Spoofing and fake calls: What is it and how do I defend myself against it?
More and more users are complaining about spoofing, i.e. fake calls: What this is, how you can defend yourself against it and what the providers are doing, you can read ithere.
Telephone spoofing, also called caller ID spoofing, is a relatively new phenomenon and only emerged with the spread of internet telephony. During telephone calls, a computer interposes itself and uses an algorithm to select random numbers that appear on the called party’s phone. The problem: it is not uncommon for the telephone numbers to be used by real people for spoofing purposes, who in turn are confronted with a large number of callbacks.
Spoofing is not only limited to the phone
In general, spoofing refers to a technique in which someone deliberately uses false identities to impersonate someone else. In addition to telephone spoofing, there are the following types of spoofing:
E-mail and website spoofing
Here, criminals manipulate the sender address to make it look as if it comes from a trustworthy source. Spoofing occurs particularly frequently in connection with phishing. The purpose of email spoofing is to obtain account data, for example for banking. Or inconspicuous files are sent along that infect the computer or the network when opened. You can protect yourself by not clicking on foreign links, always paying attention to the URL bar, not opening files from unknown senders and protecting your accounts with two-factor authentication.
IP spoofing
In IP spoofing, attackers forge the IP address in an IP packet and thus gain access to a network. The target of the criminals here are companies and authorities, less private individuals.
GPS spoofing
GPS spoofing became popular especially with the mobile game Pokémon Go. Here, the GPS data is faked, so the user appears in a different place than he actually is. In this way, criminals can pretend to be near you, although they are actually on the other side of the world.
DNS spoofing
Here, criminals manipulate the DNS and redirect unsuspecting people to a fake website that can look remarkably similar to the original.
Bluetooth spoofing
With Bluetooth spoofing, a Bluetooth device is faked in order to establish a connection with another device. Instead of your headphones, for example, you connect to another device that has the same name. In the worst case, malicious code is injected into your device or data is stolen.
In the following, we focus on phone spoofing.
How common is phone spoofing?
The danger of becoming a victim of telephone spoofing is relatively low, there are too many telephone numbers for that. Nevertheless, spoofing can lead to high financial and thus also psychological damage if callers fall for this scam. In the summer of 2023, however, more and more Sunrise customers reported telephone spoofing incidents (alao reported on this at the beginning of August 2023). In February 2021, Swiss radio reported on a victim whose number was hijacked by dubious call centres. At times, he received over 100 callbacks per day. Those called wanted to know where he got their numbers.
Since the cantons do not record telephone fraud separately, a concrete statement about the frequency of spoofing incidents is unfortunately not possible. Experts assume that the number of unreported cases is high because many victims do not even report to the police.
Spoofing has become relatively easy. While expensive and complicated devices were necessary in the past, phone numbers can now be faked with open-source software. Some messengers and apps offer the possibility of personalising the call screen and thus appearing to the caller as a different person. For criminals, however, this means a little more effort.
Examples of spoofing
In the past, certain behaviours have emerged that criminals use over and over again. Here are a few of the most common.
- Police trick: With this trick, criminals pretend to be a police officer, lawyer or public prosecutor and claim to have seized money. The perfidious thing is that the person called has already lost money to the criminals. The victim is now supposed to transfer a one-time sum to an account to cushion any fluctuations in the exchange rate. The perpetrator even offers to access the victim’s computer online and help with the transfer.
- Microsoft trick: This trick does not only affect the tech giant Microsoft, but all the better-known companies. However, Microsoft is most often affected. The trick goes like this: The criminals pretend to be customer service employees and point out alleged error messages that supposedly come from the called person’s computer. One should download software, visit infected websites or allow access to the computer.
- Grandchild trick: Probably the best-known scam is the grandchild trick. Here, the perpetrators mainly call people with older names, as used in the 50s and 60s. The perpetrators pretend to be grandchildren and feign an emergency that can only be averted by paying a large sum.
What are the providers doing against spoofing?
As with many criminal activities, spoofing is a cat and mouse game. Since the calls are restricted to one network, the providers can only act for their network. So, Swisscom cannot take action against spoofing calls on the Sunrise network and vice versa. Since the numbers also belong to legitimate subscribers, they cannot simply be blocked. The providers are therefore dependent on tips from the population.
What is the legislator doing against spoofing?
There is no specific law against spoofing. Although anonymous advertising calls have been illegal in Switzerland since 2021, this does not prevent criminals from calling fake numbers. The perpetrators are often based abroad and are therefore difficult for the Swiss police to catch. Moreover, Swiss laws do not apply abroad. What is illegal in Switzerland may be legal abroad.
What can you do against spoofing?
If you get a call from a strange number
There is little you can do about spoofing. One possibility is not to accept calls from unknown numbers. If the same unknown number calls you, you can block the number in the settings. If you are someone who accepts unknown numbers, you should always ask how the caller got your number.
As a general rule, do not make any subscriptions or commitments over the phone and never give out private information such as passwords. Always insist on written confirmation.
It is also advisable to train and educate especially older relatives and acquaintances about spoofing so that they do not give their savings to fraudsters. Police officers, banks and insurance companies will never call, but always choose the written channel. As a rule, these institutions also have easy-to-remember number blocks.
Enter the phone number in the search engine of your choice and see who the phone number belongs to (reverse search).
If you or a family member has been a victim of spoofing, be sure to go to the police and file a report against unknown persons. You should also contact your provider so that they can take appropriate action.
If your number is used for spoofing purposes
It gets even worse when criminals use your number for spoofing purposes. You won’t be able to do much about the callbacks from those affected. Muting your mobile phone is the most harmless option.
If your mobile phone number is public, for example because you are self-employed and the number is published on your website, it may be worthwhile to include a reference to it.
If the calls do not stop at all, in the worst case a new number is needed. With alao you can change your mobile phone provider and keep your number! As a rule, however, the calls will die down on their own after a while.
Here, too, it is important to inform the provider and file a complaint against unknown persons with the police. Even if the chances of success are rather low, every tip helps the network operator and the police!
Conclusion: Providers, tech companies and legislators must pull together on spoofing
The following example shows how measures against spoofing can look: In the UK, direct marketing companies are not allowed to call you anonymously, but must always disclose their number. If the company does not do this, it can be fined up to £2 million. These country-specific laws in turn have to be incorporated by the operating system manufacturers in iOS, Android and co.
The providers, in turn, must ensure that the correct number is also transmitted, for example, by better securing their networks. However, internet telephony patches of the providers against spoofing must be compatible with other networks – also international networks – and must be tested extensively beforehand, which makes measures against spoofing more difficult.
As you can see, spoofing is not so easy to stop. There is no single effective “magic pill”, only many small cogs. The biggest cog is you: If you follow our tips, you’ll be on the safe side.
We not only want you to be safe on the move with your mobile phone, we also want to guarantee that you use your perfect phone plan.
alao is your happy place for mobile phone subscriptions. We show you the most popular providers at a glance – and all cell phone plans guaranteed at the best price on the market. Find the cheapest mobile plan on our comparison page and sign up online in less than 5 minutes. We activate your plan with your new provider, cancel your old contract and take your old phone number with you – all automatically and free of charge.
Our support team looks after you 7 days a week via live chat, email and phone. In an average of 28 seconds, you speak directly with us and no computer. We have direct contacts at the providers to solve any problems as quickly as possible. You can also contact us for independent phone plan advice at any time! This article was published on 28 August 2023 and updated on 25 November 2024.