back to article MPs urge action as spooky caller ID-faking services hit UK

Communications watchdogs have today been pressed by MPs to investigate a new service that allows people to fool caller ID systems into displaying a fake number, amid fears it will be abused by ID fraudsters and other conmen. It's thought such trickery is currently legal in the UK. The Liberal Democrats have called on …

COMMENTS

This topic is closed for new posts.
  1. Dan White
    Thumb Down

    Oh super...

    ... as if it wasn't bad enough having these fuckers calling me *every* day from overseas trying to sell loans to someone who no longer lives here, now we can't even block the calls because we won't be able to tell who it is.

    This needs to be outlawed and fast.

  2. Gordon Pryra

    Sounds familier

    "Spookcall founder Royce Brisbane defended the service today, saying he had sought advice on whether the caller ID spoofing was legal under UK law prior to launching the service."

    I wonder which labout MP is Royce Brisbane's mate? and how much they will make from this personally?

    I look forward to the Home Secretary telling us how this will make the telephone safer for our Children

  3. adnim

    stinks

    of fraud to me.

    I see this service as being of more use to criminals than honest persons.

    Perhaps the tagline should be "who do you want to be today?"

    I want to be a Nat West call center whilst asking for a customer CC details.

  4. Tim

    technical point in law

    To claim that the receiver of the call should determine who the caller is would fall down in law if a deliberate attempt to change your identity is made. This could then be construed as fraud. Unless the caller ID is genuine, and the caller does not identify themselves, they are free to assume that the callee should find out who they are. If they intentionally misrepresent their caller ID, then the onus is on them to clarify their ID on the call to avoid any kind of investigation.

    Seems to be a harmless prank line, but clearly this can lead to a more sinister practice. Personally, i dont believe anyone who calls me these days, but i am king of the cynics.

  5. Anonymous Coward
    Thumb Down

    good luck.

    We have this in Canada, it is used by all sorts of scammers.

    the government does nothing at all about it (probably some of their friends)

  6. Andrew Bolton

    Call from +666 666 666 666

    TOM CRUISE?

    YOU'RE GOING TO HELL!

    Happy days.

  7. Anonymous Coward
    Gates Horns

    Bosses..

    Phone your boss and tell him what you always wanted before it becomes illegal (might want to distort your voice).....

    Evil thought could always pretend to be the bosses wifes boyfriend/girlfriend?

  8. Xander
    Thumb Down

    Customer Feedback

    Have you read how some people use this system? Frankly most of the stories are disgusting abuses of trust and how anyone can call this system innocent is clearly Very misguided.

  9. Chris Collins

    remove phone

    I avoid harassing phone calls by not having a phone connected to my wall socket. Bollocks to landlines, I only want the internet, anyhow.

  10. TeeCee Gold badge
    Joke

    Well Matthew...

    ....today I'm going to be the House of Lords' tearoom.

  11. Anonymous Coward
    Anonymous Coward

    This will be outlawed in the UK ....

    ... the second someone spoofs being Gordon Brown, and orders a load of strippers and baby oil to no.10.

    Seriously, given the pedomania in Britian. all someones got to do is say "think of the childuhrunnn" and it'll be banned. With knobs on.

  12. Mike Richards

    This will come back to haunt him

    "It should be up to the person you're calling to make sure you're who you say you are."

    Royce Brisbane better have his lawyer on speed dial the first time the Daily Mail reports his service has been used by a stalker or an unwanted ex to make someone's life hell.

    Honestly, can anyone think of a legitimate use for this business that can't be done through other, better, entirely legal means?

  13. Anonymous Coward
    Anonymous Coward

    Oh what fun

    The government has something new to legislate against and then ignore.

  14. Mike Bell
    Stop

    Oh Dear

    A few people are going to have to change their terms and conditions.

    For example, www.bt.com/privacy

    "BT Privacy at Home* registers you for the Telephone Preference Service which helps stop unwanted sales calls.

    It also includes Caller Display**, which lets you see the number of the person who's calling, so you can decide whether or not you want to take the call."

    All that goes down the pan if the person who's calling is not really the person who's calling at all.

  15. Anonymous Coward
    Anonymous Coward

    @AC

    As it happens, I once had a call from a Gordon Brown.

    He even had the correct accent for our current incumbent.

    However, he didn't claim to be our erstwhile PM - but from an agency we were dealing with at the time.

    We laughed about his name, and his accent.

    Sometimes, truth is stranger than the quite hideous fiction this service will bring about. I hope it is outlawed soon.

    Regards

    Neil

  16. Anonymous Coward
    Black Helicopters

    Anybody know...

    Does anybody know Royce Brisbane's number? ;-)

    AC because when this happens, I don't want it coming back on me ;-P

  17. Roger Stenning

    ARGH!

    Marvellous.

    OK, simple answer (sic)...

    I will no longer be accepting ANY phone calls. yes, folks, the plug is being pulled from the wall as I speak - I mean type ;)

    This means that:

    * No one notifying me I've won the lottery will be able to contact me, as I no longer accept any mail to my home due to the massive amounts of junkmail;

    * I don't read email for the same reason (only there it's called spam)

    * I don't answer the door due to the threat of home invasions

    * And now I cannot be sure the called ID isn't being spoofed on my home phone.

