A reminder that caller ID spoofing is perilously easy to pull off

I’d like to publish a a simple reminder today: you can’t trust caller ID. Well established methods of spoofing the name or number displayed on your phone when receiving an inbound call or text message exist, and they’re perilously easy to pull off using teenage prank levels of knowledge.

This advice is made in light of the upcoming launch of ‘NHS Test and Trace’ in the UK which will soon be sending phone calls and text messages to affected parties. We know from past experience that online fraud follows whats topical in the news, not less a case which provides a perfect excuse for the phishing of personal information. The government’s advice could see the population place a perilous misguided faith in the authenticity of information provided by easily spoofable caller ID:

Contract tracers will:

  • call you from 0300 013 5000
  • send you text messages from ‘NHS’

Any advice which suggests faith be placed in caller ID is dangerous.

Fancy reading more? See more blog posts.