Spoofing is a method of impersonating a caller’s identity by displaying a phone number that does not belong to the person actually making the call (Caller Line Identification – CLI). Thus, fraudsters use real numbers, belonging to other users, to make calls that seem trustworthy, but which may have a fraudulent or misleading purpose. ANCOM receives more and more complaints from those whose phone numbers have been misused in such situations.
The displayed numbers may be randomly generated by spoofers, using equipment external to the telephone service provider, without acquiring access to the user`s phone or account.
For reasons relating to the way networks operate and the difficulty to differentiate between legitimate and fraudulent calls, operators cannot entirely prevent the fraudulent calls via telephone numbers, especially if they are not initiated on their own network. Operator’s restricting a phone number may lead to the impossibility of legitimately using the voice service by the user whose phone number has been defrauded, without impacting the fraudulent calls.
Measures taken by ANCOM
In the context of a significant increase in cases of fraudulent use of numbering resources, ANCOM has identified and imposed a series of measures to considerably reduce the occurrence of CLI spoofing cases. Therefore, after consultations with the Criminal Investigation Division of the General Inspectorate of the Romanian Police and the main providers of electronic communications, ANCOM has ruled the blocking of calls originating from outside Romania that falsely display national fixed telephony numbers. This measure cannot currently be applied to mobile phone numbers as it could affect the legitimate use of numbers abroad, in roaming.
Recommendations for user protection
ANCOM recommends users who have faced such a situation to inform their telephone provider and to contact the police and the National Directorate of Cyber Security (DNSC).
Also, for their protection, it is useful for users:
- not to rely solely on the display of the number, as it can be forged;
- in suspicious cases, to carry out additional checks on the origin of the call: they can hang up the call and call the official number of the company/institution the interlocutor declared they represented during the call ;
- not to provide personal data over the phone (identification data, bank details, passwords, PINs, etc.);
- to constantly update their phone’s software and apps;
- not to follow up on unsolicited phone calls asking for sensitive information or money transfers;
- to verify information through official channels, by contacting the institutions involved directly;
- to constantly inform themselves on new types of fraud, from sources such as sigurantaonline.ro, created by the National Directorate of Cyber Security, the Romanian Police and the Romanian Association of Banks.