    That's four more reasons to quit the UK, folks.

    I am Sooooo outta here...

    Er... when I win the lottery, I mean - D'OH! how the hell will I know when I've won it?!

    ARG!

    ;)

  18. Geoff Webber
    Stop

    applicable law

    Apparently If I choose to sign up for this service their T&C's are governed by New York state law, hardly likely to worry me or anybody else in the UK.!!....

    PS how does one lobby for this to be stopped without attracting more exposure to the service?

  19. Dave

    On the Other Side...

    Perhaps BT will now released incoming international callerID? Given that their argument against it was always that they couldn't be sure it was accurate, now they've either got to withdraw the callerID service altogether or accept that they can't guarantee the accuracy of any supplied numbers and provide all of them.

  20. Robin

    The perfect tool for Bunny Boilers

    I love this one from their testimonials site ...

    "I've used the Spoof caller id when my boyfriend (during that time) was just ignoring my phone calls (even when i blocked my number) he still didn't answer. Up until i had found this wonderful spook caller ID website, i was AND STILL AM VERY THANKFUL for such a WONDERFUL PRODUCT THAT SUITS MY CERTAIN NEEDS. once i've purchased the minimum amount of minutes for this, i had put it to a test! I called my exboyfriend with HIS house phone number and HE HAD ANSWERED the phone call without hesitating!! and he was just tripped out about it. he had thought that i was AT HIS HOUSE!! which i found quite exciting!! the whole idea of how i could use ANY NUMBER to show up on the caller ID, the whole idea of recording the call (which REALLY HELPS WHEN I COULD USE THE RECORDED CALLS AS PROOF THAT HE HAD LIED!PROVING THAT HE TOLD ME ONE THING OVER THE PHONE AND THEN TELLS ME A DIFFERENT STORY IN PERSON THANKS SPOOF!!! I WILL DEFINATELY BE YOUR LONG TERM CUSTOMER!!! THAT'S A FACT!! THANKS!"

    If only they had a green ink option to go with THE EXCESSIVE USE OF CAPS. At least the poor boyfriend was only 'during that time' so it looks like he escaped (unless she did a Han Reiser on him)

  21. Gilbert Wham

    "could make it even easier to fleece the public and invade privacy"

    Well, no wonder the Gov. doesn't seem to mind it...

  22. Nile Heffernan

    Who profits?

    The big users will be telephone marketers and they will have bulk rates a lot cheaper than the 50p per minute quoted in the article.

    That's merely unpleasant and annoying. Moving down the list, we get pranksters, malicious callers and stalkers, malicious journalists - seriously, the tabloids are becoming a kind of privatised Stasi and it's only their relatively small numbers that prevent them being a bigger threat to the liberty of the individual than an overbearing Surveillance State - and, finally, fraudsters.

    The 'protecting children' pretext for legislation is appealing but implausible. I don't think that children use caller ID to verify who's on the phone; further, telephones aren't an avenue of attack for paedophiles.

  23. Anonymous Coward
    Anonymous Coward

    Hmm, how about the Data Protection Act to stop this ??

    Lets not forget the impotent Information Commissioner. Remember that it is now a Criminal Act to even Attempt to obtain data from someone excepting under strict criteria. If the person using this system was to ask you for your name, details etc etc (i.e. personal information) then that could well constitute a criminal offence.

  24. Anonymous Coward
    Anonymous Coward

    Information Commissioner informed and very interested !!!

    I just spoke to Information Commissioner (yes I know i am a spoilsort but YouTube is trashy enough and can imagine what will happen with this crap) and they are very interested in knowing about this. They have advised that obtaining personal data from someone using this service could very well be a breach of DPA 1998 and thus a criminal act.

  25. Anonymous Coward
    Black Helicopters

    MPs beware - Spinners spun out

    From what I understand in the article it should be possible to send a fax to an MP's Westminster office, with the fax appearing to come from that same MP's consituency office.

    Something along the lines of "A package of £20 pound notes has arrived from your friend the property developer. Shall I do the usual?".

    Then have a similar thank you fax to a real developer known to the MP, sent from the Westminster office number & Sun headlines here we come.

  26. Mike Moyle Silver badge
    Pirate

    Just remember...

    "Spookcall founder Royce Brisbane defended the service today, saying he had sought advice on whether the caller ID spoofing was legal under UK law prior to launching the service."

    Any time that someone feels that they have to state that they're within the *letter* of the law, it's a tacit admission that they are in violation of the *spirit* of the law.

    (Skull and crossbones because I'd not be overly upset if these schmucks were to see one of these peering up from the bottom of their latté cups some morning!)

  27. Anonymous Coward
    Anonymous Coward

    What is the legitimate use of this?

    If you don't want someone to know your number, withold it. The only reason to use it is to pretend to be somewhere/one you aren't.

    BT should refuse to route calls from this service. But I bet they get a nice kickback, just like from Phorm.

    Phuckers.

