Bell Canada → [Homephone] call id spoofing and contact phishing?

Starting last week I am receiving phone calls that have the caller id spoofed to appear to be from someone I know.

So when the phone rings, it shows my friend's name and number. But, it has a long distance ring (you know, the 3 short rings) instead of a normal local call ring. My friend is a local call. When you pick up the phone, it's a scammer trying to do the well known windows support scam, where they claim to be legit tech support and they want to install remote access software on your machine to gain access to everything and screw you over in any number of ways.

As the days go on, they have called additional times. Today they called twice.

I can't block the calls, because it's (spoofed) "from" my friend's number, so that would block him as well!

I have two concerns with this: 1. The scammer must know that my number has called my friend's number, or vice versa. Where did they get this information? Has Bell been compromised, have the scammers gotten into the phone records? Both my number and my friend's number are old land lines, these are not cell phones that got hacked into.

My friend says he did not talk to any scammer or fall for the windows support remote access scam. If we still imagine that his computer was hacked normally through the internet, and they got into his contacts and got my number that way, then how did they get HIS number? You don't save your own number on your computer. Which leads me to further suspect Bell's records being gotten into.

I suppose another possibility would be a mutual contact of me and him having been hacked, so that they had both of our numbers? Who knows. What do you guys think?

2. What is the deal with Bell's caller ID? What kind of service is this that they allow people to spoof caller ID?? When I call bell they seem to take no responsibility for securing caller id and making it work properly.

I called bell, and they said that this was an extremely unusual situation and that they would look into it and call me back. They never did call back! They got a computer to call me back and say "so this is resolved now right?" I told the computer no, it's not resolved, I'm still expecting your call. Then bell dropped the ball and never called back.

Then I called bell again more than a week later, told them all of this, and they said they couldn't do anything. That I should call the police. They also said that they have "Never heard of anything like this happening" (yeah right, BELL has never heard of call id spoofing...)

Anyone have any insight on this?
Thanks!

Hi adama,

I don't know how it is done and I wish I knew, but I do know you are not the only one. When bring my mom home from the hospital, after some major surgeries she had, my dad went out to pick up some prescriptions and medical equipment she needed. While he was gone the phone rang and it was his name and cell phone # came up on the caller display. My mom was kind of out of it and thought it was my brother (same name). The number look familiar to her but couldn't remember if it was my dad's or my brother's.

Well, she was higher than a kite on pain meds and talking on the phone to this credit card scammer. She was accusing him of trying trick her by telling her he wasn't who she thought he was. It was hilarious. After she gets off the phone she tells me she now doesn't think it was my brother on the phone. LOL! No, she didn't give any credit card info out. I don't think she could in her state.

Spoofing caller id is very easy with VoIP and Asterisk. Some VoIP providers will let you specify any Caller ID because larger companies or businesses need this to be enabled for legitimate needs using IP PBXes like Asterisk.
I would suspect this makes the call nearly untraceable.

Sorry I can't help more but Bell is not necessarily responsible for passing on a spoofed Caller ID as it has no way to verify any incoming Caller ID. This is true for any company receiving spoofed Caller ID calls.

It is getting to the point where we all need to install home PBX's with a code to get through that you only give out to trusted people. Everyone else goes to VM.

I don't buy the fact that Bell (or any phone company) can't do anything about spoofed caller ID.

For example, they know perfectly well how to bill for calls made to toll-free (1-800) numbers, regardless how hard the caller might try to spoof their number.

We have a toll-free number at $dayjob, and I look at the billing statement for that line and I see the actual phone numbers that call us.

It's high time that if you pay extra for caller ID (and ESPECIALLY if you pay 75-cents and hit *69) you should da mn well get the actual phone number calling you - bypassing what-ever garbage is being forged by the caller.

Ughh .. "can't do anything" ? According to the FCC, it's against the law. Well, not that scammers abide by the law. I found this link:
»www.fcc.gov/guides/calle ··· spoofing

Bell knows the actual ID, but there are legit business requirements to override that.

