ID spoofing can be useful. (More on that later.)
However, marketers and scammers alike often abuse this practice. That’s why the FCC has, finally, decided to implement caller-ID authentication to combat illegal caller-ID spoofing. This system is very important when it comes to protecting people from scam robocalls. Just as well, consumers can identify the source of such robocalls with caller-ID authentication and reduce the frequency in which they receive them.
Overall, this policy will help consumers have better control over who is able to call them.
What is STIR/SHAKEN?
The STIR/SHAKEN protocol is another term for caller-ID authentication. This framework involves both the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.
When a call comes in through interconnected networks, the STIR/SHAKEN protocol marks their caller-ID as legitimate and valid by carriers before it can reach the consumer. Essentially, the protocol digitally validates the passing of phone calls through the detailed web of networks, which allows phone companies of consumers to verify that the call is actually from the number displayed on the caller-ID.
To put it simply, STIR/SHAKEN’s framework makes it easier to identify malicious, fraudulent, and illegal spoofing practices.
Is Caller-ID Spoofing Illegal?
While the FCC has been cracking down on caller-ID spoofing in the past few years, it is a partially legal practice, even though it is mostly frowned upon by consumers.
There is a big difference between legal and illegal caller-ID spoofing. Illegal spoofing involves spoofing with the intention of committing fraud or cause harm to the call receiver. This is fairly vague, but it generally places all scammers and call-spammers ingo the “illegal” spoofers category. Telemarketing numbers that are spoofed are against the law if their numbers don’t represent the company they claim to promote.
A few examples of illegal spoofing include:
- Using spoofed numbers to obtain sensitive information, such as social security numbers or credit card information.
- Fake tech support platforms that impersonate real tech businesses.
- Individuals impersonating the IRS.
- Healthcare scams that solicit money.
Legal spoofing, on the other hand, is a bit different. Legal spoofing can technically be defined as any spoofing activity that is down within FCC regulations. These rules are subject to regular changes, but for the most part, it’s very easy to identify spoofed calls that are legal. That’s because legally spoofed callers will clearly state where they are from and what their intentions are at the beginning of the call. Legal spoofing is basically any instance of caller-ID spoofing that doesn’t cause harm in some way to the call receiver.
A few examples of legal spoofing include:
- Healthcare professionals who spoof their number as their office or hospital number to avoid giving out their personal number.
- Companies that use toll-free numbers.
- Telemarketers that spoof their numbers but have the same number available for calling back.
- Businesses that outsource their customer or tech support to a third-party company, but wish to keep their phone number the same.
Caller-ID Spoofing Can Be a Legitimate Practice
Surprisingly, caller-ID spoofing may sometimes be a legitimate practice, not just a legal one. It can be quite useful for businesses who want to outsource their cold calling or tech support practices.
For example, let’s say a business wishes to outsource its technical support or other business functions to an outside company. That third-party company does not own the initial business’s phone number but wishes to have all outbound calls appear as if they are coming from the client business. In this case, caller-ID spoofing can provide a better customer experience and still remain legitimate.
What do you think about caller-ID spoofing? Tell us what you think in the comments below.