Caller ID Spoofing is a technique that displays a phone number different from the actual caller on the recipient's device. In VoIP's SIP protocol, the From header indicating the caller number can be freely configured, making this technically straightforward. While there are legitimate uses such as displaying a company's main number when employees call from personal mobiles, its abuse in bank transfer fraud and vishing has become a serious social problem.
Fraud abuse patterns are sophisticated. Spoofing a bank's customer center number to say "There has been unauthorized access to your account" and extracting PINs and one-time passwords. Spoofing a police number to threaten "Your account is being used for criminal activity" and directing transfers to designated accounts. Spoofing a tax office number to claim "You have a tax refund" and guiding ATM operations. In all cases, because the number shown on caller ID appears correct, victims believe they are receiving a legitimate call from an official institution.
Detecting number spoofing is currently very difficult. The spoofed number is displayed as-is on the recipient's device, indistinguishable from the real number. The only reliable defense is to never make decisions based solely on the phone call - hang up and call back using the official contact number yourself. Banks and government agencies will never ask for PINs or passwords over the phone, so any such request can be immediately identified as fraud.
As an international countermeasure, the United States mandated the STIR/SHAKEN protocol for major carriers starting in 2021. Carriers attach digital signatures to caller numbers, and receiving carriers verify these signatures to determine number legitimacy. Verification results are displayed in three levels: "Verified," "Partially Verified," and "Not Verified." Japan's Ministry of Internal Affairs and Communications is also considering similar measures. Review the latest techniques and countermeasures in caller ID spoofing risks.