Talk:Caller ID spoofing
|This article is of interest to the following WikiProjects:|
This is not a hoax, see, for example: http://www.theregister.co.uk/2004/10/28/caller_id_website/, or just Google it. -- X15 10:27, 19 February 2006 (UTC)
Reads like an ad... -- Taral 21:17, 17 April 2006 (UTC)
Added section on spoof program.
I don't think this article reads quite like an ad, but it does fail to explain (rather than just name) the techniques of Caller ID spoofing. I have provided an example with the sentence (now paragraph) summarizing Orange Boxing. We don't need to write a whole section on each one, but we do need to briefly summarize, for example, how VoIP or PRI ISDN are used to spoof CID, rather than simply saying that they are. I would be particularly pleased to see a brief explanation of how access to an SS7 trunk would be gained for the purpose of spoofing a call.
More article links would be nice too. I added a bunch tonight but the article still needs more. A casual user reading this article may not be familiar with the technical terms, and we should be making it easier for him to learn them.
Dethme0w 07:19, 9 February 2007 (UTC)
I have been robbed of my wallet at gunpoint. It appears to me that the perps are now trying to get into my house to get account numbers. I am getting calls from numbers that a reverse lookup says aren't in use. They appear to be trying to determine when I am not home.
My question for the experts: Can the phone company (Qwest) or a VoIP company (Lingo) determine where these calls are really coming from? Would the police be able to extract that information? If the answer is "yes," I will pursue it with the police, and see if I can break up a large burglary ring. (Eight houses have been hit in a nearby neighborhood of 50 houses.) --Docduke 16:45, 24 March 2007 (UTC)
Valid reason #1 is already taken care of by the phone companies themselves. It's called Number Replacement. A company might have a block of 100 or 800 numbers for their DID (Direct In Dialing) system, but they don't want every employee's private extension showing on Call Display when they call out to a customer, so they ask the phone company to substitute a specific number in place of one or more private extensions. It could even be the main switchboard number, or the company's toll free number.
What I don't understand is how these spoofing companies bypass the phone companies' own SS7 system that processes call display information. This information is supposed to originate from the exchange where the call originates, and if that exchange doesn't have an SS7 connection (as in the case of rural areas particularly in northern Canada), then "out of area" or "unknown" is shown on recipients' display units. The spoofers might be generating their calls through the spoofer's own PSTN service, but then, it should be whatever number the phone company programmed when they hooked up the spoofer's lines. Customers shouldn't be able to override the information generated by the exchange when it identifies the line that is originating a call. If the call is being made over an internet service like Skype, it still has to connect to the PSTN of area codes and 7-digit phone numbers by means of some kind of connection to a phone line which should have a number associated with it.
It seems to me that there are shady CLECs (competitive local exchange carriers) that don't care and are somehow facilitating the spoofers with access to manipulate the number that the CLEC sends over its connection to other LECs. This CLEC then would be breaking the law adopted by Congress and badly needed by other countries, and this CLEC should be shut down for this kind of deception. A self-respecting LEC would not allow customers access to the number display generating mechanism, other than to suppress the appearance of the number (Call Display Block). GBC (talk) 03:33, 10 October 2012 (UTC)
- There is no such thing as a self-respecting LEC. Bell Canada holds the record for largest fine for do-not-call violations in that country, and it's the largest ILEC in the region.
- The "spoofing companies", while an annoyance, are unnecessary as it's too easy to use voice over IP gateways to send spoofed calls. That's generating huge do-not-call violation problems as every telemarketer in India can call into other countries and pretend to be a domestic caller, while ignoring the targetted country's laws with seeming impunity.
- Anyone with a digital primary rate interface line, such as those used to connect business private branch exchanges, can spoof calls directly. This appears to be the usual means by which the voice-over-IP gateways obtain PSTN access. K7L (talk) 13:43, 25 June 2013 (UTC)
The whole 'valid reasons' section needs to be removed. It's not appropriate for an encyclopedia article, it cites no sources, and it's nonsense. — Preceding unsigned comment added by 220.127.116.11 (talk) 03:07, 9 August 2014 (UTC)
Agreed. Here is the list in case anyone cares to work with it in future. It is not for us to compile "valid" reasons for its use.
Some parties have maintained that there are sometimes legitimate reasons for modifying the caller ID sent with a call, but there is little consensus about many of these. Some of the arguments offered in favor of the practice follow below.
- Calls from a large company, especially with multiple branches, where sending the main number makes sense. For example, a hospital might have the primary number 555-1000, with perhaps 250 lines inside the main building, and another 100 at the clinic five miles away. While some of the phones will have "555-10XX" numbers, many won't have any identifiable line. Having all calls "come from" 555-1000 lets the recipients know it's a hospital call.
- A company with a toll-free telephone number may prefer the caller ID to display this number.
- A call center making calls on behalf of many clients may prefer the caller ID to display a different number for each client's calls.
- Commercial answering-service bureaux which forward calls back out to a subscriber's cell phone, when both parties would prefer the caller ID to display the original caller's information.
- Most calling-card companies display the caller ID of the calling-card user to the called party.
- Business owners have been known to use caller ID spoofing to display their business number on the caller ID display when calling from outside the office (for example, on a mobile phone).
- Phone mystery shopping is a legitimate use of caller ID spoofing. It allows mystery shoppers to appear as if they are calling from a specific geographic region or from a known customer's number (so as to avoid their being revealed as a mystery shopper).
- Google Voice displays its users' Google Voice number when they place calls through the service using their landline or cell phone.
- Gizmo5 (now defunct) sent the user's Gizmo5 SIP number as outbound caller ID on all calls. Because Gizmo5 IDs were in the format 747NXXXXXX, it was possible to confuse calls made from Gizmo5 with calls made from area code 747.
- Wirelessly calling 911 involves, in one worst-case scenario, the immediate muster of available, expensive, universal translation and relay resources to determine from the caller's spoken language, not known to the responding dispatcher, the address of the emergency. Caller ID spoofing the street address of a 911 call known to local GPS, by GPS to street address decoding software, running on the same IP connection as a wireless VoIP 911 call, could save these resources and improve service by delivering GPS-accurate location data to the dispatched responders at the time it is needed. (Only about ten hexadecimal digits are needed.)