September 22, 2021

How Phone Number Hijacking Spurred STIR/SHAKEN

| | |

Phone Number Hijacking Spurred STIR/SHAKEN

If you work in telecommunications, you have undoubtedly heard the term STIR/SHAKEN, a framework mandated by the FCC that will significantly lower the amount of call spoofing and phone number hijacking.

Unscrupulous robocallers and other scammers have damaged consumer confidence so much that legitimate organizations find it difficult to reach people. How did the industry reach this point, and how will STIR/SHAKEN restore confidence? Let’s take a closer look!

STIR/SHAKEN Aims to Prevent Call Spoofing

It has been far too easy for scammers to spoof numbers over the last couple of decades. STIR/SHAKEN (Secure Telephony Identity Revisited/Signature-based Handling of Asserted information using tokens) uses call authentication technology that stops spoofed calls by validating call sources and ensuring that the accurate numbers appear on caller IDs.

As we’ve discussed before, caller ID authentication involves five steps:

  • When someone places an outbound call, the service provider gets a request and checks the call’s origination.
  • The service provider ensures the call’s origination through an authentication service.
  • The provider passes a token to the recipient’s service provider (the token includes a SIP header with a timestamp, attestation level, origin location, encryption algorithm, and other information).
  • The recipient’s provider checks the token to ensure it matches the correct number.
  • The receiving provider connects or rejects the call.

With this process in position, call spoofing will become incredibly difficult, maybe even impossible.

What Is Phone Number Hijacking

Most companies despise call spoofing, but there are legitimate, legal reasons to use the technology. Some businesses need to mask their real numbers to reach their intended contacts. A debt collector, for example, has a good reason to mask its number and business name. Number spoofing also helps companies like Uber use temporary numbers to protect the privacy of their drivers.

Phone number hijacking, however, does not have any legal uses. Hijacking a number involves stealing a legitimate business’s outbound numbers and pretending to represent them. Consumers have no way of knowing whether the call comes from a scammer or a business they want to talk to.

Scammers could hijack your numbers for days, weeks, or longer before you discover the crime. By that time, your number and brand have suffered. Angry customers assume that you scammed or lied to them.

Signs that you have fallen victim to number hijacking include:

  • An influx of calls from angry customers, including customers you have not contacted.
  • Low answer rates that suggest carriers and call-blocking apps have flagged your numbers.
  • More than usual hangups from people who do not trust your number.

Why Scammers Use Spoofing

Scammers know that they need to fool their victims, and they have plenty of strategies for pulling the wool over someone’s eyes. Illegal operations will also create fake websites, email addresses, Slack channels, Facebook pages, and other forms of communication to trick consumers. For example, they might spoof your company’s email address by changing “.com” to “.net” or replacing one letter in the domain name.

The scammers rely on your solid reputation to trick consumers into giving them personal information, such as credit card and Social Security numbers.

Scammers are terrible, but many of them are savvy. They know that individuals are more likely to answer phone calls from certain types of groups more than others.

Hospitals

You answer calls from healthcare services because you believe they have something critical to tell you. Maybe they have test results, want to remind you of an upcoming appointment, or reschedule a visit. What if someone you love has been in an accident and admitted to the hospital! Your mind runs wild with possibilities, so you–and practically everyone else–answer the call.

Who would sink so low? Criminals. Just look at the H. Lee Moffitt Cancer Center & Research Center in Tampa. It received about 6,600 fraudulent calls from spoofed numbers that appeared to come from within the center.

In this case, scammers directed calls at the healthcare center. Criminals are not above contacting patients, though. When they see a vulnerability, they take advantage of it.

Law Enforcement

Law enforcement officials rarely have news that you look forward to hearing. People answer calls from law enforcement, though, because they understand their importance. A loved one may have been injured or arrested!

To make matters worse, people usually cooperate with law enforcement agencies. In one recent scam, someone impersonated the Metro Nashville Police Department’s Special Victims Division to tell people they were under investigation for sending explicit photos of minors. The people felt compelled to cooperate because they wanted to clear their names and avoid prosecution. During the interrogations, victims may have provided information that helped the criminals commit identity fraud.

Financial Institutions

What do you do when you see that your bank, credit card, or other financial institution is called? You answer because you worry about the risk of missed payments, low account balances, and credit card fraud. You answer because you trust that the financial institution has a good reason to call.

People also expect banks and other financial institutions to verify their identities by asking personal questions. Marquette Bank learned that some of its clients had become targets. The scammers asked questions about account numbers, birth dates, Social Security numbers, mother’s maiden names, and passwords.

When you know that number hijacking happens, you know not to answer such questions. The scammers only need a few people to fall for the trick, though.

Take Control of Your Phone Number Reputations!

It can take time before you learn that someone has hijacked one or more of your numbers. Manage your number reputations frequently with help from Caller ID Reputation. The sooner you discover that someone has targeted your customers, the sooner you can stop them and repair any damage caused by the criminals.

Contact Caller ID Reputation today to learn more about how we can help!