/ Money, Technology

FFA UK: beware of ‘number spoofing’ fraudsters

Mobile phone

You’d think you could trust your phone’s caller display, but fraudsters have found a way to spoof your bank’s number. Here’s Katy Worobec of Financial Fraud Action UK to fill you in on ‘number spoofing’.

It all starts with a phone call. It’s the bank: there’s been fraud on your account and they just need you to confirm some details.

You’re understandably panicked, but the caller reassures you that as long as you do exactly what they say, the problem will be solved. Just look at the caller ID display – it’s the same number as your bank, so the call must be genuine, right? Wrong.

Watch out for number spoofing

It’s a new twist on a scenario that we hear about all too regularly. You may have heard about a phone scam in which a fraudster calls you pretending to be your bank. They then try to convince you into handing over personal details or even into transferring cash straight into the criminal’s bank account.

Now fraudsters are using a new trick to con people into thinking the request is genuine, and it’s vital that you don’t fall for it.

It’s called ‘number spoofing’. It’s a piece of technology that enables someone to alter the number that appears on your phone’s caller ID display so that it mimics another phone number.

Mimicking your bank’s phone number

The technology has been around for a while, but only recently have we seen fraudsters trying to use it to trick their victims.

They mimic the phone number of your bank and then ask you to check it while you’re on the phone in an attempt to convince you the call is genuine.

But it’s a scam. Your bank would never point you towards the phone number displayed to validate a call.

And your bank would never call you and ask for your four digit PIN or your full online or telephone banking password. They would also never ask you to transfer money to a new account for fraud reasons, even if they say it’s in your name. Anyone asking you to do so is a fraudster.

Can you spot a phone scam?

How confident are you that you’d be able to spot a fraudulent phone call? Our research shows us that over a third of people find it hard to tell the difference between a scam call and a legitimate one.

What about your family and friends? Do you think they could fall victim to a phone fraudster? We need everyone to spread the word about phone scams and number spoofing so that they don’t get caught out.

Which? Conversation provides guest spots to external contributors. This post is from Katy Worobec, Director of Financial Fraud Action UK. All opinions expressed here are Katy’s own, not necessarily those of Which?.

Comments
Profile photo of william
Member

Number spoofing as been happening for years, It’s only just now that some fraudsters are using it in the manner.

It’s a shame that phone companies don’t care about who they connect to the general public.

And will it catch me out. Nope a snow balls catch in hell.

“We need everyone to spread the word about phone scams and number spoofing so that they don’t get caught out.” Why not fine phone companies each time they connect call from a spoofed number, I think you’ll find they soon find ways to prevent it happening.

Profile photo of bib1
Member

william wrote: “Why not fine phone companies each time they connect call from a spoofed number”,

Completely agree. Technically, I’d say it’s already illegal. Doesn’t the Wireless & Telegraphy Act cover telephone communications? I’m pretty sure that under the Act it’s illegal to transmit misleading information.

But then again , if that were true, politicians wouldn’t be able to use the telephone ……..

Profile photo of NFH
Member

Whenever my bank phones me, their number is unavailable. If this becomes the norm and a well-known practice for all banks whereby bank customers don’t expect to see their bank’s number, then it will look suspicious whenever the fraudsters spoof their caller ID.

Profile photo of wavechange
Member

If I receive a call from a bank or other company I deal with I assume it is fraudulent and say that I will call them. So far all the calls have been genuine but one of these days I will probably be glad I’ve been cautious.

Profile photo of Esther
Member

If I receive a call from my bank, I thank them, hang up and go round to the bank, which is fortunately near where I live. Like Wavechange, I prefer to assume the call may be fraudulent, so I don’t take the risk of giving any information over the phone.

Profile photo of bib1
Member

Some of the spoofed numbers I get are not exactly well thought out – they don’t even start with a zero!
I even had 99999999….. must answer that one, it’s probably the Fire Brigade.

PS
Why do all our numbers still start with a zero?

Profile photo of malcolm r
Member

bib 1 – they don’t all start with 0. Zero starts the area code number, but local numbers start with a non-zero digit. That is my understanding.

Profile photo of bib1
Member

malcolm r:

I think you’re right.

I don’t know if this is always true but the normal format is 01234 123456 where:
01234 is a sort of area code and always has a leading zero
123456 is the local number.

If you’re on the same area code, you can dial just the local number from your landline as, I guess, the exchange doesn’t have to switch to ‘long-distance’ (whoops, that shows my age ….).

But I believe caller-id always displays the full 01234 123456 number even if it originates from your own exchange.

Profile photo of Terotech
Member

Wrong, the area code is 4 digits, and the local number is 7 digits. XXX XXXX

Profile photo of bib1
Member

Thanks for the correction but I’m still confused.

BT’s UK Codes website says (for example): “The code for Fareham is 01329”.

So wouldn’t the local number then be 6 digits?

Profile photo of Louis
Member

Speaking from personal knowledge of numbers in two area codes, I can say that the local number is either seven or six digits. It all depends on whether the area code is four or five digits.

So you were right to query this, bib1.

Member

UK geographic area codes can be 2, 3, 4 or 5 digits long, not including the leading zero.

Local numbers can be 4, 5, 6, 7 or 8 digits long.

The total number of digits is usually ten, but can be nine in some places.

The following combinations are valid:

2+8, 3+7, 4+6, 4+5, 5+5, 5+4.

Profile photo of bib1
Member

Dave, nicely described – many thanks.

Member

Numbers starting 02X are always 2+8 format, i.e. (02X) XXXX XXXX or +44 2X XXXX XXXX.

Numbers starting 011X are always 3+7 format, i.e. (011X) XXX XXXX or +44 11X XXX XXXX.

Numbers starting 01X1 are always 3+7 format, i.e. (01X1) XXX XXXX or +44 1X1 XXX XXXX.

The remaining 01 numbers use a variety of formats:
4+6, i.e. (01XXX) XXXXXX or +44 1XXX XXXXXX (the most common)
4+5, i.e. (01XXX) XXXXX or +44 1XXX XXXXX
5+5, i.e. (01XXXX) XXXXX or +44 1XXXX XXXXX
5+4, i.e. (01XXXX) XXXX or +44 1XXXX XXXX.

This Ofcom file list which formats are used within the various area codes:

http://www.ofcom.org.uk/static/numbering/s1_code.txt

Where a local number begins with a ‘0’ or a ‘1’, that number must always be dialled in full including the area code, e.g. 02X 0XXX XXXX, 02X 1XXX XXXX, 011X 0XX XXXX, 011X 1XX XXXX, 01X1 0XX XXXX, 01X1 1XX XXXX, etc. The format of these is denoted “0+10” in the Ofcom files.

Member

The various number formats are well defined.

Numbers starting 02X are always 2+8 format,
i.e. (02X) XXXX XXXX or +44 2X XXXX XXXX.

Numbers starting 011X are always 3+7 format,
i.e. (011X) XXX XXXX or +44 11X XXX XXXX.

Numbers starting 01X1 are always 3+7 format,
i.e. (01X1) XXX XXXX or +44 1X1 XXX XXXX.

The remaining 01 numbers use a variety of formats:
4+6, i.e. (01XXX) XXXXXX or +44 1XXX XXXXXX (the most common)
4+5, i.e. (01XXX) XXXXX or +44 1XXX XXXXX
5+5, i.e. (01XXXX) XXXXX or +44 1XXXX XXXXX
5+4, i.e. (01XXXX) XXXX or +44 1XXXX XXXX.

This Ofcom file lists which formats are used within the various area codes:

http://www.ofcom.org.uk/static/numbering/s1_code.txt

Where a local number begins with a ’0′ or a ’1′, that number must always be dialled in full including the area code, e.g. 02X 0XXX XXXX, 02X 1XXX XXXX, 011X 0XX XXXX, 011X 1XX XXXX, 01X1 0XX XXXX, 01X1 1XX XXXX, etc. The format of these numbers is denoted “0+10″ in the Ofcom files.

Member
M Gaherty says:
13 November 2014

By a curious quirk, neither of my cordless landline phones ring when a genuine call comes through. However, they DO ring if the caller’s number is not disclosed or if a spoofed number is used. I get quite a few calls using spoofed numbers. 🙁

Profile photo of bib1
Member

M Gaherty: “….. neither of my cordless landline phones ring ….”.

Your cordless phones, are they by any chance BT6500’s (or 6510’s)?

Profile photo of Terotech
Member

“neither of my cordless landline phones ring when a genuine call comes through”.
How do you know you’ve a genuine call on the line?

Member
lizzie says:
13 November 2014

Read about caller ID spoofing from https://www.callercenter.com/blg/articles/spoofing-caller-ids/ and I was surprised to learn that it was actually some telephone companies that provide the tool to facilitate spoofing. Is it even allowed?

Profile photo of william
Member

It’s allowed in as much as if you’re ringing from behind a switch board say, you can use the main contact number as your number.

It has however got plenty out of hand.

Profile photo of bib1
Member

As william has said, there is nothing wrong with number spoofing, in fact it can be very useful.

As an example, British Gas use it very well. They call you (from a call centre) but ‘spoof’ their caller-id to an 0800 number that plays you a comforting message.

Profile photo of william
Member

My mum has just gotten off the phone with DC Ian Taylor from High Holborn police station visa fraud department, letting her know that a mobile phone and 2 TVs had just been bought using her credit card and she should ring her bank using the number on the bank of the card.

Luckily her main phone doesn’t ring out so by the time she’d got to the other phone she couldn’t ring the number.

She’s now reported it to action fraud and they’re about as useless as the TPS since no actual crime has been committed.

About time we had some grown up regulators / rules rather than these well known cartoon mouse ones.

Profile photo of JohndeRivaz
Member

I think what this is really showing is that the voice telephone is a for more fertile ground for criminals than the modern Internet. The reason is that the victim is caught off guard and panicked, as the article says.

The solution that will eventually come is that banks (and other businesses) will cease using the telephone and solely use an even more secure form of Internet communication.

Another great advantage also is that the messages are queued and not the customers.

It may be argued that not everyone is on the Internet, but it is available at many public venues such as libraries and village halls.

In addition, there was a time when most people could not read and write. Government initiatives changed that, and government initiatives will change access to the internet to equal the availability of general literacy.

Profile photo of bib1
Member

John de Rivaz wrote: “… the messages are queued and not the customers …”.

What a great phrase …. I hope you don’t have the copyright for it – I REALLY wanna use it down the pub!

Profile photo of JohndeRivaz
Member

Please spread it far and wide — it could eventually spell the end of the telephone call centre in favour of email.

Profile photo of Terotech
Member

The other scam is when someone calls to say you have a computer problem which they can fix online. This is preparatory to asking for information. No genuine person is going to call in this way, so I just give them a loud raspberry and hang up.

Member
Myporears says:
11 April 2015

I laughed when I read the message about spoof ‘computer problem’ calls. As my sister had been totally tricked, I was aware. When a call came and I stupidly answered, as I normally do not bother with withheld numbers, I was told that there was a problem with my Windows, (Microsoft) so I immediately said that I had oiled all the hinges and cleaned the frames that very day! I proceeded to tell the poor chap, before he could explain, the details of when we had had new windows installed, the style etc. and eventually came the click. When the line was dead, I laughed so much that I could hardly speak to my husband to explain to him why I was talking such rubbish. My husband has also acted like a fool and purposely answered questions with totally inappropriate responses, as if he had misheard or missed the point. I think that the last one, he started to give a shopping list! Mainly we just do not talk at all and it unnerves them if there is, in fact, anyone on the line. Touch wood, we have not had many cold calls of late. Perhaps there is a list of “Don’t Bother to Call THAT Number” numbers!

Profile photo of Louis
Member

Many years ago, before spoofing was in the public eye, I got a call from my bank about an unusual transaction. I immediately refused to give any info on the phone and asked the caller to send me a secure message. When I logged on and saw the message, I realised that the call had been genuine. No criminal will be able to send me a message via my bank account.

Nowadays, I don’t take unsolicited calls; if it’s not my family or my boss, I will just put the phone down on my desk and I will carry on working. Callers don’t get the chance to engage in a conversation.

Member
Hugh S says:
8 January 2015

We regularly get calls from “unusual” looking numbers. Our downstairs phone has called ID so if I’m downstairs I don’t answer phone when I see an unusual number. Sometimes, though, when upstairs I will answer the phone (without caller ID) and feel annoyed to find that the call is from abroad. I don’t engage in conversation but it is very annoying and the calls can be several times a day.

Member
Mark says:
3 March 2015

This has just happened to me – literally…

Fortunately I was suspicious and didn’t hand over the code they wanted.

I called my bank on a different telephone (always wise as they may hold the call)

My account is now frozen while they investigate, but at least my money is safe.

Member
Jack says:
22 April 2015

If you get any calls from this number: +44 20 3004 8186 & +442070354848 please don’t response.
This is fraud call . They are cheaters and try to target foreign nationals with the police arrest.
Scam people make this number to display in your mobile phone to cheat you.

The call starts with story that they are calling from crime stoppers and later call is connected to home office (fake).
They make story like – “you did not fill alien card while landing in UK,” YOur Country’s Govt & British High Commision has lodged a complaint against you. We have police warrent and will arrest you,hand cuff you,etc ” they try to take all your details including your phone number and address, passport number, family members,work status, etc
These scam people will try to suck your money.
They will also say that they would sort out the problem by discussing with your country official for amicable solution to get rid off the arrest at foreign country (UK).
These people are targeting the foreigners with the police arrest.
But all they say are fraud don’t believe at all.

BEAWARE –
These scam people will ask you to transfer money via wire transfer…Don’t do that…Don’t lose your money.
If you get any calls from the numbers belong to government office especially from immigration or Visa or Police department, don’t not believe immediately to lose your money.

BEAWARE -If ever required, GOV.UK will ask you to approach DIRECTLY or they will approach you DIRECTLY. NO calls are made by them.

Member
Philip Thomas says:
12 October 2017

Usually they ask for either me by name or ‘the owner’. I just ask them to hang on while I fetch him/her. Then I leave them to it.
Occasionally I just get rude, I have to admit, particularly if I have just rushed to the ‘phone.
I feel that those who sell lists of numbers should not do so.
I suppose a more sensible approach would be to tell the caller that they have the wrong number, in the hope that they may delete it from their list.