Schneier on Security

Yes, if you call me home and you're ID is hidden I won't bother answering the phone. Sorry but it's too many telemarketers out there (and most of them seem to prefer to hide their ID).

Cigular continues to use Caller-id to authorize access to voice mail. If you know my cell number, feel free to listen to the messages--not that I can stop you.

At what point does the widespread media attention to caller ID spoofing turn this into an actionable tort?

Yup, this needs to be fixed. With all of the abuse possible over the phone people want to know who is on the other end before they pick up the phone.

Carriers may need to work out agreements on forwarding caller ID data if the data provided to them does not meet a given level.

The credit card activation problem is bigger than this. Most houses have a demark on the outside. It does not take much to buy a handset, steal a card from the mailbox and then walk to the side of the house and jack in.

BTW, congrats about the Dr Dobbs award. You are in a fine group of persons.

@ Adam:

I don't think it requires media attention for ID spoofing to become a tort. Assuming they do it intentionally, it's becomes an issue of showing damages.

I'm very suprised this doesn't fall under any other existing law though.

Adam,
Cingular has a preference that you may change so you're prompted to enter your password, even if you're calling in from (what appears to be) your cell phone.

Bruce,

I hope you realize that Caller ID Blocking is just as hopelessly broken as Caller ID Spoofing. There are two ways that the recipient of a call can know the calling number, Caller ID and ANI (Automatic Number Identification). Caller ID Blocking DOES NOT block ANI.

ANI service is normally only available on business lines, toll free numbers, and when using a PBX, though some VOIP operators also use it. I use a service which will automatically use ANI instead of Caller ID if the Caller ID is blocked. My Dad uses Caller ID Blocking, but I still see his number when he calls me.

If you are using Caller ID Blocking to make sure that telemarketers don't get your number, you're just fooling yourself. Of course, Caller ID Spoofing will also usually spoof ANI as well. Caller ID Blocking is only useful against people who don't know about ANI, and those people probably aren't as much of a threat to your privacy.

Some time ago the German mobile phone carriers promised to fix the mailbox problem. They simply ask for a PIN whenever a call to the mailbox is not originated within there own network and now longer rely on the caller ID.

http://www.heise.de/newsticker/meldung/print/66951

I generally agree that Call ID Spoofing will eventually become a problem.

Regarding getting it fixed, in my area, the local telephone company charges a premium for "Caller ID" and for "Caller ID Name" services. If enough customers realize the system is flawed, by not providing the level of service expected, and contact their local provider to complain or cancel the service, the financial impact could push the telcos into fixing the problem.

However, outside companies foolishly relying on Caller ID for some form of authentication (for CC activiation, etc.), I think this may be more a localized problem.

For example, in my house the attitude toward incoming telehones calls has changed and my family is now "trained" so that we don't answer calls that are not in our local address book. We no longer answer all incoming calls, but only pickup calls that are in our "white list" (aka the built in phone book in our telephones). All our phones have the ability to check incoming calls against the built in address book, and then give a distinct ring to indicate the caller is in the phone list. Incoming calls from numbers not in our phone list go to the answering system (which allows call screening), where the caller can leave a message. This process won't become a problem until my local phone number "white list" (circle of friends, family, etc.) is corrupted by Caller Id Spoofing, which since this is highly localized, likely won't be a problem for some time.

Remember that caller ID blocking doesn't work when you dial a toll-free number. The toll-free holder receives a bill, listing your phone number and the appropriate charges.

That's a good part of the reason why companies are willing to spend the money on toll-free - they now have a 'business relationship' with you and can telemarket to you.

Moral of the story: Use unlimited long-distance, and dial a toll call.

The problem I see here is not that there is a flaw in "caller ID", instead is the fact that people use it as a infallible identification.

This is similar to the problems that many companies assume that if someone knows your birthday and your social security number (or some other ID number) then it must be you. People need a good way to identify themselves to companies and other people.

Some phones provide you the ability to only send caller id to people already in your contacts list.

I work in telecommunications, so this isn't really new to me. What's changing here is that there are now voice-over-IP providers that accept whatever Caller ID credentials you supply in your call setup requests. This is actually not a new thing at all... business-grade telephony service (say, PSTN connectivity for your PBX over a PRI) often offers you the same capability to define your caller ID information. The reason is because although you may have 24 channels, you may have 100 DID (direct inward dial numbers, say 123-456-7800 to 123-456-7900). Thus it becomes the responsibility of your private branch exchange to inform the switch what number the call is actually coming from.

Now, one solution is to lock down, at the switch, which caller ID numbers may be set by a given subscriber. (This isn't, to my knowledge, as easy as setting a configuration parameter... switching is in some ways obscenely more complicated than it ought to be).

Even if you did so, though, you'd be excluding the capability of businesses to take advantage of PBX features like call forwarding. (Call comes into DID, endpoint user is not at his desk, call goes to his cell phone with the *original* caller ID information set).

