SPOOF? OOF!Phone scams are on the rise and some use ‘spoofing’ to present a false Caller ID. “Check the number that’s come up on your phone, you’ll see it’s the bank calling” the scammer might say. And sure enough, if you check the number against the one on your statement or the bank’s website, it looks right. But it’s been spoofed and the scammer is on their way to tricking you out of your personal information and your money.
4 min read
Number spoofing scams
Ofcom has reported that there has been an increase recently in reports of ‘phone number spoofing’. You may have heard of it, but what is it?
Phone number spoofing causes the Caller ID on your phone to display a phone number or other information to make it look like the call is from a different person or business than who is actually calling you. So for example, a call might appear to be from your bank, when in fact it’s a criminal, intent on tricking you into parting you from your money.
Whilst the Caller ID may look like it’s local, such calls are often made from outside the country altogether. Spoofing is usually done with malicious or unscrupulous intent by the scammer. Many people believe that they can no longer trust Caller ID.
Is spoofing ever allowed?
Yes, in some situations. For example if it’s from a genuine organisation and they want to make it easy for you to call them back on a free 0800 number, they might use spoofing to make it seem as if they are calling from the freephone number.
How does spoofing get used in phone scams?
Scammers, who want to steal sensitive information such as your bank account or login details, sometimes use spoofing to pretend they're calling from your bank or credit card company.
Phone scams (also known as Vishing) are fake calls made by scammers that claim to be from, for example, your bank, organisations like telecom companies or HMRC, to name a few. The caller may use your full name, use a number you recognise or mention personal details that convince you that you’re speaking to a genuine caller. The scammer may use ‘spoofing’ to impersonate your bank to make you believe you are really talking to them.
Scam callers sometimes claim that you have been the victim of fraud and then encourage you to share confidential information, such as your PIN or passwords to prove your identity. They may then use these details to access your bank account or demand that you make an immediate payment to a new account they have ‘set up for you’ to resolve a problem.
What should you do?
Identity thieves and scammers often impersonate representatives from banks, credit card companies, or government bodies such as HMRC or DVLA to trick people into revealing their account numbers, passwords and other sensitive information.
So, remember to never provide your personal information in response to an incoming call, and don’t rely on Caller ID as it could have been spoofed. And doubly so if the caller asks you to do something which might have financial consequences.
If someone rings you asking for personal information like this, don't give it to them. Instead, hang up. Then call using the phone number on your account statement, in the phone book, or on the company's or government department's official website to check whether the call was genuine. Never rely on a phone number someone has given you during an incoming call. And also remember to wait at least five minutes before making the call to make sure that the line you're not still speaking to the scammer.
I think I've been a victim of spoofing
If you think you’ve been targeted by a scam, or if you know someone who has, contact Action Fraud on 0300 123 2040 or visit www.actionfraud.police.uk. Action Fraud is the reporting centre for fraud and cybercrime in England, Wales and Northern Ireland. Reports of fraud and any other financial crime in Scotland should be reported to Police using 101.
If debit cards, online banking or cheques are involved in the scam your first step should be to contact your bank or credit card company.
If you think you’ve been caught up in a scam, you can also tell Citizens Advice Consumer Service by phoning 0808 223 1133, and they can pass details of the case on to Trading Standards. The Trading Standards service is responsible for protecting consumers and the community against rogue traders and traders acting unfairly.
It’s also good to let other people know what’s happened. Let family, friends, neighbours, the local Neighbourhood Watch scheme and so on, all know what’s going on. Raising awareness is a good defence for us all against the scammers.
Get control of your personal data
For a scammer to target you using spoofing, they need some of your personal data - at least your phone number. If they have a little more than that, it’s easier for them to convince you that they’re genuine. It’s best to be suspicious of any incoming call.
Your personal data is held in many places and sometimes scammers acquire it through buying data stolen from companies by hackers. Your personal data probably sits in thousands of databases held in many companies, including some you may not even have heard of.
One way to reduce your risk of being targeted by scammers is to get your data deleted from any company that doesn't need it. If scammers can't get your data then there’s less chance that they’ll come after you in a scam. You can get your data deleted from any company that doesn't need it by using Rightly Protect. Our service is quick, simple and free.
7 min read
Scams are taxing
As people prepare to pay their tax bill at the end of January for the 2021-22 tax year, scammers are impersonating HMRC in a range of insidious scams aimed at parting you from your money or capturing sensitive personal data.
7 min read
Leaving a digital trail
Not all browsers are created equal when it comes to security of your personal data. Some of the most popular browsers in the world are being exposed for collecting and selling user data or lacking adequate security measures.