  28. Anonymous Coward
    Flame

    Getting around anon call blocking

    This happens already; incoming number from an 084x or 087x number simply so they can get around anonymous call blocking. And if you try and phone that number back... it's dead! (Besides, the displayed number should be the geo number that it's mapped to; anything else is spoofing anyway.)

    Anon, 'cause it's like those using dirty tricks like this.

  29. Anonymous Coward
    Thumb Down

    It's not a feature, it's a bug

    If caller-ID can be spoofed like this, that means it's broken and needs fixing. It shouldn't be up to lawmakers to put a stop to it, it should be the telephone networks' job to verify that calls come from where they say they do. Where the lawyers may be helpful is in allowing us to beat BT with the "inaccurrate advertising" stick until they either fix it, or stop claiming that callerID is a service.

    ...unless I've completely misunderstood the system, and the phone networks are actually full of holes equivalent to open SMTP relays?

  30. Vaughan
    Unhappy

    They won't strangle Phorm...

    ...so I'm not going to hold my breath waiting for this to be outlawed. I'm sure both are going to be making money for some MP or other.

  31. Anonymous Coward
    Anonymous Coward

    @Mr Stenning

    Um... sorry to be a pedant, but you will know if you win by checking your numbers.

  32. Anonymous Coward
    Black Helicopters

    Kewl

    I'll dig out that autodialer and set my number to Phorms head office.

  33. John Geddes
    Unhappy

    Incompetent leglislation - again.

    "It should be up to the person you're calling to make sure you're who you say you are." says the guy setting this up.

    Sure - we can work like that. Like we could allow people to counterfeit our currency and say that it is up to the person receiving the cash to check.

    We don't allow that with money because the cost of such an approach is severe and obvious. Imagine the queues in shops and ticket offices if it was considered fair game to try and pass off dud currency and every front-line employee had to check every note and coin.

    One of the roles of government is surely to prevent cases like this, where a tiny minority stand to make money at enormously greater cost to everyone else.

    So, attempting to pass dud currency is an offence -and that is enough of a disincentive to reduce the risk to the point where the populace can swap money with each other quickly and simply.

    How depressing to find that those framing rules for telecoms haven't been bright enough either to anticipate CLI-spoofing, or to have a catch-all provision that allows them to close down this sort of operation overnight.

    Remember rogue diallers? Oftel (as they were then) couldn't see that coming either.

    And the rest of us are going to work to an advanced age to help provide these comfortable fools with a gilt-edged pension.

  34. Paul Young
    Stop

    As a telephone engineer I've come across this

    As the title says

    I've recently heard of people recieving calls from supposed confidential

    contact lists, claiming to be from a certain company.

    I've had, probably 20, "faults" this year relating to spoofed Caller ID's

    They seem to be coming from overseas, as you can trace them on ISDN

    well at least I thought I could!!!

    I always tell the customer never to answer personal or company info, an to call the number back and verify the call.

    maybe now it's going to get a whole lot worse.

    When I see an 08xx number on my home phone, I tend to ignore it

    but the corporate world answer every phone call.

    I recently took a call from my local garage, well so I thought

    It ended up being from a insurance company that were using a "LOCAL"

    number to try and solicite business.

    Absolutly Shocking

    This should be stopped NOW

    Paul

  35. Haviland

    mwahaha

    lots of taxi firms use cli to get the "for an immediate taxi to..."

    Just saying...

  36. RW

    What it will come to...

    ring

    ring

    ring

    "<bzzz> <click> This is Anonymous Coward. Please identify yourself. If you are not a telemarketer I will pick up the phone, if possible."

    Some weeks ago I got tired of daily vishing calls from some scamster in Tacoma, Washington, so now use my answering machine as a screening device. Works like a hot damn. Highly recommended tactic. These calls are now much less frequent, though they still try every few days, I suppose in hope of catching me out.

    If you try this technique, make sure your announcement does NOT start with the word "hello", as there is evidence that telemarketing scum use voice recognition techniques and "hello" triggers their spiel.

    URL for info on Tacoma vishers:

    http://whocalled.us/lookup/8009619830

  37. Anonymous Coward
    Anonymous Coward

    Just what we need

    It'll be great for the scumbags won't it.

    Thought the crimestoppers by text was a thick idea but this?

    And who is hosting the infrastructure for this I wonder and providing the webspace and the telecoms links, the directors of all companies should be shot and Royce Bastard Brisbane should have his limbs chopped off.

  38. Justin Case
    Paris Hilton

    @AC

    "If caller-ID can be spoofed like this, that means it's broken and needs fixing."

    Hear hear! Give that man a beer. If someone does this to me then I'm straight on to Trading Standards plus Small Claims court to get back every penny extracted from me under false pretences that Caller ID was actually supposed to show me the number of the caller. FFS who amongst the ship of fools will take any responsibility for anything. I want someone to fine, right now!

    Paris - because she is fine... <ahhhhh>

  39. Anonymous Coward
    Anonymous Coward

    Any readers here heard of "presentation CLI"?