In truth, I think the largest problem is that people trust Caller ID as an authentication mechanism. T-Mobile was one carrier that was notably fantastically vulnerable to mailbox hijacking. What drives me crazy about it is that even if they wanted to offer PIN-free access to subscribers who call from their own number, they could have simply verified that any call coming into their voicemail system, bearing one of their subscriber's numbers, actually *originates* from T-Mobile hardware. But as usual for large companies, they simply didn't care until it became newsworthy.

Sigh.

i'm very surprised how can anybody absolutely believe in Caller ID. afaik, no service here in Slovakia is based on the ID only. at least a PIN code is demanded.

i may lend my mobile phone to my friend, when his one is out of batteries; i may loss my phone; it may be stolen; also a fix line may be used by a burglar... so, from my point of view it is not a problem of spoofing a Caller ID, but problem of believing in the ID.

the telcos created these premium services to make money, not to make you more secure. in a spy-versus-spy escalation, first there was caller id, then caller id blocking, then call managing. the only winner in this arms race is the telco.
since i'm retired, at least from law and biztech, i have the option of simply not ever taking calls. i leave the phone line plugged into the computer even when it's turned off, and i only plug it into the phone when i want to call someone.
so is caller id spoofing an actionable tort? we'll never know until somebody sues over this. that's how actionable torts get recognized.

Thanks to telemarketers, the failure of the National Do Not Call Registry, the popularity of suppression of caller ID, and the ability to spoof the ID, my home phone has the ringer off. I will never answer. Leave a message. If I don't know your voice, I will not respond to the message.

BTW, if this spoofing is outlawed, then only outlaws will be spoofing. So the law would deter only noncriminal dishonest people.

As far as existing laws, when is impersonation legal?

One thing that isn't clear in this report is whether we are talking about Caller ID spoofing, or ANI spoofing. I have heard many reports of Caller ID spoofing, but non of ANI. This may reflect the confusion between these two services.

If ANI spoofing is easy, it does call into question whether services, like credit card activation, which rely on one calling from home, are reasonably secure. In my experience, all credit card activation has taken place over toll-free numbers, implying that Caller ID spoofing is a non-issue.

I had blogged about the Newark, NJ phone hoax case last year. One news site that still is carrying a report about the hoax is Texas KGBT 4 TV at http://www.team4news.com/Global/story.asp?S=3120694

The phone hoax seemed to be low-tech, no apparent ANI/CLID twiddling. Seems like social engineering and, perhap, police reluctance to dismiss the call as a hoax lest a real kidnap/rape victim's call was ignored.

I'm rather surprised nobody has mentioned http://www.crypto.com/papers/wiretapping/

The whole paper is great, but section 2.2 includes a relevant blurb about spoofing caller ID sans use of a third party system by sending mutliple CNID signals accross the line. I don't know how useful this would be against, eg, Cingular's system, since it relies on the client device displaying only the most recent number, but according to the paper it works against wiretapping devices, so who knows?

It's not just telemarkters, but also Banks and criminals who use Caller-Id Blocking. I generally don't want anything to do with any of them.

Can Anyone Explain how I can set up ANI so to see the blocked number anyways. Of course with the banks, the number sent by the PBX is the main switch number not the employeees extension.

Its also worth mentioning that the international telecom union stets standards which insist on technical procedures which enable government and law enforcement agencies to bypass caller-id

@Evan
Completely useless against any modern mobile phone system. The number is sent in the initial set up in an out of band signalling message.

Moz:

Thanks--good to know :). Still, unless I'm mistaken (and I'm no expert), it should still be useful for stuff connected to the plain old telephone system, i.e. a typical phone line like what most of us have at home and/or work.

"My phone number is configured to block Caller ID on outgoing calls."

You probably realize this, but I'll point it out anyway: blocking Caller ID alone doesn't prevent any of the abuses you mentioned. Refusing to identify yourself doesn't stop others from impersonating you. You'd need to inform Western Union, credit card companies, and the police in advance that the real you always blocks Caller ID.

In my opinion, caller ID is the best thing to ever happen for phones. If someone calls you when you're busy, you simply check logs when you get back and if it's someone you care about you call back. Now that's convenience.

You can always switch off the caller ID for numbers you don't want calling you back, but I don't quite understand what's the point of disabling it when calling say your friends.

As for security, I've never used caller ID for authentication. If someone I know calls me I generally recognize their voice and the caller ID is pretty much irrelevant anyway. And if there's need for additional security you can always hang up and call back (or use some other means of communication of which security you're less uncertain of - phone systems are a big question mark when it comes to security either way, so it's safe to assume they're not secure).

If I've hated something related to phone systems it's answering machines. Ever wondered why every phone company is so keen on giving you free answering machines? That's because they make millions with them. Normally you'd get busy or no answer, but with these stupid things you're always getting an answer and are thus billed.

Oh, and I'm always amazed of the US way, when it comes to technology, the tendency to outlaw things instead of fixing them.

@Ari Heikkinen

If you come up with some way to fix stupid people, will you please let us all know?

