Weekly Cyber Note: Call Spoofing and Techniques of Prevention

Cybersecurity Cyber Notes
, ,
1

Call spoofing has become a common technique of cybercriminals to deceive people by making their phone calls appear as though they are coming from trusted sources, such as government agencies, banks, telecom providers, or even known contacts. This tactic is used for scams where the attackers try to steal sensitive information like Aadhaar numbers, OTPs, bank account details, or even blackmail people to make payments.

Holding a phone with a call spoofing.
Holding a phone with a call spoofing.720Ă—412 48.4 KB

How Does Call Spoofing Work?

Attackers use various tools and services to manipulate the caller ID displayed on the recipient’s phone. These include Voice over IP (VoIP) services, specialized software, and third-party spoofing services. By doing this, they can make the call seem credible, increasing the likelihood that the victim will answer the call and follow the scammer’s instructions. This deception is sometimes paired with fear tactics, urgency, or enticing offers to lure the victim into making hasty decisions.

Common Scenarios of Call Spoofing:

  1. Impersonating Government Agencies:

    • You may receive a call that appears to be from the Income Tax Department, claiming that there is an issue with your PAN card or that you owe taxes. The caller may threaten penalties or legal action unless you pay a certain amount immediately or provide your financial details.
    • The Indian government or tax authorities will never ask for payments or sensitive information over the phone. Always verify such claims by contacting the agency through official channels or portals.

  2. Banking and Financial Scams:

    • A caller pretending to be from your bank may warn you about suspicious activity in your account and ask for your account number, PIN, or OTP to “secure” your account.
    • Banks never ask for your OTP, PIN, or other sensitive information over the phone. Hang up immediately and report the incident to your bank using their customer service helpline.

  3. Telecom Provider Scams:

    • You may receive a call that appears to be from your telecom provider, offering a special deal or threatening to disconnect your service unless you provide your Aadhaar details or make an immediate payment.
    • Always verify such claims by visiting the telecom provider’s official website or contacting their customer care. Avoid sharing sensitive information over the phone.

  4. KYC (Know Your Customer) Verification Scams:

    • A caller impersonating a bank or payment app representative may ask you to complete your KYC by sharing your Aadhaar number or OTP. They may threaten to freeze your account if you do not comply.
    • KYC verification is never done over unsolicited phone calls. Always use the official app or website for any updates or verification. Report such calls to the concerned bank or service provider.

Tricks and Solutions to Prevent Call Spoofing:

  1. Use Call-Blocking and Caller ID Apps:

    • Several apps in India, such as Truecaller or Airtel Thanks App, can identify and block spam and spoofed calls. These apps help by flagging suspicious calls based on reports from other users.
    • Install and regularly update these apps to stay protected from spoofed calls. Truecaller, for instance, allows you to block specific numbers and report spam.

  2. Don’t Rely Solely on Caller ID:

    • Caller ID can be manipulated easily. Even if the call appears to be from a known number, like your bank or a government agency, be cautious.
    • If the call seems suspicious, don’t hesitate to disconnect and verify by calling back the official number listed on the organization’s website or your last bill statement.

  3. Enable DND (Do Not Disturb):

    • Registering your number with the National Do Not Call Registry can reduce the number of unsolicited calls, though it won’t eliminate all spoofed calls.
    • Activate DND by sending an SMS with START 0 to 1909 from your mobile. This will block promotional calls and messages, making it easier to identify suspicious calls.

  4. Be Aware of KYC and Payment Scams:

    • Scammers often use urgency, such as telling you that your bank account will be frozen, to trick you into revealing sensitive details.
    • Always complete KYC processes through official channels and never share OTPs or PINs over the phone. Banks and legitimate payment services will not ask for this information through calls.

  5. Report Spoofed Calls:

    • Reporting spoofed calls can help authorities track and block such numbers, protecting others from becoming victims.
    • Report such calls to the Telecom Regulatory Authority of India (TRAI) via the DND service by sending a complaint message. You can also call the toll-free helpline number 1930 or report to the National Cyber Crime Reporting Portal (cybercrime.gov.in).

Call spoofing is a growing problem worldwide, but by staying vigilant and using the right tools and practices, you can protect yourself from falling victim to these scams. Remember, if something feels off, hang up and verify the information from trusted sources. You should also spread the word to help others in your community stay safe from call spoofing and related fraud.

Share this note with your community members and family to increase awareness and defence against call spoofing. Stay alert, stay informed, and stay safe!

Cybersecurity Team, Complaint Hub

2 Likes