News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Douglas Schweitzer's picture
Douglas Schweitzer

The Security Sector

More posts | Read bio

May 20, 2009 - 6:41 P.M.

Caller (fake) ID

8 comments

Last week I learned about a scam I didn’t know about before. In an a Newsday article, "Authorities: Scam steals ID, then cards" by Rocco Parascandola, I read that apparently, thieves are now able to cloak their phone numbers when they initiate phone calls just by using a spoof card. When the person receiving the telephone call checks his Caller ID, he’ll see not the true originating number, but a spoofed one. With a spoof card (available on the Internet) thieves can display any phone number they want.

Here’s where the thieves have become really crafty. They’ve used the cards to make phone calls to credit card companies to activate credit cards. When we’re issued new cards via the mail, consumers are instructed to telephone our credit card issuers from our home telephones – ostensibly so that they can “verify” that we are who we say we are. There goes that theory.

Thieves have already been quite successful with this fraud, getting credit cards activated and in some cases even making small payments on card balances so that they can increases in credit limits of the card.

From what I’ve heard, the cards are not illegal (yet). I’m assuming and hoping they will be soon. Or else, we’ll just have to go back to the days before Caller ID. I hope that doesn’t mean we have to start dealing with all sorts of juvenile prank calls – or worse. What a waste of what most of us consider a convenient, useful innovation.

What People Are Saying

Add new comment

The "OR WORSE" has already

Submitted by Anonymous on May 23, 2009 - 2:55 P.M.

The "OR WORSE" has already happened you are VERY late on picking up on spoofing Caller ID. People are using these cards to place fake emergency calls to the police spoofing the number of their victim and making false reports of hostage situtations, drug deals gone bad, etc.. to elicit SWAT team responses on to unsuspecting victims houses. Since the calls come in from the targets phone number, dispatches tend to believe it is a very real call and not a hoax and dispatch SWAT with guns drawn on an unsuspecting innocent victim's house.

Reply | Report this comment

Not a new idea

Submitted by Anonymous on May 22, 2009 - 12:51 P.M.

I set up one of these years ago for a Fortune 500 company. They used it in their collections department so that instead of displaying the company name or "Collections Department" it read something like, "Prize Award Notification" or "Lottery Central."

People would answer those calls right away and then the company would notify them that their bill hadn't been paid and ask when could they expect a check?

I considered it unethical at the time but hey, a paycheck's a paycheck and I needed the money. I don't know if they're still using it but it wouldn't surprise me.

Reply | Report this comment

caller id fail

Submitted by Anonymous on May 22, 2009 - 12:46 P.M.

This is probably one of the fastest growing, most lucrative crimes in years--because attackers target grandma and grandpas, who have never used a computer or seen spam, and who think caller id still works. They fall for it every time--they believe it IS their credit card company calling on the kitchen phone.

spoofcard is the least part of this. Open source asterix and a hungry voip access provider is all criminals needed; they now reach millions of landline phones w their autodialers ...

On top of it, grandma pays $6-$8/month for caller id service that (unbeknownst to her) no longer is secure.

Reply | Report this comment

spoofed caller id

Submitted by Anonymous on May 21, 2009 - 11:27 A.M.

Has been illegal when telemarketing for years. However, if I don't know who is actually calling me, what do I tell my Atty. Gen.? When you try to get a real company name and address out of these folks, they hang up.

Reply | Report this comment

Cards should require activation in person

Submitted by Walking Bass on May 21, 2009 - 11:07 A.M.

I would think that the banking community could put together a process whereby you activate a new credit card by taking it to a local bank. At the bank they take a digital photo of the person activating the card and a photocopy of a driver's license or other official id, and that gets sent via encrypted electronic transmission to the card issuer.

A very minor inconvenience for the person obtaining the new card.

Not particularly expensive for the necessary equipment at each bank branch office.

Downright scary for the scammer who really doesn't want photographic evidence attached to the fraud.

As long as the credit card companies are willing to extend credit to people they've never actually met, they will continue to be scammed.

Reply | Report this comment

it's not the credit card

Submitted by Anonymous on May 22, 2009 - 2:53 A.M.

it's not the credit card companies that get scammed!, it's the innocent consumer that then has to deal with credit fraud and cleaning up their credit report

Reply | Report this comment

A reasonable idea ... IF

Submitted by Dave on May 21, 2009 - 2:21 P.M.

A reasonable idea ... IF they banks are required to provide the services for free to everyone, regardless of whether or not they are a customer of that bank. I live in Illinois but my bank is in Texas (it caters to members of the military, who of course change residences frequently), so I don't have a local branch I can go to. I'm afraid the card issuers would see this as another way to nickel and dime their users.

Reply | Report this comment

It's a small price to pay

Submitted by Lawrence on May 22, 2009 - 12:49 P.M.

Even if there were a small fee, it's a small price to pay for ending this kind of CC fraud - and the government could mandate that all banking institutions provide the service for no charge.

I have been advocating this concept for years - I would require a digital photo and a thumbprint as well as other ID.

Reply | Report this comment

Related Posts

No surprise that the scope of Internet fraud endures
Spam culture, part 3: Nigeria (and 419 scams)
Latest threat vector: Our mobile devices
Ralsky spam gang guilty: 24 years jail, $2,135,000 fine

Today's Top Stories

Google's Chrome OS hits BitTorrent
Free Web apps to help organize your holidays
New attack fells Internet Explorer
Global warming research exposed after hack
iPhone owners demand to see Apple source code
Some Nook e-readers won't make it for the holidays
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.