Rename the service from Caller ID to Caller Might-Be.

@RvnPhnx

Bitch shut up...I'd fix YOU first.... :-P

>>Yes, if you call me home and you're ID is hidden I won't bother answering the phone. Sorry but it's too many telemarketers out there (and most of them seem to prefer to hide their ID). <<

I use a calling card. No ID shows up. One relative has a habit if ignoring calls without ID, if she's going to be that arrogant, I don't bother to contact her.

Bring Caller ID functionality directly to your computer desktop. Identify callers using CallerID Monitor before you answer to call. It uses your modem or ISDN adapter and Caller ID service provided by your local phone company in order to identify who's calling.

http://www.yaodownload.com/internet-tools/communications/callerid-monitor/

If I use a prepaid phone card to call a car dealership.do they get my number or the card number.Or with automatic number identification do they get my number no matter what.

If I use a prepaid phone card to call a car dealership do they have my number or the card number.Or with most buisnesses having automatic numbe identification do they get my number NO matter what I do to prtotect my privacy

Re: All those who refuse to answer a call if the caller ID is blocked: Be aware, some (many?) law enforcement agencies block caller ID so that if, say, a detective calls you from the private line on his desk, you will still have to hit the phone book and call their 'main' phone number and ask for a transfer instead of being able to learn his private line's number and thus harass them as they work a case in which you are involved.

Some mobile phone companies use the caller id feature to determine if a caller is calling someone on the same network.

I saw a demo last year where someone had set up an asterix server to give himself free wireless service 24/7. He routed all his calls through his home PBX which used spoofed caller id to look like a cell phone on the same network and thus used no wireless minutes.

The simple solution is to call the number back (CID or ANI, at this order of priority), for serious transactions (money or privacy related).

You eliminate the problem entirely AND The real person owning the original number suddenly gets a call from the company, which serves as an alarm that somebody is trying to spoof him.

While I do use caller-id to screen calls, the vast majority are actually screened at the voice-mail box.

If someone wants me to call them at an extention of a toll free number, I expect to find out what company they are calling from.

If it is 'important' that I call, define important for 'whom'. A telemarketer who absolutely needs to make a sale may find it far more important that I call back, than I ever will. Also define 'why' it is important that I call back. 'Important' is not a why, it is a modifer to why. I.e. 'It is important that you call regarding your son's pending apendectomy.'

There are callers that I will pick up the phone for. Pretty much they all have text associated with their caller-id number that I recognize, and consider important to take the call from. That number is fairly low, the rest can do their best to get me to call them back. I'm not all that impressed with most of them these days.

Useless and irrelevant point of fact: There are no SWAT teams in New Brunswick, NJ. They're called the Middlesex County HRT.

Some utilities use the ANI instead, and there was a hack at one point where you could spoof your caller ID and then call certain MCI numbers which take your caller ID and make it your ANI (they did it as a 'fix' to the 000-0000 issue).

Anyway, nobody really cares but us, so we probably won't see better fixes at these companies until they get hacked by China or something.

James Lick wrote:
(( Of course, Caller ID Spoofing will also usually spoof ANI as well. Caller ID Blocking is only useful against people who don't know about ANI, and those people probably aren't as much of a threat to your privacy. ))

Funny this is just being talked about. Being able to spoof Caller ID has been around for years. At my work we got a PRI from a well know CLEC and I tie that back to an Asterisk server. I noticed that I can put anything I want on the Caller ID going out. My provider does not restrict the range of numbers .

Today is election day. Yesterday we got 11 computer generated calls and only one had a human calling. Although several of the caller ID numbers were legitimate, there were 3 from 1-800-555-5551 and 2 from 1-000-000-0000. Each of these had a recorded political anouncement. At least I didn't waste time trying to call those numbers back.

>>Yes, if you call me home and you're ID is hidden I won't bother answering the phone. Sorry but it's too many telemarketers out there (and most of them seem to prefer to hide their ID). <<

Very clever, unless they continually call you at 4 in the morning. Believe me, they do.

i want to hidden my mobile number when i call to some one plz tell me

@raza
Call your telephony provider, and ask that. It may be free of charge.

I think that Caller ID spoofing technology is less of a threat than the peoples' missuse of caller id. Caller ID was designed as a telephone feature, not unlike call-waiting or voicemail. It was, however, NOT designed as a security device. If someone comes up with a way to render it useless, from a security prosective, then the subscriber always has the option of cancelling the service. They shouldn't use caller-ID as a "secure" way of identification, anyway. Same thing with voicemail. All voicemail services allow the user to require passwords... USE THE PASSWORD and the problems are solved. Finally, the idea of making ID Spoofing illegal based on it's intended misuse for commiting credit card fraud is rediculous. Yes, it can be used as a tool for activating a fraudulently obtained credit card by posing as a call originating from the real person's home. However, that's the credit card company's fault for not placing new subscribers on the phone with a real person. Again, if new credit card companies required simple verification of personal applicant information, 90% of credit card fraud would be erraticated. It is simply less expensive (and obviously less secure) for a revenue-generating enterprise, like a credit-card company, to utilize an automated approval system with limited verification filters, than to hire live help for $8 an hour. I mean, cars and ski-masks make a great tool to facilitate bank robbery, however I wouldn't recommend making them illegal based on their potential misuse.

