Skip to content
DialPhone
Start free trial

Glossary

What is Caller ID Spoofing?

Caller ID spoofing is the practice of placing a phone call with a caller-ID number on the display that is not the actual originating number. The receiver sees a different name and number from the one that placed the call — often a local area code, a familiar business, or a government agency — chosen to maximise the chance of an answer. Spoofing powers most modern phone fraud and is the primary problem the STIR/SHAKEN framework was created to address.

How caller ID spoofing works

The mechanics depend on the originating network:

  • VoIP and SIP origination: the calling party sets the From header and the P-Asserted-Identity to whatever they want before sending the call. Without authentication, downstream carriers historically passed it through.
  • Legitimate spoofing services: web-based gateways that let any user enter a target number and display number for a fee. Originally marketed for “show your office line when calling from your mobile” use cases, since coopted by fraud.
  • Compromised PBX or SIP trunks: attackers hijack a business phone system and use it to originate calls with whatever caller ID they choose.
  • Wholesale carrier abuse: low-cost international wholesale routes accept any caller-ID value from their customers without verification.

The receiving network has no native way to verify that the displayed number is the real origin — which is the gap STIR/SHAKEN closes by signing each call with cryptographic attestation.

Why caller ID spoofing matters

  • Robocall and scam volume: nearly every illegal robocall spoofs caller ID. Without spoofing, blocklists would shut down most fraud campaigns within days.
  • Neighbour spoofing: numbers chosen to match the recipient’s area code and exchange dramatically lift answer rates — and the strategy works precisely because the receiver trusts local-looking calls.
  • Brand impersonation: spoofed calls posing as banks, the IRS, Medicare, or shipping carriers steer victims into credential theft or wire fraud.
  • Trust erosion: legitimate businesses see answer rates falling because consumers treat any unknown caller as a probable scam — collateral damage from years of unchecked spoofing.

Caller ID spoofing vs. legitimate caller ID setting

Not every “this number is not my underlying phone line” scenario is fraud:

  • A sales team displaying the main office number instead of each rep’s mobile is legitimate caller-ID setting, authorised by the business that owns both numbers.
  • A doctor calling a patient with the hospital main line displayed instead of the doctor’s personal mobile is legitimate.
  • Local presence dialing that displays a local number the business owns and routes callbacks correctly is legitimate.

The line is ownership and authorisation. A business displaying a number it controls and accepts callbacks for is using caller ID correctly. A fraudster displaying a number they have no relationship with is spoofing.

How spoofing is being shut down

The dominant control framework is STIR/SHAKEN, now mandated for IP-originated voice in the US and Canada and being deployed in the UK, France, and several other markets:

  • Originating carriers sign each call with an attestation level: A (full attestation — they know the caller and the number), B (partial — they know the caller but not the right to use the number), or C (gateway — they only know the upstream carrier).
  • Terminating carriers verify the signature and surface the result, increasingly displaying “Verified Caller” or, conversely, flagging suspect calls as “Scam Likely.”
  • Robocall mitigation databases track originators that consistently send unattested or fraudulent traffic for downstream blocking.

A call without an A-level attestation is increasingly likely to be answered with caution, sent to voicemail, or blocked outright on the modern phone network.

Caller ID spoofing frequently asked questions

Is caller ID spoofing illegal?

In the US, the Truth in Caller ID Act makes it illegal to spoof caller ID with intent to defraud, cause harm, or wrongfully obtain anything of value. Legitimate caller-ID setting — displaying a number you own and control — is legal. The intent and ownership of the displayed number is what separates the two.

How can businesses prevent caller ID spoofing?

Use a carrier that signs outbound calls with full A-level STIR/SHAKEN attestation, register company numbers in the appropriate robocall mitigation databases, and route outbound calls through a legitimate carrier rather than wholesale or web spoofing services so attestations land correctly on every leg.

What is the difference between caller ID spoofing and STIR/SHAKEN?

Caller ID spoofing is the practice — placing a call with a false display number. STIR/SHAKEN is the cryptographic framework that detects and counters it by attaching signed attestations to each call so the terminating carrier can verify the origin claim before the call reaches the recipient.

Why does my phone show “Scam Likely” for some calls?

US carriers display “Scam Likely” — or equivalent labels — on calls that fail STIR/SHAKEN verification, come from numbers reported on robocall mitigation databases, or match call-pattern fingerprints associated with fraud. It is the consumer-facing surface of the anti-spoofing controls operating below.

See how DialPhone fits

DialPhone signs every outbound call with A-level STIR/SHAKEN attestation, registers business numbers in the appropriate mitigation databases, and supports legitimate local presence and outbound caller-ID strategies — so business calls land verified rather than collateral damage in the carrier crackdown on spoofing.

Learn more about DialPhone

AI-powered business phone, SMS, meetings, fax, and contact center from $24/user/mo.

Start free trial Browse glossary
Call sales Start free trial