Caller ID spoofing leads to bank fraud spree

The incident

A surge in bank fraud has been tied to caller ID spoofing, where criminals impersonate banks using fake numbers. The issue gained major attention in the UK and the US, especially after the 2022 iSpoof case in the UK involved around 10 million fraudulent calls globally, including about 3.5 million in the UK.

Victims believed the calls were genuine and shared sensitive banking details, leading to financial losses and growing concern over telecom security.

What is landline ID?

Landline caller ID is a service that displays the phone number of the incoming caller. It is used by individuals and businesses to identify who is calling before answering. Caller ID is easily falsified via spoofing, so you can’t rely on the displayed number alone to verify a caller.

Fraudsters alter the caller ID to make it appear genuine. Victims then trust the source of the call. This trust has been exploited in recent bank fraud schemes.

How the system works

Caller ID systems rely on network signals to transmit caller information. When a call is placed, the originating number is sent along with the signal.

On landlines, this number is displayed before or as the call connects. This system is meant to enhance transparency and trust. However, it was never designed to prevent spoofing.

Caller ID was never designed to authenticate callers; modern mitigations like STIR/SHAKEN help on IP networks, but spoofed calls and especially legacy/landline scenarios still slip through.

Method used to crack ID

Criminals use spoofing services/software to display a bank’s number and run scripts that pressure victims into sharing OTPs or credentials, called classic vishing.

They spoofed legitimate bank numbers using software that mimics official sources. These calls often sounded convincing, using scripts and professional voices.

In many cases, they also included interactive options to simulate real menus. This made it harder for victims to distinguish fake calls from real ones. Once trust was gained, sensitive details were requested.

Criminals exploit security flaws

Because caller ID can be spoofed, criminals convincingly pose as banks, then social-engineer victims into revealing PINs/OTPs/card data, which enables account takeover and transfers.

Using this deception, they asked customers to verify personal details. Some even claimed that fraudulent activity was happening on the victim’s account.

Victims, believing they were protecting their money, shared vital information. This included PINs, card numbers, and online login credentials. The criminals then used this data to access bank accounts.

Rapid rise in fraud cases

Authorities have reported sustained volumes of phone-based scams; e.g., Action Fraud highlights ongoing telephone/vishing fraud trends and public alerts in 2024–25. Victims from different regions reported similar stories of fake calls. Banks began seeing patterns in the transactions being reported.

In many cases, funds were transferred or withdrawn quickly after the call. Some accounts were emptied in a matter of minutes. The rise in these incidents forced banks to issue alerts to customers.

Banks begin noticing patterns

Banks and agencies commonly report a pattern: spoofed calls claiming urgent account problems, instructing victims not to hang up and to act immediately, a hallmark of vishing.

This manipulation prevented real-time verification. These patterns helped investigators trace the fraud method back to caller ID spoofing.

Common targets of fraud

Elderly individuals were among the most targeted. Many still rely on landlines and may be less familiar with digital fraud. Others included business owners and rural residents with limited cybersecurity awareness.

Victims often felt pressured to act quickly. Fraudsters used fear and urgency to push their victims into revealing sensitive data. These tactics proved effective across different age and income groups.

Techniques used by fraudsters

Fraudsters often used scripted conversations that mirrored actual customer service calls. They asked for one-time passwords or security questions. Some even kept victims on hold with fake music to increase realism.

Tactics include scripted “security” calls, requests for OTPs, transfers to “secure accounts,” and multi-caller hand-offs to simulate departments. These techniques made the scams seem authentic. The use of real bank names and terminology added to the deception.

Role of spoofed calls

Spoofing lets criminals mask their identity and location, so the screen shows a real bank’s number, which is why regulators advise not to trust caller ID. Spoofing played a central role in every attack.

The number displayed matched that of actual banks or financial institutions. This made it difficult for victims to question the authenticity.

Even when reported, some victims were told the number was real. Without stronger verification systems, spoofed calls can continue to mislead the public.

Financial losses and impact

The financial damage varied from a few hundred to thousands of dollars. For some victims, life savings were lost in a single transaction. Beyond the money, there was emotional stress and a loss of trust in financial systems.

Victims reported feelings of embarrassment and fear. Banks had to dedicate extra resources to investigate and support affected customers.

Losses from spoof-enabled bank scams can be substantial; e.g., the UK iSpoof case tied to 10 million spoofed calls and around £48 million in reported UK losses (with estimated global losses over £100 million).

Bank response and warnings

Banks quickly responded by issuing customer alerts. Many updated their fraud detection systems and call verification processes. Some introduced phone call confirmation features within their mobile apps.

Customers were advised to never share sensitive data over the phone. Banks also clarified that they would never ask for full card details or passwords. These messages were shared via SMS, email, and bank websites.

Banks/regulators warn: never share OTPs/PINs or full credentials; if in doubt, hang up and call back on a verified number. (Examples: RBI public advisories; U.S. FCC consumer guidance.)

Law enforcement investigations begin

Police and cybercrime units have started probing the fraud networks involved. They are working with telecom providers and banks to trace the origin of spoofed calls. Investigators suspect that some operations may be tied to international fraud networks.

Investigators are analyzing call records and financial transaction trails. While we can’t confirm arrests for this specific wave, law enforcement has made major arrests in caller-ID spoofing operations, e.g., the iSpoof/Operation Elaborate takedown (UK) with over 100 arrests in the UK (and 142 globally) as part of Operation Elaborate.

Public awareness and alerts

Public agencies run ongoing awareness drives about vishing and spoofed calls; in the UK, Action Fraud regularly issues alerts and guidance. Educational campaigns have been launched across TV, radio, and social media. People are being taught how to spot fake calls and report them.

Awareness drives also highlight the need for stronger telecom regulations. Special attention is being given to vulnerable populations. These alerts are helping reduce the number of new victims.

Steps to stay safe

Do not share sensitive information over the phone unless you initiated the call. Always hang up and call back using a verified number. Be suspicious of urgent financial requests or threats.

Use bank apps to verify transactions and secure communication. Report any suspicious calls to both your bank and local authorities. Staying alert is the best protection against such scams.

How safe is Facebook for teens now? Learn how Meta limits teen access for safety on Facebook.

Key takeaways

This wave of fraud has exposed major flaws in landline security. It shows how outdated systems can be exploited with modern tools.

Caller ID is not a reliable authenticator, as spoofing remains widespread despite new defenses. Verify callers independently and treat unsolicited requests with caution.

Banks and telecom providers must work together to improve protections. Individuals also have a role to play in staying informed. Awareness and caution can go a long way in preventing fraud.

Turn a cracked Android into $200. Explore why Samsung offers $200 for your cracked Android.

Did this slideshow help you understand how landline caller ID fraud works and how to protect yourself? Share your thoughts.

Read More From This Brand:

• FBI alerts millions as viral phone scam drains US bank accounts
• Use these tricks to secure your mobile banking
• Banking malware hits 50K users – check your phone now

Don’t forget to follow us for more exclusive content right here on MSN.

If you like this story, you’ll LOVE our Free email newsletter. Join today and be the first to receive stories like these.

This slideshow was made with AI assistance and human editing.