While the logic behind the above posting that begins with "Caller ID spoofing technology is less of a threat than the peoples' missuse of caller id." seems to make some sense, the fact still remains that anyone trying to use any form of misleading identity, (except for law enforcement, or other legitimate agencies) has a dishonest purpose in mind. Stalkers, harrassers, thieves, con artist, identity thieves, just love this type of technology. The usage of this technology by anybody other than legitimate agencies, is plainly speaking guilty of impersonation. If the Federal Government can not figure a way of outlawing the companies that offer "caller i.d. spoofing" to the general public, these companies should face law suits by the victims of scam artist, stalkers, etc., that use these products.

Well,

does someone has a programm for mobile phone that can see the number of the anonymous caller?

Greetings Roel
N E T H E R L A N D S

Thesis-Antithesis-synthesis...

I wonder what the 'solution' to spoofed CLID's will be. More and more people are weary of answering their telephones these days, lest it be some scum-bag telemarketing company (usually based in India)! What annoys me the most, is the fact that they use LOCAL area codes, in an effort to fool people into thinking it's a legitimate call.

I now always leave the answering machine to 'pick up' the call (after two 'rings'). I had one company call me twice a day, for two whole weeks- and the call was always 'dropped' by them when I picked the receiver up: A FAKED CLID to boot!! I'd love to blow their heads off with an AK47! *cough* It's almost pointless being on an opt-out/'do not call' list- as those nefarious scoundrels call numbers at random- via computers! I'll end up getting rid of my 'phone- I don't need the hassle...

Perhaps the 'solution' would involve biometric technology- welcome to the NWO. Trust me, the telecommunications companies/governments knew that this 'problem' would arise- and are just waiting for us to accept having to provide a thumb scan before calling anywhere...

I am in the US and got a disturbing voice mail message recorder and yet I got no information about the call on my caller ID.

I wasn't home at the time so I am relying on looking at the indicator/record of calls that came in on that day. There is simply no record of any call, just the voice mail.

How can this be?

My girlfriend used this system to make me think she was at work ( or home ) when in reality she was seeing her other boyfriend . How many others have been fooled into think their significant other was at one place when actually they were somewhere else . It took me years to discover how she did it.

i have cingular wireless with a family plan (son has additional phone) I know that he is making phone calls and receiving phone calls at certain times. But when I look on my statement those calls are not registering. Some phone numbers show up on his call list and show the amount of time he's talking but never show up on the statement. And then there are times where there is no phone list on his phone of who he called or received the call from when i know he was on it talking. My question is..can a person make an outgoing call or receive a incoming call talk for how ever long and then delete it from their call list on the phone and it never registers on the statement.? Or is there something that either he is doing or the other party is doing prior to dialing eithers numbers to keep it from registering either on the phone or statement? And if it can be done please explain how and how to correct the problem.

Totally unbelievable that spoofcard.com is allowed to operate with a slogan like "Be who you want to be!"

Maybe a few tens of dollars worth of spoofed calls from key legislative people to other key legislative people or departments may do the trick? But, this may carry liabilities. Maybe even a simple notice to several key legislators that such an attempt will be made to-and-fro on their behalf to highlight the issue *alone* will do the job?!?

The frightening part is that some dial around services (10-10-XXX) use CID and ANI to ID the caller. If someone spoofs you; they can call whomever and suddenly it will show up on your phone bill.

Something has to be done about this!

Heh, from:
https://www4.spoofcard.com/buy.php
=-=-=-=-
Purchase A New Calling Card

Due to elevated levels of fraudulent purchases, we are temporarily requiring that all new customers verify a cell phone number. By filling out the below form, you will receive a text message on your cell phone containing a 4-digit verification code needed to place an order. You are only permitted to verify one cell phone number for a single new purchase, per week.
[...]
=-=-=-=-
Hey spoofcard that medicine takes sour, eh?

Seems you are all focused on the negative. Does it take a criminal mind to think of the criminal activities one could engage in with altered caller IDs? Is it not possible to use such a system to seek truth? Contradictory, ironic, maybe even hypocritical? Perhaps. But sometimes one or two simple calls from an ID other than your own may give you the assurance or answers needed when dealing with a confusing situation or someone else who may be artfully deceitful. And then not only may the situation be remedied and their lies addressed with proof, but the truth may also set you free

I am a victim of caller ID spoofing. For several months I received 1-2 calls a week from people in different parts of the country who said my phone number appeared on their caller ID. Some were quite irate and adamant that I had called them. Today I received 14 calls from people in Ohio from 9am to 9:30 am saying my number was on their caller ID. When I finally reached a human at AT&T they looked into it and said there is nothing they can do except change my phone number. Is there any other way to fix this?

