Consumers are becoming warier of phone scams, the threatening call from the “IRS,” the website password request, the fake charity appeal, and many more. As such, scammers are thinking up ingeniously novel ways to be deceptive. Introducing enterprise call spoofing, where scammers change their caller ID to that to a real business phone number. It involves stolen customer data, smart software, and a few tricks of deception.

And it’s fooling millions of Americans.

Enterprise call spoofing relies on our willingness to trust the people who provide us with services. The small business owner impacted by the pandemic, for example. Two-fifths of us are more likely to trust local businesses than large companies. This includes the store where we purcahse our grocers, phone service providers, or even your business.

Here’s everything you wanted to know about enterprise call spoofing but were afraid to ask.

Why is Call Enterprise Spoofing So Effective?

If our caller ID reads the name and number of an organization we recognize, the last thing we think about is a scammer trying to steal our money. But call enterprise spoofing is skyrocketing at an alarming rate. It’s happening right now.

Thirty-two percent of people who have lost more than $1,000 because of a scam call say the caller ID displayed the name or number of a familiar business.

This familiar business doesn’t have to be Nike, or Apple, or Walmart. It could be an organization of any scope or size. It could be your business.

How Does Enterprise Call Spoofing Work?

Enterprise call spoofing differs from some other phone scams because it’s very targeted. Scammers know the companies we use because they have access to our data — probably stolen from a data breach. It’s not a random phone scam where the caller has a massive call list but knows very little about the people on it.

As the FCC cracks down on robocalls, scammers have shifted their focus from “quantity” to “quality”, taking a more nuanced approach to fraud. So robocalls overall have dropped — 40 percent of cell phone calls were scam calls in 2019, down from around 50 percent in 2018 — but scammers are more dangerous than ever before.

Scammers know more about us. Often times they know where we shop and eat and what utility company we use. And they might know about your business.

Seventy-five percent of phone scam victims say scammers had access to at least some of their personal information and used this data to extract even more personal data. When scammers already know a little bit about customers, it’s easier for them to get their attention, start a conversation, and eventually earn their trust.

Enterprise Call Spoofing Targets Toll-Free Numbers

Toll-free numbers have increased in popularity in recent years, with 90 percent of Americans using one at some point or another. Although toll-free numbers provide customers with cost-saving benefits, scammers often use these numbers to spoof calls. Calls from toll-free lines now make up 25 percent of all unwanted calls. Moreover, 32 percent of calls from toll-free numbers were considered “high-risk” in 2020, up from 12 percent in 2018.

Scammers also combine enterprise call spoofing with neighbor spoofing— a technique where scammers use local numbers to pretend they are calling from local businesses. However consumers are catching on to neighbor spoofing and are becoming more wary of these tactics. As the FCC continues its crackdown on robocalls, neighbor spoofing overall has dropped by around 20 percent, but scammers are still using this technique to trick us.

How Do We Solve the Problem?

Enterprise call spoofing is one of the biggest threats out there. When scammers have access to data, they can pretend to be calling from a genuine business like yours, which has all kinds of ramifications. A poor reputation. A lack of trust. A drop in sales. You name it.

So how do we solve this issue?

We can’t. Not really. It’s almost impossible to prevent call spoofing entirely. Sure, phone carriers are rolling out call authentication technologies, based on the FCC’s STIR/SHAKEN framework, but no technology solves the problem altogether.

It’s all because of the way scammers spoof calls. They use Voice over Internet Protocol (VoIP, for short) to transmit scam calls over the internet. These calls travel through multiple networks in a process called routing, making call authentication a challenge for carriers.

Perhaps there’s another solution?

Monitor Numbers to Prevent Enterprise Call Spoofing

Monitoring your outbound numbers is a successful preventative measure. If carriers (or call blocking apps) flag your number, there’s a chance that scammers have used it for enterprise call spoofing. Either that or the outbound sales agents in your call center are using the wrong techniques, causing customers to flag numbers as spam. Regardless, identifying problems early on provides long-term benefits.

Create a Policy for Stolen Numbers

Don’t forget to have a policy in place for an event where hackers steal your numbers. Data breaches happen all the time, and the consequences can affect your entire business, so it’s best to prepare. Incorporate the following into your policy:

  • What to do after a data breach
  • How to continue operations quickly
  • How to deal with customers
  • Whether you have any legal recourse because of the breach
  • How to communicate the situation to customers/media

Pro-tip: Consider using an Interactive Voice Response (IVR) to route incoming complaints to trained personnel who can defuse the situation and reassure customers.

Final Word

Enterprise call spoofing is a real threat and one that can trickle down into your business and call center operations. If scammers spoof your numbers, it could jeopardize day-to-day workflows. It’s essential to keep a close eye on this threat and continuously monitor the latest phone scam trends that might affect your organization.