    If you're in the telecoms business dealing with big companies you'll be aware of "presentation CLI". I was under the impression that there were rules (the law, and the telco rules) governing what you could do with "presentation CLI", eg nothing too dodgy. Why don't those rules seem to apply here, which seems dodgy in the extreme?

  40. Seán

    It must be cool

    Look at all this unanimous fucking whinging by all the constipated types. Oh no teh callerid is lies!!1! So what.

    It increases the anonymity and freedom of the average Joe Public and allows kids to drive anyone they like demented.

  41. Maurice Shakeshaft

    Isn't this service just straightforward "deception"?

    "Caller ID witheld" is what it says and used not to be an issue - I generally don't take them unless I've a fairly good idea who they are from.

    However, a call from a spoofed number is deception and I'd suggest that, in the event of a fraud, the service supplier (BT or whoever) would be guilty of conspiracy.

    A little bit more "challenge" and ingenuity from our Civil servants and legislators would be helpful. Perhaps they could focus their creativity on these sorts of topic rather than their expense and job prospects? But they wont...

    Mine's the one with "Luddite" on the back.

  42. call me scruffy

    @Nile Heffernan

    Yes... but for an even tinier fraction of 50p/min a telesales office could have their outworkers hooked into their comms system by voip or even POTS dialed in and looped back.

    That the company are publishing a "testimonial" from a bunny boiler indicates that they don't give a flying f*ck for the spirit of the law.

    @Mike Moyles

    Nice;-)

    Bah

  43. Anonymous Coward
    Unhappy

    @AC

    "If caller-ID can be spoofed like this, that means it's broken and needs fixing. It shouldn't be up to lawmakers to put a stop to it, it should be the telephone networks' job to verify that calls come from where they say they do. [snip]

    ...unless I've completely misunderstood the system, and the phone networks are actually full of holes equivalent to open SMTP relays?"

    As I understand it, the caller ID is just passed from telco to telco until it gets to it's destination (as well as a preference flag for whether it should be delivered to the called phone). The delivering telco really has no option but to trust the originating telco. All they could do is check that it wasn't one of their own numbers as it came into their network, which would cost them to implement and which might help for big telcos but wouldn't make much difference for the smaller ones. Yep - pretty much like open relays except that at some point there is a telco accepting (or generating) the spoofed IDs and if it was made illegal to do it then it would be pretty easy to find out who was doing it by back tracing through call records.

    50p a minute you say, hmm now then, where's that price list for PC based switches.

  44. Pierre
    Heart

    I for one...

    Caller ID is the useless intrusive thing that's bothering me in the first place. It's already spoofable btw, so the threat is not new. Go ahead spookCall.

  45. Will Gilpin
    Black Helicopters

    Electronic Tagging

    CLI is used as part of the UK monitoring of electronically tagged offenders. Another nail in its coffin I fear.

  46. Anonymous Coward
    Anonymous Coward

    This isn't illegal, and never could be...

    I read once that anyone can call themselves anything they want, at any time, (without even resorting to deed poll,) so long as it is not used to commit in, conspire in, or assist in fraudulent acts. It is for this reason that muslim terrorists with 20 different names are never charged simply by going by multiple identities - because it's not illegal.

    It therefore naturally follows that there's no legal obligation to be honest about your number, since there's no legal obligation to be honest about your real identity.

    If there is a contract between caller and callee that obliges the caller to legally provide his correct number, then I've yet to see it.

    I suspect, however, once one or two MPs have been had, they'll ban the practice.

  47. Cameron Colley

    The real headline is that Telco's lied.

    Apparently they haven't actually implemented called ID, just a few features that look like it.

    Am I the only person on here that doesn't have caller ID to rely on to tell me if it's my bank or not?

    On similar lines, does anyone use a bank that give you personal details and a password so you can check they are who the say they are?

  48. Fred
    Stop

    Nothing New

    Companies have been able to use it for years - most switchboards allow the CLI number to be set to whatever the operator decides.

  49. SPiT
    Boffin

    Ban what exactly?

    Bearing in mind that caller ID spoofing is used as standard by a wide range of users and businesses already there may be some difficulty in banning it. It is now quite a normal feature in a PABX to be able define the caller ID rather than leaving it to the network provider. The is the standard way of having all calls from a range of phones appear to come from one number. So waht exactly is it that everyone wants to ban.

    Do we make it illegal to issue a caller ID which does not match the network number for calling the exact phone line making the call?

    Do we make it illegal to issue caller ID which does not allow reliable call back to the business that was making the call (allows current generally used spoofing)

    Or what?

    For those of you that care caller-ID has always been broken since it is fed through the network from the originating exchange as a completely seperate signal from the originating caller signalling. It is simply a field that the network passes through without caring what is in it. All you needed was to be an "originating exchange" which has been widely and economically available to business for sometime and for a little while now available to anyone that wants via Internet telephony.

    Anyone who wants to ban it, can we have some proposed wording for this law so we can have fun pointing out the consequences.

    (p.s. Yes, I would like to ban it too but I'm not sure how. I already give call centres a lot of stick over this issue since they claim it clearly indicates who they are)

  50. wulff heiss
    Boffin

    AC

    i thought you just can cut off carriers that do not follow standards?

    in the SS7 specs, the CI element may be set to untrustet, or network-provided...

    if they _can_ set it to network provided, then the telco who allows this should be kicked sky-high....

