How to stop phone spoofing in contact centers and businesses using call authentication.

Spoofing is the act of changing the source number and Automatic Number Identification (ANI) on an inbound call. This is the same concept as “Caller ID Spoofing,” “Phone Number Spoofing,” and similar names. Some spoofing is legitimate, but most spoofing is not. Likewise, spoofing with fraudulent intent is not legal but this does not stop most attacks. Spoofing makes all inbound voice call-based attacks more difficult to deal with. Including robocalls in general, scams, vishing, Telephony Denial of Service (TDoS), and social engineering, including Account Takeover (ATO) in financial contact centers. For all of theses reasons, we can no longer trust the calling number and caller ID.

Spoofing is on the rise. One of the reasons is that the Public Switched Telephone Network (PSTN) is no longer a closed network. It often uses Voice over Internet Protocol (VoIP) and connects to the Internet through the Session Initiation Protocol (SIP). In other words, it is easy to introduce calls with any spoofed numbers into the network, via SIP, traditional telephony, or with applications such as SpoofCard.

Spoofing and the inability to identify or authenticate the caller enables many inbound voice call-based attacks. Spoofing on its own is not an attack. Instead, spoofing makes inbound call attacks more difficult to mitigate. As a result, contact centers, organizations and businesses are turning to call authentication technology to stop phone spoofing.