1) small company, say 5-10 POTS. PBX will outbound from any available line. They want a single caller ID to be used for consistency.

2) Larger company with a central VoIP PBX and remote locations. They may want a local caller ID to be sent when a branch makes a call.

It's not as simple a solution as you think.

There are two numbers carried with the setup information for every call - the Caller ID information and the ANI information. The former is used for display purposes, the latter for billing. They don't always match. There are legitimate reasons to change the Caller ID information. There are also ways to screen the customer supplied Caller ID information before the LEC passes it along. Sadly, that's often not done.

Anyone who paid 50 cents or a dollar (or what-ever the current cost is) for a *69 report and got that billed on their phone bill should have the ANI information show up on their phone-bill as a line-item piece of information for that instance. No excuse for not doing that. It would be no different than what is seen on a toll-free call report.

I dare anyone to explain procedurally or technically why Bell or any phone company couldn't do that. If they're billing you for the information, you should danm well get the information.

And while we're on the subject - are you still charged for a *69 when the info comes back as "We're sorry - the last number that called you is not known." ??? That would never happen if they gave you the ANI number.

Does your friend have voicemail?

Apparently an old way to get in is via spoofing the phone number of the voicemail account to gain easy access. So theoretically, if your number is in his inbox, someone could use that to call you with a spoofed number to pretend to be that its your friend. It would be quite labor intensive to scrape voicemails, unless there is an automated way for a computer to scrape it.

Edit: adding article: »news.cnet.com/8301-27080 ··· a-phone/

The old voicemail systems did not ask for a password if it was coming from the number it was assigned to. Hopefully all providers have fixed that hole.

Edit 2: Let me add that Bell voice mail can also be forwarded to email with the caller id and an attachment of the voice message. Default voicemail password is the seven digit phone number of the account.

Also with VOIP and using IP address.... like on a forum site with the registration bots IP address initially showing its coming from California. But you do a thorough lookup of that IP and it shows as its actually from Africa via a couple hops of proxy from the host. So if the phone system rings a local number as long distance, it sees the VOIP IP being in Africa.

The phone companies could try to find the source of the spoof, but problem is the scammer are usually outside of North America, plus if you add the scammers VOIP and proxies to the list, the scammers real location may be hidden just enough. Plus the phone company and police would rather not spend the money on locating the scammer to end up seeing that the scammers local police won't arrest them for making a living.

CRTC Privacy Regulations specifically prohibit disclosure of the ANI. In the case of tollfree calls, the recipient is paying for the call, so they're entitled to know the source. Personally, I think even that is a bit sketchy.

Got to remember the calling party / calling party telco is responsible for the caller ID and ANI ifo. The receiving party / telco has only the info provided by the calling party / calling party telco has no way to validate the info it is provided.

Billing is largely done through the calling party's telco.

For tollfree calls, the billing is done by the called party's tollfree provider.

with tollfree calls, all that matters is the region the call came from and duration to allow Receiving telco to bill. They dont have to know individual calling party subscriber info.

with added services calls 900 service, the calling party only need be identified up to the called party telco. The called party doesnt need ID. all they know is that their telco has billed the calling party's telco at the prescribed rate and remitted the money to them. It doesn't matter who it actually came from.

Does Bell know that the originating number (this ANI number thing) and the caller id number do not match? Or if the call comes from overseas or through some voip thing, is even Bell fooled into thinking the originating number matches the spoofed caller id number?

It seems to me that bell Does know that they don't match, because the spoofed call gives a long distance ring and the real call gives a local ring.

I want to tell bell that if this particular friend's number calls my house, if it's long distance, reject the call. If it's local, allow the call. Any reason why they can't do that other than them just refusing to do it?

You know, we tell elderly people to only answer phone calls from their friends so they will avoid being scammed by scammers, but now, with this, it is their friend's number showing up on the phone so they answer it...

They don't look at the advertised caller ID, they just look at the fact that it is not originated from an exchanged in the local calling area to determine whether to apply LD ring or normal ring.