Ive been receiving calls on my Verizon cell phone for weeks now up to 10 x a day.People say I called them when I didnt and the scam is someones trying to get these people to sign up for Capital one credit cards.On my cel #.Its really annoying costing me time at work to answer the phone as well as angry people.I even got a call at 1:00am.I would change the # but Ive had it for 15 years and its a buisness line.It could cost$$ to change signs,cards ,shirts ect.I want these people stopped!!This is illegal!!

Just wanted to know, is there a way to possibly block or spoof ANI(Automatic Number Identification)? I was told it was impossible. If there is a way, I was just curious to know. I have broadband(digital) phone service by the way.

the cisco 3800 routers have a facility to permit screening based on the caller id. (the exact command is isdn caller xxxxxxxxxx). this permits the administrator to permit dial ups only from known telephone numbers.
plse clarify this doubt for me, will this caller id spoofing work here too?

Who cares if caller id is spoofed or not, I only answer the phone if I know the person who is calling. No one would know to spoof that number. I use Phone Tray Free to send messages and SIT tones to telemarketers and individuals who I don't care talk to.

i want to spoof someone

Krystal: There's a nice tutorial at Gadget Trail for setting up your own Caller ID spoofing system. http://www.gadgettrail.com/2005/01/06/do-it-yourself-caller-id-spoofing/

How many of you work in telecom? You all need to wake up. It's only a problem for subscribers because carriers have reverse ANI, ISUP and many other validation methods to identify a call or circuit. Regulations prevent LEC's from providing these protocols and routing information to the public. Hell yes the carriers are capable but don't hold your breath on them spending millions to alter their infrastructure just so you can be assured who's calling. Believe me, if the problem is really serious, the phone company can find out who called. If you want to do something, start with addressing public utilities commission and the FCC so there will be a market available offering additional caller identification features beyond CLID or even ANI!!

Winston Smith:
Trust you are still alive and well. Scum-bag telemarketing companies are usually based in USA, they just use cut-rate telemarketers based in India. You are confusing the guilt of the employer with that of the employee.

I was awakend by three consecutive calls at 4:30 this morning by a silent caller who I thought I'd gotten rid of 5 years ago. She had a Caller ID "Susan S-----" with the number (818)313-xxxx.

After a week or so of enduring similar torture back in '92, I'd ordered Call Blocking, which seemed to eliminate the problem. Now, after having switched over to a new package deal with my cable company, the Carzy Bitch is back!!!! And NOW, I've just learned that my cable company DOES NOT OFFER A CALL BLOCKING FEATURE!!!!

I had spoken with the person who really owns that phone number back in '92 and I was convinced that she was not the person making those calls, but I am pretty sure I know who the culprit is... I beleive it is my ex-husband's second ex-wife, who is a real LOON and her name is Linda V----- of Tujunga, CA.

It was not until this morning after Googling around a bit that I realized how she'd done it.

I know that this will not stop on its own... Short of getting a new telephone number, is there anything I can do to stop this harassment?

Well, it's happening. Telemarketers are using Spoofing to attempt to con people out of their credit card numbers. I've been receiving phone calls from a 92 year old nursing home patient for the last several months named Adele. The call registers as a (208) number, but when you try to call it, the line is disconnected. Here's basically how it goes:

-Chipper recorded voice-

"Hello, this is Heather from your credit card company (it never even NAMES "your credit card company," it just says that) and we're offering help to lower your interest rates on your credit card. We have been trying to get into contact with you for a while now, and this is your FINAL CHANCE. To speak with a representative now about lowering your interest rates, please press 1. To discontinue calls about this offer, press 3."

I've always hit 3 in the past. The line goes silent, and I hang up. A few weeks later, I'll get another call, and press 3 again.

Last night, I hit 1. Here's what happened. I wish I was kidding.

A man picked up, sounding like a bored fast-food employee - he sounds at least 25.

"Did you press 1 to lower your interest rates?"

"No, I pressed one to talk to someone about taking my name off of this list-"

"I'm not a psychiatrist. You need to *talk to someone*?"

".... About taking my name off of this list, yes. The 3 button doesn't work and - "

"Do you need a psychiatrist? Are you *lonely*? You need to *talk to someone*?"

By this point of the conversation, my hands were shaking. This guy was being blatantly unprofessional, and I was in shock at his rudeness.

"Why are you being so belliger-"

He's talking over me now.

"Maybe you should talk to your psychiatrist. You've got major problems."

"Can I speak to your manager? Is this a business call or a prank call?"

"Is this a what? What did you say?"

"Is this a business call or a PRANK PHONE CALL?!"

"Why did you press 1 if you're not lowering your interest rates?"

"Because I needed to speak to a real person and not a machine to get my name off the list."

"A machine? -Something about a robot- What do you even want?!"

-Me, calmly and coldly-

"I want you to take my name off your list and never call this number again."

".... Is that right?"

He says this like it's a challenge, like I've just threatened him. WTF?!

"Yes."

