What are the various efforts being taken to mitigate caller ID spoofing? Premium
The Hindu
Learn about the dangers of caller ID spoofing, the impact on stakeholders, and efforts to combat this issue globally
Several friends and family members of mine received a call from a North American (+1) phone number which played a pre-recorded message informing them of a supposed court summons. I happened to receive a call from a +1 number too. I had also missed a domestic call shortly before the international one. While these automated calls are part of a well-known scam, looking at the phone numbers, I noticed that the Indian and North American phone numbers were identical to each other, save for their country codes. The Indian number was +91 98199 69857, and the American number was +1 (981) 996-9857.
Caller ID spoofing is a technique with which the phone number that a call appears to originate from can be falsified. On a technical level, caller ID spoofing is not difficult to perform. Spoofing techniques have been honed by enthusiasts, telemarketers, and fraudsters alike, over the years. Malicious individuals use caller ID spoofing primarily to shield their identity when engaging in illicit activity. At times, caller ID spoofing is used by these individuals to carry out social engineering attacks, where the spoofed caller ID is abused for the implicit trust that the receiving party associates with it. Caller ID spoofing can also be used to circumvent standard call blocking systems, and even for exploiting vulnerabilities in insecure Interactive Voice Response (IVR) systems.
Caller ID spoofing in itself is perfectly legal in many jurisdictions, and as a result of this several companies offering caller ID spoofing services to customers around the world have popped up over the years, with the first commercial caller ID spoofing service launching in 2004.
Caller ID spoofing is a costly affair for everyone involved. Telecommunication service providers lose revenue, users that are defrauded due to a scam call abusing a spoofed caller ID lose money, and law enforcement has a harder time investigating crimes where spoofed caller IDs are used. Caller ID spoofing is not a new phenomenon, and there have been several earnest technical efforts made for fixing the problem.
The International Telecommunications Union (ITU) is a special UN agency focused on improving and standardising global information and communication technologies. The ITU was originally established as the International Telegraph Union in 1865, much before the UN existed, and of which India has been a member since 1869 onward. In 2021, the ITU published a technical report on countering caller ID spoofing. While this report does not have any mandatory provisions, it does provide a reference using Public Key Infrastructure (PKI) based authentication which could be implemented by Indian telecom operators to fix caller ID spoofing for good.
The Telecom Regulatory Authority of India (TRAI) had earlier recommended to telecom operators to integrate a system known as Calling Name Presentation (CNAP), with the idea of allowing consumers to know who is calling them in a way similar to how applications such as TrueCaller do it, except CNAP would be mandatory, and caller names would appear as per KYC documents. A 2022 consultation paper on the project makes only a few mentions of caller ID spoofing, and does not provide a plan or technical measures for tackling the issue. It merely acknowledges in one sentence that caller ID spoofing is a problem that exists. The Department of Telecommunications (DoT) is reportedly in the process of launching a pilot of the CNAP project. Though it is not known whether CNAP will (or should) be implemented, it can be said that introducing such a system without first implementing a technical fix for caller ID spoofing will be a mistake.
According to news reports from May 2024, the DoT has devised a system to “identify and block” international calls with a manipulated Calling Line Identity (CLI) and has issued directions to telecom operators to prevent such calls from reaching subscribers.