Scammers find loophole in ICASA’s VoIP regulations

November 17, 2020

Fraud on the rise with Caller ID Spoofing as fraudsters turn to digital telephony as a new form of Phishing

Johannesburg, Gauteng, November 17, 2020- Caller ID spoofing, for those unfamiliar with the term, is the act of manipulating or changing the phone number that appears on someone’s call display when you place a call to them.

In a new phishing scam, con artists are using phony caller ID numbers to solicit personal information and money. Thanks to the phony caller IDs, the “spoofers” are able to convince victims that they’re receiving a call from a bank or credit card company — and use this to acquire sensitive personal and financial information, or even money, from their victims.

The success of this scam is that few people would ever think that the name and phone number appearing on their caller ID screen is not genuine.

What this means is that scammers are already using phony caller IDs and are posing as representatives of banks, credit card companies and government agencies.

This spoofing facility is made available by suspect VoIP providers.

Mohammad Patel, CEO of O-Tel Telecom strongly advocates the banning of changing CallerID to any other number except for the accounts allocated number.

‘With the ever-increasing popularity of digital Telephony and the number of VoIP Providers on the increase, ‘Fly-By-Night’ providers will do anything to make a quick buck as they offer calls at below cost, and shady services such as this Caller ID Spoofing amongst empty promises.” Patel comments.
“What could begin as an innocent service offer if the client insists on his ‘Telkom’ number to show to the call recipients instead of the VoIP providers newly allocated number, can soon turn into a dangerous situation for consumers.”

Most banks and larger organisations will use PRI number range, like 011 841 0000. The cell user will most likely save this number on his cell phone and allocate a name to it. When a call arrives with this caller ID, the name will pop up informing called that this large company/bank is calling.

Newer phones will accept digital headers sent to it, so even if the number is not saved in the users cell phonebook, the name will still appear, eg: XYZ Bank

Patel adds, “After discussions with some of the other leading players in the industry, we’ve found that most of the bona-fide VoIP providers in South Africa, including O-Tel, do not allow this facility on the network. Although it is not yet deemed illegal to allow such facility, common sense prevails.

Whilst we already suffer from E-mail Phishing Scams, we need to close all avenues to ensure the fraudsters do not use this technology to defraud the unsuspecting public.”

Patel appeals to ISPA, ICASA and all related organisations to look into this matter with great urgency.

The message that should be given to the public is to be cautious in any situation.

Here are three tips that can help you avoid being scammed:

  1. Don’t assume that the information displayed on your phone, regarding who the caller is, is accurate — now you know it can easily be spoofed.
  2. Never give out personal or financial information over the phone unless you know EXACTLY whom you’re dealing with.
  3. If you have doubts about who’s on the phone, call back the main number at your bank or credit card company rather than talking to the person who calls you.

The moral of the story is that — at least for now — you can’t trust caller ID to tell “the whole truth and nothing but the truth.”