"....."

"Take me off the list."

"We'll see...."

"....."

"....."

"....."

"Do you *have* a psychiatrist?"

"...Nooooooo..... Am I off the list?"

"Maybe you need one because-"

"Oh that's clever, you're really clever with the psychiatrist thing. Is my refrigerator running-"

-He hangs up-

...... That's basically how it went. WTF WAS THAT?!?!?! I told my dad what happened, and he tried to call the number on the Caller ID, but as I said, it was disconnected. So, while I struggled to pull myself together - I was shocked, outraged, and felt oddly violated - my dad called the operator, and they traced the number to "T. Myhre," and the town and state. I won't reveal the phone number because as I mentioned, it does belong to an old woman in a nursing home.

However, I searched the number on Google, and the name registered as "AR (her last name)." WTF?!?!?! I put in the name "T. Myhre," and located the address.

A CHRISTIAN NURSING HOME. WTF?!?!?!?!

I surfed around, and got the URL of the joint from the city Chamber of Commerce site. Then I visited the site, and it had pictures of happy old people everywhere. WTF?!?!?!

So I was severely freaked out, and decided to find more info on "AR." I searched the full name, and came up with a CEMETARY. WTF?!?!?!

I searched down the long list of names of dead people, and finally found a "Harvey T. (last name)." Eureka! A "T" connection! Or so I thought... Unfortunately, Harvey died back in 1995, and I doubted whether the vile call came from beyond the grave, though the caller was certainly a creature of darkness...

Then, I noticed another name on the list - an "Adele Ruth (last name)." AR! Interestingly enough, Harvey was born in 1913, died 1995, and Adele was born in 1914 and died *no date*. Hmm....

I called the nursing home and asked if Adele (pronounced by the friendly receptionist as "uh-dell." I kind of like that spelling...) lived there. She said that she was just upstairs. I tried to explain to her what had happened, and that it was the strangest phone call I'd ever received. The receptionist seemed just as WTF'd as I was, and advised me to call the office back in the morning to get it all straightened out. It seemed like a nice place. Definitely not where the call came from.

And so, I spent the next few hours searching for various "T. Myhre"s. I eventually stumbled onto the recurring name "Teresa Myhre." A LOT of them.

And this is where it all went wrong. I found several of the Teresas, and Googled the phone numbers. They gave me DIFFERENT NAMES. Attached to DIFFERENT CITIES. In DIFFERENT STATES. All connected through the SAME phone number. WTF?!?!?!

After hours of searching, I discovered a link between some of the names and numbers. This all just happened a while ago, so it's not going to be comprehensive (or even chronological) but here's basically what I did:

T. Myhre - Background Checks to-
Teresa Marie Myhre - Googles to-
Terry Myhre - Googles to-
Teresa Myhre - her phone # Googles to-
John Myhre - # Googles to-
JD Myhre - # Googles to-
Paul Myhre - # Googles to-
M & T Snodgrass (WTF?) - # Googles to-
Michael Strenke (WTF?!) - # Googles to-
Richard Strenke - # Googles to-
.... RICHARD STRENKE! Finally, a valid number.

So I looked back on what all I'd found (which was sooo much less organized than I make it look here). "T" Snodgrass? Teresa perhaps...? Hmmm.... So... I called them. The "T" and "M" Snodgrasses had different numbers (I think), and since "M" Snodgrass was disconnected (Michael?) , I called "T," hoping for a connection. A deep voiced woman answered the phone.

"Um, Hello?"

"Hi. I was wondering if *Terry* was there?"

"Uh, Terry?"

"Yeah."

"....."

"....."

-Away from the phone-

"Terry?"

I wait for about 30 seconds.

"Hello?"

"It's not Terry yet."

The same deep voice.

"Oh."

A few seconds later, a new voice answers.

"Hello?"

I'd waited about a minute and a half total for her to get to the phone. She sounded young, maybe around my age.

"Do you know Richard?"

"Richard?"

"Yeah, Richard Shenk... ay?"

I had both forgotten how to spell AND pronounce the man's last name.

"Um... no...?"

"...Oh, that's okay. Sorry. Thanks."

I hung up.

Hmm... I couldn't tell if she was lying, and it didn't help me make a connection at all.

.... I spent the next half hour calling people at home after midnight, asking for other people's names to "freak them out" and hopefully get a confirmation that these people were related in some way, and I had just stumbled upon a Nationwide Underground Telemarketer Scam. I still don't know if they're related. I may yet be right. I do know for sure, however, that I pissed off one woman who was sleeping in some state that I cannot remember.

Two of the Richards (there were multiples of every name on the White Pages site) had the same address and one of the Richards had a "J" middle initial, but both phone #s were the same, except that the last two digits of one of the phone #s were different. This sounds suspiciously like an apartment building to me. What are the odds of two Richard Strenkes in the same building? So I called both of them. "Richard J"'s line was disconnected, so I dialed regular Richard Strenke (I still forget how that's spelled as I type this). A groggy sounding woman picks up after the fifth ring.

