Who's calling - A neighbor or a fraudster?
Once upon a time the telephone system was a trusted method of connecting people. While we now spend more time on our phones than ever, our relationship to phone calls has changed -- we’re hesitant to answer calls from unknown phone numbers, often because we think the call is a con. But what if the caller ID is spoofed/modified and made to look like a telephone number that you may trust or a number with a local area code and familiar prefix?
Networks have evolved significantly in the last few decades; many are now Internet Protocol (IP)-based and hackers have evolved new ways of hacking them. These bad actors use call spoofing (falsifying their calling number) to target both unsuspecting and the tech-savvy (and anyone in between) individuals in order to extract confidential information such as bank account details, personal details and other private information.
With the onslaught of COVID-19, the scammers now have various new methods to defraud people such as seeking money to reserve coronavirus vaccine ot offering fake cures to name a few. People who are not aware of such scams and see calls coming from familiar looking phone numbers, may fall for these attractive offers and end up losing lot of money or exposing sensitive personal information.
While there are apps that can display the name of the calling party on your phone screen, they usually don’t solve the problem of Caller ID spoofing. Many of these apps act on crowdsourced data and display calling name mapped to the calling number from which you are getting the call. However, if the calling number itself has been modified or spoofed by a hacker, these apps will show you the calling name mapped to the modified calling number and not the original calling number. Finally, many of these apps are not 100% secure.
Various countries have adopted different solutions to curb the problem of caller ID spoofing:
The United States and Canada have implemented Caller ID certification via a standards-based approach called STIR/SHAKEN. Not to be confused with James Bond’s "Shaken, not Stirred," catch phrase. STIR/SHAKEN stands for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs
Ofcom (UK's communications regulator) and NICC (technical forum for the UK communications sector) are exploring STIR implementation framework targeted for late 2022/early 2023.
ARCEP (France's Electronic Communications, Postal and Print media distribution Regulatory) and GT-MA (A working group made up of operator representatives and set up by ARCEP) are also exploring STIR implementation framework targeted for mid-2023.
We at Ribbon Communications have developed a product, Secure Telephone Identity (STI), which is a STIR/SHAKEN standards-compliant solution that enables Communication Service Providers (CSPs) to cryptographically authenticate the veracity of a calling line identity originating from their network or verify the calling line identity of calls terminating to their network. Ribbon STI performs a critical function as part of a CSP’s implementation of STIR/SHAKEN. Ribbon STI is also an important part of Ribbon Call Trust ®, our complete identity assurance solution that integrates Ribbon and third party data to determine caller identity, intent and reputation for every call. With Ribbon Call Trust, CSPs have a powerful solution they can use to restore their subscribers trust in the phone.