Ofcom acts on CLI spoofing
Ofcom is warning the public of the dangers of CLI spoofing, the practice of displaying a fake number as the Caller ID.
Caller Line Identification, or CLI, is the small piece of metadata that is transmitted as part of the globally standardised telephone number dialling protocol that lets a modern phone handset or mobile phone display the incoming number before the call is answered, allowing the recipient to screen unwanted calls. Despite this involving no overhead whatsoever for the phone companies, BT calls it a service and charges its long-standing customers of many years an extra £1.75 per month (£21 per year) to receive this data, whilst Virgin charges £2.25 per month (£27 per year). This is despite a call from a cross party committee of MPs who looked at CLI in 2013 and recommended that phone companies should routinely provide CLI, free of charge, and that if they did not do this voluntarily, it could be imposed on them in future legislation.
One of the confusing things about the CLI displayed on your handset is that it is not necessarily correct. Whilst the phone company always knows the true origin of the call, a caller with the right equipment can display any number they wish on the recipient's handset, or withhold the number entirely. There are legitimate reasons for doing this. A large company with many individual phone lines might want it to appear that all the calls originate from their main switchboard number, or they may wish to display an 0800 number so that people can call back for free if they wish. Users of VOIP services, speaking via a headset on their PC, don't have a number as such and may wish to display the number of their mobile instead.
Private consumers may wish to block their numbers entirely, for privacy reasons, or perhaps because we cannot trust large companies who seem to harvest the number of everyone who calls them and add those numbers to telemarketing lists. I know of no-one who appreciates being called at home by a salesman, political party, or market research company, and yet telemarketing companies continue to push this as a legitimate form of promotion.
This flexibility in setting the Caller ID is exploited by both telemarketing companies and scammers. We all know that email spammers disguise the origins of their emails, to make it harder to block them and to give them an air of legitimacy by impersonating well known addresses. Likewise, phone spammers fake their CLI number to get you to answer the phone. In 2013, the committee of MPs and the Department of Culture, Media and Sport called on the government to ban telemarketing companies from using faked CLI numbers, in a bid to crack down on nuisance calls, but any ban is only going to be effective if the telecom companies prevent the misuse of CLI spoofing by their own customers, and give their subscribers the ability to block overseas calls masquerading as UK numbers.
Ofcom estimates there are two billion calls per year made to UK subscribers where the CLI is faked with intent to mislead, and in a press release it says it has been working with both phone companies and the Internet Engineering Task Force (IETF) on the issue of CLI on VOIP calls, to try to make CLI more traceable in cases of abuse. But this is hardly a new problem, and it does feel like the industry is dragging its feet over this. The cynical reader might not be surprised. Telemarketing companies think they have an absolute right to use your phone, that you pay for, to conduct their business, and are resistant to any form of regulation. Phone companies make a lot of money out of the two billion unsolicited calls per year, and also encourage people to take up additional "privacy services" such as Caller ID which adds around 10% to the cost of basic line rental.
Ofcom's clearly thinks CLI spoofing is a problem, and yet its advice on dealing with faked CLI is buried five clicks deep on its website. I doubt anyone would ever find the page without being given the link. Why are highly-financed national organisations like Ofcom so bad at presenting information on websites? The bottom line from Ofcom is that if you think you have been a victim of Caller ID spoofing, tell Action Fraud, tell Trading Standards, tell the police, tell your family, friends, neighbours and neighbourhood watch,... but don't tell Ofcom.
30th September 2015
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content. If you would like to receive the newsletter direct to your inbox each month, please SUBSCRIBE here. It is free, and you don't get added to any other mailing lists. It uses best-practice confirmed opt-in only, and you may unsubscribe at any time.