"Hello?"

"Hello. Is this Teresa?"

I am being sneaky, and trying to trick her into giving me a connection between all of these phone numbers, names, states, and cities.

"What?"

Damn.

"Can I please speak to Richard?"

"You. Have. The wrong. Number."

"Oh? I'm sorry."

"Do you have ANY IDEA WHAT TIME IT IS?!"

She hangs up.

Ooops. Hmm... She was pissed. Well, whatever. I look at the clock and it says 12:04 am. It can't be *that* late wherever the hell she is... right?

I wish I could say that I stopped there, but I called a few other people.

I asked one of the Michaels to "say hi for me to Richard."

"Richard? I don't know him."

"Yeah, this is- this is an *old friend*."

It comes out sounding pathetically like a threat, and I am mortified at the parallel I immediately draw to the Evil Caller's ".... Is that right?""

"I think you have the wrong number."

"....... Are you SUUURE?"

"Um... yeah."

"Okay, sorry, thanks."

Well, f%&k.

I give up. I'm just gonna call the Nursing Home in the morning, and tell them somebody might be messing with Adele too. (Oddly enough, I find myself caring about the elderly lady, even though I have no idea who she really is, or what she's like.)

So... an hour and a half later, after my dad's gone to bed (he was soo pissed, and wanted to KILL the guy who called me) I got started searching for Teresa again. Finding the same dead ends (but not making any more phone calls!), I tried a different tacit.

I started searching for scams involving telemarketers and credit cards. I came across a lot of horror stories concerning the elderly and telemarketers, and I wish I could call and talk to the Nursing Home *right now*. I hope they didn't mess with that old lady.

Then, I stumbled onto the term "Spoofing." I had never, ever heard of this before. They make cards that let people trick caller IDs into displaying the wrong number?! WELL S%&T!!!

My deepest apologies go out to those five people I called. Unless of course you really *are* connected to the Nationwide Underground Telemarketer Scam, in which case I hope you were on your cell phone, and it gives you brain cancer.

So, I'm going to call the Nursing Home back tomorrow morning and try to explain what all I've learned about what may have happened, and PRAY that I don't sound as insane as I think I do. Besides, with Harvey gone, maybe Adele is lonely, and it's always nice to know that someone out there cares. I'm probably being paranoid about it being anything more than a random choice by the NUTS people (I just typed that out because I was too lazy to type the whole thing out again, and I had no idea it would abbreviate to that. Awesome!) for the Caller ID to display Adele's number, but I don't think it'll hurt to make her caretakers aware that *someone* is using her phone number. Maybe I'm too sentimental...

Or maybe I *should* look into a getting a shrink after this fiasco, but either way, I've already resigned myself to the fact that most likely, the Evil Caller will never be brought to justice.

If he were just a prank caller, why would he bother with the woman's recorded message (And yes, I searched for "Heather" Myhre, Strenke, Snodgrass, etc. too. I was very thorough..), and why would the call be about my *credit card*? And why would there be a press button option at all?

At the end of the day, I don't regret all the trouble I went through (and will still go through in a few hours when I call about Adele), because this guy WAS a CRIMINAL, and if it can happen to me, it can happen to anyone.

Beware of Spoofers, for NUTS jerks are catching on. This *should* be illegal, and I plan to send a (much less self-deprecating) complaint to the FCC. Spoofing is going to cause major problems, and something needs to be done, before more people like Adele are made patsies, and more people like *me* are made fools of....

Because ya know, it sounds kinda funny now, but I was pissed at the time (I STILL am), and that bastardly little weasel shouldn't get away with it, dammit. Spread the Word.

Next time anyone gets one of these calls, don’t get mad, get even, have fun. Follow the thread as long as they will talk to you. Tell them, sure, you want to lower your interest rate. When they ask for your number, tell them you thought they had it. When they say they don’t, tell them you can’t find yours right now, can they look it up or give you a number you can call back. Sound either real excited or real stupid. They may even give you a number.

String them along as long as you can, see what they will tell you. If you like messing with people’s heads, this can be fun. I love the political and religious calls, it’s a real hoot messing with zealots.

If they keep calling from the same caller ID, some phone companies, usually only the old standbys like Verizon or AT&T, not cell or cable, will do a trap and trace on the line. You usually have to file a formal complaint with the local cops, and the phone company will only give the call info to the cops, but if nothing else, you might cause these pests a little hurt. If there are a lot of complaints against one number, the cops may even do something about it. There are ways to trace to the real originating number, not the spoofed number. But you have to be way better at this stuff than I am to do it.

I have had multiple calls from companies who seem to thumb their nose at the DNC list. Some of them spoof their numbers on the CallerID. Unfortunately, some of these groups are exempt from the DNC list. I had a problem with Jerry Kilgore (Republican candidate for VA Governor in 2005) and his campaign staff. They were constantly calling and I was getting all 0's for the CallerID. They even called at 6:40pm the night of the election to ask me to vote for their candidate; when I said please stop calling the lady turned up the volume of her phone to try to drown me out while continuing her spiel.

