Caller ID Spoofing

Caller ID spoofing is deliberately setting a false phone number (or name) to display on the recipient's caller ID. The technology is trivial โ€” most VoIP systems let the caller set any outbound number โ€” and US law draws the line at intent: spoofing to defraud or harm is illegal under the Truth in Caller ID Act, while legitimate uses like a business displaying its main callback line are not.

How Caller ID Spoofing Works

Caller ID was never designed as a security feature. The displayed number (the CPN, or Calling Party Number) is supplied by the caller's equipment, and the network historically passed it along without verification:

  1. The caller's PBX, VoIP softswitch, or spoofing service sets an arbitrary number in the SIP From header or ISUP calling party field.
  2. The call traverses one or more carriers, most of which simply forward the asserted number.
  3. The terminating carrier displays it โ€” and may look up CNAM for the spoofed number, making the deception more convincing by attaching a real name to it.

Common attack patterns built on spoofing:

  • Neighbor spoofing โ€” matching the victim's area code and prefix to look like a local call.
  • Enterprise impersonation โ€” displaying a bank's or government agency's real number to lend credibility to vishing (voice phishing).
  • Callback fraud โ€” spoofing a premium or victim number so return calls are monetized or harassing.

Legality: The Truth in Caller ID Act

The Truth in Caller ID Act of 2009 (47 U.S.C. ยง 227(e)) prohibits transmitting misleading or inaccurate caller ID information "with the intent to defraud, cause harm, or wrongfully obtain anything of value." Key points:

ScenarioLegal Status
Spoofing a bank's number to phish customersIllegal โ€” fraud intent; penalties up to $10,000 per violation
Doctor's office displaying its main line instead of a back-office DIDLegal โ€” no intent to harm
Call center displaying a verified client callback numberLegal โ€” provided the number is authorized and answerable
Law enforcement / authorized investigative spoofingExempt under the Act

The FCC has issued some of its largest-ever forfeitures โ€” hundreds of millions of dollars โ€” against spoofed robocall operations. Spoofing also typically compounds TCPA violations when paired with automated dialing.

How STIR/SHAKEN Counters Spoofing

STIR/SHAKEN attacks the root cause: the network's blind trust in the asserted number. The originating carrier cryptographically signs each call with an attestation level stating whether it verified the caller's right to use the displayed number. The practical effects:

  • Spoofed calls can't get full attestation. A caller using a number their carrier didn't authorize gets B or C attestation at best โ€” a risk signal that analytics engines weigh toward "Spam Likely" labels or blocking.
  • Spoofing becomes traceable. The signature identifies which carrier originated the call, enabling industry traceback and FCC enforcement under the robocall mitigation framework.
  • Gaps remain. Calls crossing legacy non-IP segments or entering via international gateways can arrive unsigned, which is why spoofing persists despite the framework.

How to Detect Likely Spoofing

No single signal proves spoofing, but several together are strong evidence:

  • Reputation and spam score: numbers actively used in spoofing campaigns accumulate complaint-driven spam scores quickly.
  • Line type vs. behavior: a "bank" calling from a number that resolves to a prepaid wireless or anonymous VoIP line is a mismatch worth blocking. Line type lookup exposes this.
  • CNAM mismatch: the registered CNAM not matching the claimed identity ("Wireless Caller" claiming to be the IRS).
  • Unallocated or invalid numbers: calls from numbers that were never assigned are spoofed by definition โ€” carriers may block these outright.
  • Callback test: the legitimate owner of a spoofed number answers as themselves, not as whoever just called you.

For account-security teams, spoofing pairs with SIM swap attacks โ€” verify both the displayed identity and the number's recent porting activity before trusting a caller.

Screening Inbound Callers via API

VRI returns spam score, CNAM, carrier, and line type in one lookup, giving call screening and fraud systems the signals to flag likely spoofed or high-risk callers in real time:

curl -s "https://api.verirouteintel.com/v1/lookup" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -G --data-urlencode "phone=+12025550175" \
  --data-urlencode "fields=spam_score,is_spam,cnam,line_type,carrier"

Screen callers for spoofing risk signals โ€” spam score, CNAM, line type, and carrier in one API call. Free sandbox, no card required. Get started โ†’

Try It

Get phone intelligence data including Caller ID Spoofing with VeriRoute Intel.

Get Free API Key

Related Terms