  51. Anonymous Coward
    Flame

    Spookcall: either crooks or clowns.

    Their T's and C's are full of clauses referring to "Federal law" and the requirements imposed on them FCC. FFS, take a look at this:

    " 9. Call Free Surcharges There is a £0.50 surcharge assessed on calls made from the following locations: (1) Payphones, (2) Hotels, (3)Dormitories, (4) Hospitals, and (5) Other commercial phone lines. This surcharge covers charges imposed by the Federal Communications Commission [ ... ] "

    (http://www.spookcall.com/terms)

    And they claim to be an English company? They are lying or incompetent. Any agreement with them purportedly governed by these terms and conditions would be ripped to shreds and thrown out of court in microseconds.

    They are clearly any/and/or/all of ignorant, incompetent, dishonest and crooked. Either way, you don't want to do business with them. No way on earth would I trust them with my credit card details.

    Now, off to check the DPR and Companies house...

  52. Henry Wertz Gold badge

    Xanders right, the testimonials are creepy

    @Xander: You're right. seriously, people, look at these examples...

    One called someone to tell them they one $1 million.. that COULD be funny.. but he didn't tell him it was fake, he let him buy a $600 bottle of champagne, they both drank it, and just called AGAIN from a fake number to ask him a trivia question and then say he didn't win the cash. *he never told him it was fake*

    One called a "friend" and gave fake results from Planned Parenthood.

    One called a friend ON HIS BIRTHDAY to claim a stripper was on her way, and just thought it was hillarious that he kept waiting.

    One called a plumber friend to tell him his plumbing license was revoked.

    One called someone who specifically said they didn't want to be in a movie, got them to say some lines, and spliced them into the movie anyway.

    *AND THOSE ARE SUPPOSED TO BE THE PRANKS*.. wow "hilarious".

  53. thomas k.

    2 thoughts

    They must have gotten their legal advice from the same place BT did when they did their Phorm trials.

    "which prohibits the intentionally misleading or inaccurate use of spoofing technology"

    Isn't spoofing, by definition, intentionally misleading?

    So, our pols will pass another useless law that leaves enough wiggle room for the bad people to continue doing exactly what they're doing, while being able to say they're doing something about it. Great. Typical.

  54. Anonymous Coward
    Flame

    No discussion, just ban it!

    I can't see any legit reason to use this CID-faking "service", and having already received a couple of international calls using it (number 0000-0000 was a dead giveaway) I would refuse point blank to even talk to any a**hole using this piece of crap, other than to deliver a nice slice of invective.

    Surely it's a pretty clear case of misrepresentation, and since we're talking about commercial companies (for the most case) then I would have thought that even using it would be some way to "attempting to obtain monies by deception".

    As an aside, if the CID system *is* that broken then why hasn't some expert sued the pants off of BT for providing a "service" that doesn't do what it claims? This'd be my best hope for a solution, seeing as our current crop of politco's have proven pretty useless! >-(

    I figure what I need now is an answer phone that's smart enough to be programmable with a "white list" of known good numbers, (that get put through if I'm in), and all others get automatically sent straight to the answer service. Okay I realise that this won't protect against a determined a-hole, but it'll certainly reduce it to manageable proportions, no?

    Is it just me, or is comms in the UK looking more and more busted by the day? Capped broadband, traffic shaping, Phorm, and now this... :(

  55. Anonymous Coward
    Joke

    skype anyone?

    If you buy a number from Skype can't you get London 0207 or 0208 area codes?

    Isn't this a form of spoofing?

    Also re: Sean. Absolutely, anyone who RELIES on caller ID should really be more versatile.... i often answer the phone to some poor sales person from the far east who only wants to sell me something, its great fun to see how much you can wind them up and mis hear or pass the phone to your mates, then hang up, long before any personal or payment info.

  56. Dz
    Happy

    Old Tricks, New Implementation, That's All

    Hey, personally I am not too worried about this. You can do everything this service offers with the right voip account (cheaper too) and some inexpensive or even free (Asterisk PBX) software. Any criminal intent on this kind of deception is already doing it and has probably been doing it for at least 4 years.

    The service is too expensive for any tom, dick or harry using it as a serious money making tool. As stated, you can do this much cheaper with a wee bit of googling and a couple of hours on your hands.

    All I see this service being used for is the "Hey, i've just murdered your family and stolen their house! Only Joking!!!" kind of gag!

    Don't worry people. Anybody who reads Reg has at least enough common sense to know when they are probably being duped. If anyone rings asking for your credit card details, regardless of what number it comes from tell them to bog off! Caller ID is no proof that the call is genuine and never should be used that way!

    One thing I will warn though is: PINS on your mobile phone voicemail systems as some do use caller ID to verify the subscriber, but we all have PINS set already! Right??

    Dz

  57. Dz
    Thumb Up

    "It's no spoof ......

    ..... Honest Mario, 50 Pizza's to the usual address. You have my caller ID, who else could it be"

    Credit Card at the ready, Dialing finger at the ready, Camera pointing at the neighbours very shocked face as he receives his fifty meatfeasts!