There is legislation in Congress to make CallerID spoofing a Federal offense. Here is the name of the legislation (the House version has already passed the House):

S. 704: Truth in Caller ID Act of 2007

Contact your Senators (especially if one of them is on the Committee on Commerce, Science, and Transportation) and urge them to get this approved and the law enacted.

i am calling some premium numbers i want to hide my caller id i try every thing but caller id is still coming on because i can see the live stst of the number which i am calling how can i hide my caller id any body can help.cheers

My business cell phone was used as the butt of a Caller ID Spoof in which someone had setup to call numerous people repeatedly throughout an extended period (sometimes 5-6+ times per day for weeks) and hang up, always showing my number. I never once made the calls, yet I received an increasing amount of calls (I finally switched my number when I started getting over 30 complaint calls per day!!) from people wanting to know why I was doing this to them.

At first, I tried explaining what little I knew about it (thank you to Google for even finding any info!), then I left info on my voicemail that I was not the one making the calls and they had to call the police to get the number traced and to PLEASE press charges, as I couldn't do anything (at this point I was under the impression that only those with blocked numbers could have any number entered). Then, I changed the message when I read something stating that the police won't do anything if they are not being threatened. The new message basically stated that it is called Caller ID Spoofing and I was as powerless to stop it as they were. Needless to say, after many months of this crap, I finally had to give in and change my business number and hope I don't lose customers in the process.

While I do suspect the person with absolutely NO life whatsoever who set this up for a totally assinine reason, what I do not understand is WHY it is still around. Apparently there is no one in legislation who has been the victim of this on their own. If they had, I'd be willing to bet money it would be made illegal in no time flat. It's sad that there are so many people out there that obviously have so little to do other than create issues and drama in other people's lives.

Someone is spoofing my caller ID, what appears is: Unavailable & my home #. I stopped answering, no one's there. I contacted my phone service, they can't do anything just said, contact FCC, which I did, they told me to contact my phone service. NO ONE CAN HELP. My phone service also said I should call the police, do a trace, the police will contact my phone service. etc. etc.etc. In the meantime, I'm getting 10 - 15 calls a day with my # on it, no one can help.

I am a victim of caller id spoofing. I get anywhere from 2 to 15 calls a day from people all over. Fortunately, none of them have sounded angry, if I actually answer the phone. I had to call my cable company three times and threaten to cancel my service if no one would help me with this. First I was told that someone hijacked my number. The cable company said they could clearly see that I wasn't making the calls, and they could see the calls that came in. I was told that they would file a "work ticket" to see what the problem was and that I should call back in a couple of days. The second time I called, the person who answered the phone said basically, sorry, there's nothing we can do from here so you need to call your local police dept. I didn't feel like calling our barney fife police dept so I called back one more time the follwoing day and threatened to discontinue their phone service complete and just use cheap trak phone cell phones as this issue was becoming unbearably irritating. Well, the squeaky wheel does get the grease. A supervisor called me back in 15 minutes and agreed to change my phone number and to mask my caller id for free. I will now have to give my new contact info to family and friends and that in itself is kind of a pain. I'm hoping this will stop the calls. I also signed up for the Do Not Call Registry. I don't think it prevents spoofing though.

My family is another victim of caller ID spoofing. For about a week now my family has received at least ten calls every day (as late at 11:00 pm) from spanish-speaking individuals claiming we called them. I don't think they understand when I tell them our numbers (yes, two phone lines) have been taken over by someone else. Our phone company will not help us unless we want to pay $60 to change our phone numbers. This activity has got to be stopped. I've written both of our Senators and Representatives and the FCC asking them to look into the issue. Maybe if enough people complain they will be forced to deal with it!

For folks on the Do Not Call List, the telemarketing calls you do get should be considered a short-list for scammers.

I'm on the do not call list but I'm getting as many as 5 telemarketing calls per week. For the most part, these go over to voice mail and I just get an anoying recording followed by a press 1 for more info sort of request.

I've been home a few times to answer the phone and pressed the one to connect to a person. Often, nothing happens. Twice, I got a real person. In each of these, it was quite obvious after exchanging a few words that I was being called by a scammer. In today's call, I had as odd a conversation as "J" did in his posting above. (This one claimed to be a credit company that was part of Equifax. Nonsense.)

The FBI web site says that the point of these calls is to get your identity including social security. That adds up. Today's call was offering very low credit card interest for my great payment history. The fact that they didn't know how much I owe was a pretty good tip off to the plan.

What I wish was that I had a way to simply block calls that have the potential for CID scams. This would, of course, block all the Internet-based calls. Small loss, I don't know anybody using that.

While I wish that the whole operation were outlawed, I seriously question whether a law could work. How do you trace calls that are routed over the internet? You could only do so by catching the folks in the act of making the calls. That would be a real trick.

For now, I hope that company dropped my name. I don't hold out much hope there.

How do I set up ani on my phone system?