The FCC has been cracking down hard on caller ID spoofing and it’s safe to say it’s a practice frowned upon by both consumers and the regulatory commissions.
Caller ID spoofing is one of those hot topics that’s subject to constant changes. So we’re keeping this page updated as we go along!
Legal Spoofing vs Illegal Spoofing – What’s the Difference?
In most of its reports and communications, the FCC always talks about “illegal spoofing”, and rarely mentions legal instances of spoofing. We thought we’d clear the confusion and get the basics down both for consumers who are tired of spoofed calls and for companies that need spoofing during their daily business operations.
What Is Illegal Spoofing?
There’s a simple explanation for this: spoofing is illegal when it’s against the rules set by the FCC. These rules change often and to prevent any damage to business activities, companies regularly need to check the FCC for updates.
The FCC defines illegal spoofing as spoofing done with the “intent to defraud, cause harm, or wrongly obtain anything of value.” Despite the vague language, this definition from the FCC is somewhat clear in that it reasonably eliminates all scammers and spammers.
Telemarketing spoofed numbers are illegal if the numbers do not represent the company “on whose behalf the call is being made.”
October 1, 2020 UPDATE: The FCC is continuing to roll out the caller ID authentication framework known as STIR/SHAKEN. Recent changes mandate voice service providers to implement the framework so that “IP calls retain caller ID authentication throughout the call path.” In layman terms, this means it will be easier to identify illegal and mallicious spoofing.
During the first quarter of 2021, 24.9% of global phishing attempts targeted financial institutions. Furthermore, social media accounted for 23.6% of all assaults, making these two industries the most targeted for phishing during this time period.
Examples of Illegal Spoofing
- Social Security imposters using a spoofed number to obtain social security information.
- Tech-support schemes where callers impersonate tech companies and use numbers that seem similar to those of the tech firms.
- Healthcare scams where callers using spoofed numbers claim a relative of the person who is receiving the call is in the hospital and needs money for medical aid.
What Is Legal Spoofing?
Simply put, legal spoofing represents any instance of caller ID spoofing done within the rules set down by the FCC. Though the rules often change, it is typically very easy to identify legally spoofed calls because they clearly state their intentions from the start of the call.
Based on the definition of illegal spoofing, we can extrapolate that legal spoofing means any instance that does not intend to cause harm, defraud, or wrongly obtain anything of value.
If the number correctly represents the party who is making the call, if it is showing the name of the business as part of the caller ID, and if you can call it back, then it is legal, even if the number is spoofed.
Recommended Read: How Does Caller Name Delivery Work?
Examples of Legal Spoofing
- Medical professionals spoofing their number to display their office number so as to not reveal their personal phone number.
- Businesses that have toll-free numbers will often spoof all their numbers to display a toll-free one on the caller ID instead.
- Telemarketers that call on behalf of a company or have the spoofed number associated with the company within the call ecosystem, and that have the same number available for callback.
Some companies resort to many different tactics to maintain compliance. Current systems allow for spoofed numbers to be associated with a company and be called back. They are therefore usable for telemarketing purposes.
Other companies go the international route. The FCC does not have authority over other countries’ governments. For instance, many spoofed calls in the US originate from India.
India and other countries that send spoofed calls have their own laws that deal with spoofing. However, with a bit of research, you can discover that the law in question for India was drafted in 1885, and references “telegraph lines.”
Can’t the US Do Anything against International Spoofed Calls?
These actions usually go through US-based enablers – American companies or individuals that help these illegal actors.
Unfortunately, the actions the DOJ can take against international companies are limited to complaints, red flags, and class action lawsuits. The US can seek a restraining order against the call centers and the immediate termination of the illegal activities – as is the case in the instance above.
However, these companies can ignore warnings, ignore red flags, and have more power to combat lawsuits than US-based companies.
- For one, simply hiring an attorney in the states they are doing business in is a huge step to dodge liability.
- Secondly, the paperwork involved in suing a foreign entity is already a big obstacle.
- Third, according to the Hague Service Convention of 1965, if the US sues a company in another country, the plaintiff must send the papers to that country’s central accepting service, which will then deliver the documents to the company according to their specific legal process.
However, the process can be expedited if any representatives of the company are US citizens– as was the case with the person who was fined $13 million by the FCC in February 2020 for many illegal spoofed calls made between May and December 2018. You may remember this case as it was made famous by the fact that the caller impersonated Oprah and pretended to be concerned by a “racist, anti-Semitic conspiracy theory.”
Is Neighborhood Spoofing Illegal?
Neighborhood spoofing abides by the same rules as regular spoofing listed above. However, scammers and robocalls typically use spoofed numbers that show a local area number. As such, it’s very difficult to tell whether a call is spoofed or not before answering it.
The implementation of the SHAKEN/STIR algorithm is a big step towards combating local caller ID spoofing. The system is a strong caller ID authentication solution that helps carriers detect the legitimacy of a caller through an identity token. The TRACED Act, signed into law on December 30, 2019, mandated that SHAKEN/STIR must be implemented across the industry by mid-2021.
Spoofing is not illegal per se. There is illegal spoofing, and there is legal spoofing. It is illegal to spoof a number with the intent to scam someone. However, many professions are dependent on spoofing for their daily operations.
Check back in the future for more updates on this article.
Right now, NobelBiz is ready for STIR/SHAKEN implementation. We’ve got our engineers and our support teams working with our clients around the clock to make sure they meet the attestation levels necessary to keep their calls from being labeled incorrectly.
Interested? Visit our voice carrier network page and schedule a meeting! Or if you want to pair our industry-leading voice services with a contact center software, fill out the form below: