Caller ID spoofing is a service that allows a caller to masquerade as someone else by falsifying the number that appears on the recipient's caller ID display. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID spoofing can make a call appear to come from any phone number the caller wishes.
Caller ID spoofing is provided as a service by a number of vendors. Here's one example of how it works: A customer pays in advance for a certain number of calling minutes. To set up a call, the customer opens a Web form and enters their phone number, the recipient's phone number, and the number chosen to appear on the recipient's caller display. The service then patches the call through between the caller and recipient phones as stipulated. Some other services involve having the caller dial a number to access the service and then dial the phone numbers.
Caller ID spoofing has been available for years to people with a specialized digital connection to the telephone company. Collection agencies, law enforcement officials, and private investigators have used the practice, with varying degrees of legality. However, the advent of VoIP (voice over Internet Protocol) service makes it simple for the average person to falsify a calling number, and as Internet telephony has become more common, so has caller ID spoofing.
Frequently, caller ID spoofing is used for prank calls. For example, someone might call a friend and arrange for "The White House" to appear on the recipient's caller display. However, according to Lance James, chief technology officer (CTO) of Secure Science Corp., criminal uses of caller ID spoofing, such as identity theft and vishing (VoIP or voice phishing), have also increased significantly.