  58. Dan

    caller / geographic spoofing and legality...

    @jeremy - having a skype number (or other forwarded number) isn't so much spoofing as the number does actually trace back to the original caller - it isn't trying to pretend to originate from someone else.

    I suppose it could be called geographic spoofing, but that's a completely different issue.

    When it comes to caller ID spoofing, I haven't lived in the UK for a few years now, but do any of the phone companies try to charge for it in addition to the bill? If they do then they should be liable for selling a broken feature. I would have no issue with them having it as a part of the standard line rental but... I would think that charging for this feature without making it exceptionally clear that it can be sidestepped would leave the phone companies open for legal action of some kind.

  59. Colonel Panic

    Legal to offer the service, but...

    Whether it legal to use it depends what you do with it. The answer (which can be obtained by googling "Fraud by false representation" is left as an exercise for the reader

  60. Anonymous Coward
    Thumb Up

    @MPs beware - Spinners spun out

    "From what I understand in the article it should be possible to send a fax to an MP's Westminster office, with the fax appearing to come from that same MP's consituency office.

    Something along the lines of "A package of £20 pound notes has arrived from your friend the property developer. Shall I do the usual?".

    Then have a similar thank you fax to a real developer known to the MP, sent from the Westminster office number & Sun headlines here we come."

    Whilst I agree with the comments re fraud etc, your perspective sounds like a rather useful way of subverting the system. Posted AC for obvious reasons...

  61. Anonymous Coward
    Anonymous Coward

    Why does Law Inforcement get a special version?

    if they are the honest upright citizens they demand that we be?

    OK, I can understand the principle, but evidence (presumably that is what they are after) obtained by deception could be rather tainted in court if the defendent says s/he knew the call was false and was just deceiving them back, thinking they were scallywags.

    Several high profile cases have been lost due to similar practices, and lives of innocent people ruined, most notably Colin Stagg after the attempted honeytrap in the Rachael Nickel (Wimbledon Murder) case.

    Care really must be exercised with this sort of thing.

  62. Anonymous Coward
    Coat

    Skype

    @jeremy

    "If you buy a number from Skype can't you get London 0207 or 0208 area codes?"

    No because London has only one area code, which is 020.

    </pedant>

  63. Ascylto
    Coat

    Don't worry! Be happy!

    These things will all be sorted out when the UK introduces, by stealth, the Biometric ID Cards which will:

    Stop all terrorism*

    End illegal immigration*

    Make all telephone calls transparent*

    Make the sun shine whenever you want*

    Reduce petrol prices to 10p per litre*

    Make all politicians tell the truth*

    (* subject to New Labour being re-elected and Treasury approval)

    Mine's the one with the target on the back

  64. Anonymous Coward
    Boffin

    About CLI for companies with PBXs

    Most CLIs for PBXs are set by BT at the local exchange and in ISDN in the information that goes along with CLI is the reliability of the CLI some of the options are "User, Verified and Passed" or "User, Verified and Fail" "Network provided" the upshot of this is the Telco has control over the CLI.

    However the inter-exchange protocol called SS7 (BT use a variant called IUP and upgrading to UKISUP as well as 21CN) companies running this equipment are able to spoof any CLI. But for a company to be able to operate equipment they have to pass tests, which has a part dedicated to CLI and IIRC spoofing CLIs would fail the tests, so unless its changed recently I don't know how they've managed to be allowed to interconnect to the BT network.

    <Disengage geek mode>

  65. pctechxp

    @Seán - Re: Constipated types

    This service is just plain WRONG.

    While I don't doubt it is possible for someone to fake CLID using software or a VOIP service (I acquired a London number for Skype only because that the code for where I live did not appear to be available when I registered for SkypeIn (I've stopped using Skype now because VOIP is crap but the fact that a business is being allowed to sell a service that allows you to ring up an access server and enter any number you would like to present and offer the option to filter your voice through modification software to boot is just ridiculous.

    There is a market for this type of service but it should be registered law enforcement ONLY.

    Where I work the main switchboard number is presented when we dial out which is fine because at least you are phoning back a number that belongs to the organisation that will be answered and would be quite happy to have my direct number displayed along with the main number (my phonw is part of an Auto call distribution system so cant accept incoming calls that easily but at least it would give peace of mind.

    I just gotta hope that some moron doesn't input my home or mobile number in at random and pester their ex-girlfriend/missus and then I end up getting the flak.

  66. Gordon Henderson
    Unhappy

    I can spoof caller-ID ...

    ... but I'm not supposed to...

    As a reseller of a wholesale VoIP/PSTN interconnect service, I have the ability to present any number I choose over the network, but I've signed a paper, part of the T&Cs, that says I won't present numbers that don't belong to me (or my customers)

    I don't think there's any law involved here, just agreements between telcos.

    But this is just extracting the urine. I'm convinced their upstream will pull the plug on them PDQ, especially if they've got the same sort of T&Cs I signed up to.

