Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

How scam call spoofed phone numbers work (and what to do)

With over $50 million dollars lost in Australia to scam calls this year so far, it’s pretty clear Aussies are falling for them. So how can you spot a scammer over the phone?

“Hello,” the voice begins after a click, waiting for the switch to a call centre to go through before continuing, “we’re calling from Amazon.”

It’s the beginning of a scam, as a fake Amazon worker from a fake Amazon call centre reaches out, though you could probably replace “Amazon” with all number of names at the moment. Microsoft, NBN, the Australian Tax Office, and a gamut of other organisations and companies are being misrepresented by scam callers as criminals engage in scam calls en masse, and frustratingly, it’s difficult to tell simply by glancing at your phone.

Scammers have wised up over the years, and are embracing technology in a big way. Now that most of us are using smartphones with caller ID built in, criminals have worked out that we can easily track who’s calling, switching to a way to spoof those numbers.

Not a new technology, faked phone numbers are commonly referred to as “spoofing”, and effectively replace the original caller’s number with something else, making the call seem that much more legit. Unfortunately, while spoofing isn’t new, it’s being seen more and more, especially while many of us are in lockdown.

“Spoofed numbers have been part of scammers toolkits for years, but we are certainly seeing an uptick in the use of this technique as we spend more time on our devices during lockdown—a behaviour scammers have been cashing in on since the start of the pandemic,” said Alex Merton-McCann, Cyber Safety Ambassador for McAfee in Australia.

“In the past, we have also seen call spoofing scams rise around high-stress periods like tax time and the holidays where Australians are more likely to be tricked into acting fast to resolve fake issues with their important personal or financial accounts,” she said.

Amidst lockdown, it means a call you get from a local number might be something of importance — a doctor, a contact tracer, an employer, and so on and so on — but it could also be a scammer attempting to trick you into thinking their call is legit, and hoping to snag you into a scam.

How do scammers fake a phone number?

Spoofing is something that happens at the caller’s end, with digital phone services allowing callers and call centres to do just that.

Similar to how online text messaging systems can let you replace the sender’s name and phone number, so too can voice over IP systems used by call centres. It’s this feature that allows a scammer to pretend to be someone else, and why that dodgy caller might look local when in fact they’re actually calling from a country far away.

How can you identify a scam caller?

Perhaps unsurprisingly, a local-looking number makes it more difficult to work out whether that call you’re receiving is real or fake, so you might have trouble working it out yourself.

Telcos are actively trying to block these calls, something Telstra’s Cleaner Pipes program actively goes on the defensive with for people using its network, but education and awareness may be our best line of defence against a scam caller using a spoofed number.

What should you do when a scam caller rings on a spoofed number?

When you pick up a scam call on a spoofed number, the moment it sounds dodgy, hang up. And if you’re struggling to work out if it sounds wrong, take a tip from an expert.

“If you ever receive an unsolicited call from a company or government body, you can be confident that it is from a scammer, regardless of what the Caller ID says,” said Merton-McCann.

“It is incredibly rare that an organisation will call you out of the blue if you haven’t contacted them first—and even rarer that they will request your valuable personal or financial information to resolve an issue,” she said.

It means Amazon won’t likely call you out of the blue, and neither will Microsoft or the NBN or really anyone else. It is extremely unlikely that an organisation would cold call about something related specifically to you, such as needing financial details, but if you’re still struggling to make that connection — and if a caller is cold calling and asking you to confirm your financial details — ask yourself why they don’t have them to begin with, and hang up.

If you’re at all concerned, Google the phone number of the official organisation that supposedly called you, and ask whether they did in fact call. You’ll more than likely find out they did not.

As for that mobile number that reportedly rang you, it was spoofed, and unfortunately, the user on the other end will be none the wiser, and it is entirely out of their control. Rather, report the scam to the ACCC’s Scamwatch program, and hopefully the government will do something about it.

Read next