Risk Warning Regarding Phone Spoofing

11th March 2015

​The Commission is aware of a new method being used by fraudsters against licensees to commit fraud via telephone. The scam involves the fraudster making the victim believe that they are speaking to a trusted organisation by fooling their phones into displaying any number they choose.

The scam, known as 'number spoofing', works by fraudsters cloning the telephone number of the organisation or individual they want to impersonate and then making it appear on the victim's caller ID display when they telephone them on a landline. The fraudsters will then attempt to gain the person's trust by highlighting the number to them, claiming that this is proof of their identity, before trying to scam them in various ways.

The National Fraud Intelligence Bureau has warned that spoofing is used in the commission of Mandate Fraud. E-mails and telephone numbers of genuine companies have been spoofed by fraudsters in order to fraudulently initiate transfers (for example, impersonating the company director to the same company's accountant), or modify existing account details (impersonating a supplier with respect to a genuine invoice, or an employee with respect to pay).

Financial Fraud Action UK's intelligence unit have warned that the scam has become increasingly common. Whilst the technology needed to spoof someone's number has existed for years, only recently have criminals begun using it to defraud people.

In order to manage the risk of telephone spoofing, a licensee should ensure that its employees are aware of the methods used by fraudsters as detailed above. Employees should never assume that someone is who they say they are just because their number matches that of an organisation or individual known to them. In this respect, if someone tries to draw the attention of the employee to the number on their caller ID display, they should immediately become suspicious of the legitimacy of the correspondent and any transactions or arrangements being discussed.

An additional variation of the scam involves a fraudster calling individuals and posing as bank staff, police officers or other trusted organisations to persuade their victim to part with financial and personal details. Once the fraudster has their victim's confidence, they will attempt to extract information such as the victim's PIN, online passwords or other sensitive information which will then be used to steal from their bank account.

If you require any further information or if you believe that you have received a call of this nature, businesses are encouraged to notify the appropriate authorities. The contact number for the FIU is 714081.