  67. Paolo
    Thumb Up

    Reg Lexicon

    I'd like to request a preemptive ban on "vishing" because it's such a toss, contrived word and nominate "Phuckers" for inclusion in the Reg Lexicon next to mobe and lappy.

    Phucker - abj. a company, person or (more likely) government agency who allows possible revenue to overrule common sense decency.

  68. E_Nigma
    Alert

    Awful, but there should be a simple solution

    I'm not sure what exactly the law says, but spoofing should be illegal unless the spoofer owns the number it pretends to be calling from.

    In other words, a company that owns a certain number may pretend that it calls are coming from it (which covers the desire of a company to have calls from a range of their phones appear to be coming from the same number or call center workers working from home), but some abusive type would not be allowed to call someone else pretending that he's calling from my number.

  69. VulcanV5
    Unhappy

    PukeCall: Identity Theft

    From PukeCall's FAQs:

    "What number will show up on the phone bill of the person whom I call?

    "Whatever number you enter as the Spook number will show up on the bill of the person you called. They won't ever see your actual phone number!

    "Can any number be used to show up on the Caller ID?

    "Any 11 digit number can be used. Not only will the number show up but also the Name registered for that number would automatically appear."

    Well, PukeCall couldn't make it any clearer: the "service" exists as a facility to perpetuate a fraud by dint of ID theft, because the PukeCall subscriber is stealing the identity of the person registered to that number.

    PukeCall isn't stupid. It knows it has a stricty time-limited life-span in the UK. It's invested nowt in its website (well, allright, maybe 50p then) and is taking a punt on how much money it can rake in before it's closed down.

    By comparison, UK legislators / UK Parliament are stupid.

    By the time anyone / any agency actually gets around to doing anything at all, PukeCall will have made its fast buck.

    In the UK nowadays, it isn't a case of knowing right from wrong.

    It's a case of figuring out how long you can stay in the wrong until something's done about it.

  70. Anonymous Coward
    Coat

    So I can call....

    So I can call my wife on her mobile whilst she is at her work from anywhere, but spoof my number so she thinks I am at work or home?

    Or phone into work sick from my mobile on a beach in the South of France and they will think it is from my home line!

    Marvelous!

  71. VulcanV5
    Alert

    SpookCall trading details

    SpookCall address:

    22, Harlesden Walk, Harold Hill, Romford, Essex RM3 9HS:

    http://www.spookcall.com/distribute

    Romford area trading standards department link:

    http://www.havering.gov.uk/index.aspx?articleid=304&contactid=2394

    Trading Standards works with law enforcement agencies to ensure that trading activity in the UK is lawful. Identity theft in the UK is unlawful.

    As SpookCall's "business model" centres upon the commission of an illegal act (by conspiring with others in the passing-off of identities for the purpose of deliberate deception) the Romford trading activity would appear to be unlawful.

    Reg readers can email the London Borough of Havering Trading Standards department via the above link.

  72. Death_Ninja

    There are several other services up already that work in the UK

    How about

    http://www.phonegangster.com/faq.htm

    They even offer a voice changing feature, which is handy for the legal purposes of errrm?

  73. Anonymous Coward
    Anonymous Coward

    Oh this is wrong

    ... disturbingly wrong!

    Today my real name on caller ID, tommorow Barack Obama's

  74. Wize
    Stop

    Caller ID not working

    I think this is absolutely terrible. Phone providers have a caller ID system which no longer works.

    And probably nothing will happen, till someone big gets put out by it.

    Who has the number for 10 Downing Street?

    And I don't mean the one everyone knows.

  75. Anonymous Coward
    Anonymous Coward

    It's the police

    Can you get 999 to appear as the number?

  76. A J Stiles

    Didn't think this was possible?

    I know with an ISDN-30 line you can supposedly inject any caller-ID you like (the company where I work was an early adopter of Asterisk ..... you learn a lot about telephony that way), but I was always given to believe that if the number you tried to attach to the line was not one of "yours", then it would be silently stripped out somewhere downstream.

    In fact, that happened with us; because when we ordered a second ISDN-30, someone at BT cocked up and left us with two separate number pools. Outgoing calls would randomly show up as anonymous, depending on which ISDN line they were routed through. Any attempt to test it out-of-hours only resulted in it behaving perfectly, because Asterisk was routing out down span 1 -- which was entitled to use the number we wanted to present. When we had several calls and faxes going out, though, we would have to move to span 2 where this number was *not* allowed -- so the calls came through as anonymous. If, during the call on span 2, a line within span 1 became free, then the next cal would go out on span 1.

    Maybe it is just BT who are blocking spoofed caller IDs on the PRI lines they sell, and other comms operators are a bit more cavalier ..... even if so, I can't imagine them being entirely happy about such a service.

  77. Anonymous Coward
    Anonymous Coward

    Correct

    VulcanV5 is right on the money. It's like smash and grab even when they get caught, shutdown and a fine levied the fines are tiny compared to the amounts "stolen" it just encourages phuckers to try again, time and time again.

    I've asked this before and I'll ask it again, why the fuck is it that ordinary Joes, like us here, can see this yet the over paid, under achieving schmucks that can ACTUALLY do something about it can't or won't see it?

    Never mind the US or the UK being fucked, it's the whole goddamn Human race that's fucked up.

  78. Anonymous Coward
    Anonymous Coward

    schmucks

    "the over paid, under achieving schmucks "

    they don't want to rock the boat.

  79. Scott
    Unhappy

    1471 RIP?

    Presumably all UK telcos will now be informing all their customers that their 1471 service is now useless, and hence will be withdrawn forthwith?

  80. Anonymous Coward
    Unhappy

    Bank Phishing

    I've had two calls in the last two days, claiming to be from my bank.

    The call appears to originate from a number which is *almost* the same as one of the banks actual numbers, and the caller claims to have an enquiry 'on my account'.

    Fortunately I have refused to answer the security questions the say to have to ask before telling me anything about the enquiry - I have since verified through two separate departments of the bank that there are no notes on my account and the enquiry must be bogus.

    The caller offers an alternative 0870 number I can call back on. I have had the bank call it and test them with internal security questions - no suprise they were not able to answer the questions.

  81. Anonymous Coward
    Boffin

    <OUT OF AREA>

    The indians already mastered this one, hello hello answer the telephone.......

    Nope as its <OUT OF AREA> another marketing call by someone over there selling someone over here something they know nothing about.

  82. Peter Leech Silver badge

    Actually...

    > "I know with an ISDN-30 line you can supposedly inject any caller-ID you like (the company where I work was an early adopter of Asterisk ..... you learn a lot about telephony that way), but I was always given to believe that if the number you tried to attach to the line was not one of "yours", then it would be silently stripped out somewhere downstream."

    PABX systems attached to an ISDN line do allow you to set whatever number you want. There is no verification anywhere along the line of whether you own the number your using for CLI. I have tried and tested this on our system when the company was splitting up and half the company was moving office. Your certainly able to use mobile numbers, NGN's and numbers in a different exchange registered to a different company in the CLI.

    > " I've had two calls in the last two days, claiming to be from my bank."

    I had exactly the same thing a few months ago, and told the guy I wouldn't answer questions on an incoming call. The bloke offered me what he said was his DDI to call. How helpful. I declined and looked the number up on their website instead.

    I do wonder how many people get conned like this.

  83. Chris
    Boffin

    RE: Actually...

    "I had exactly the same thing a few months ago, and told the guy I wouldn't answer questions on an incoming call. The bloke offered me what he said was his DDI to call. How helpful. I declined and looked the number up on their website instead.

    You do know that web sites can be spoofed as well? I would look it up on a paper statement. Or don't banks in the UK mail out statements?

    I kept getting calls about a new credit card account. I kept ignoring them because the calling company was not the one I opened the account with (they contract with the other company), and I had no reason to believe I owed them (it was supposed to be 0% for a year). As it turned out, it was 0%, but they still wanted a payment every month (not the usual practice over here), and I hadn't sent them the first one.

    Finally they sent me a letter. I called the number they left, but didn't give them any financial details. I told them I'd call back to the customer service number on my statement. He didn't understand my concern. "But you'll just get forwarded to us at collections again, until you pay the arrears."

    -Chris

  84. Richard
    Unhappy

    Verifying incoming calls

    There's actually a simple way of verifying if an incoming call is from your bank's call centre, or indeed any company's call centre. Sadly, I don't know if I'd be able to get it patented.

  85. Anonymous Coward
    Paris Hilton

    @Information Commissioner informed and very interested !!!

    The ICO!!! interested?

    That would make a change.

    Why would they be interested in this but totally ignore the greater issue of Phorm/Webwise doing deep packet analysis on all our personal data while web browsing and illegally profiling copyrighted website data.

    What about the illegal BT trials which injected javascript into our http data?

    The ICO is a joke in my opinion.

    Paris, because she loves a deep packet inspection.

  86. Paul

    @AJ Stiles/Peter Leech

    I think a few years ago it was the case that certain telcos would check the CLI from subscribers/businesses to make sure it was in the right 'range'. I worked at a co that separate sets of lines from BT and C&W - and you certainly couldn't send the CLI from one out of the other - but my understanding was that this was down to the numbers being in the telcos' 'ranges' rather than with a specific subscriber.

    What might have broken this system is "number portability" - because now you can take your number with you to any telco who'll provide you a service. So the concept of telcos 'owning' ranges of numbers has been somewhat undermined, and can no longer in itself provide a validity check.

    On the other hand, as the network now has to know where to route a specific number *to* surely it should know if the call has originated *from* the correct source - so implementing a check must be feasible. Or am I being simplistic?

  87. Peter Leech Silver badge

    @ Paul

    > "You do know that web sites can be spoofed as well? I would look it up on a paper statement. Or don't banks in the UK mail out statements?"

    Yes, they do, but given that I didn't ask him to email me the number I think using the website to look it up is quite reasonable...

    @ Paul

    No idea mate. I know it worked this way on NEC, Phillips and Panasonic PABX's as of last year.

    Presumably whomever is doing the routing can track the call to the ISDN circuit used, however I don't think you can do that from a PABX, or normal analog home line come to that.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020