CLI Spoofing Fraud

  • »

Prevent Caller ID Spoofing.
Protect from Fraud with AB Handshake.

CLI spoofing (or Caller ID spoofing) is one of the most prevalent types of telecom fraud, used in common fraud scenarios like robocalls, one-ring scams, and eventual phishing. In this method, scammers falsify the information transmitted to the victim's caller ID (the A-number) to disguise their identity and make it appear as if the incoming call originated from a local number or a trusted brand or company. The scammers then use scripts to steal valuable personal information without the victim even being aware that anything has happened.

CLI spoofing has skyrocketed in the European Union following the introduction of origin-based surcharges. Origin-based pricing means that calls are billed according to the originating CLI (caller ID), with a surcharge added when that ID is outside the EU. For example, a voice call to a mobile number in Italy might cost $0.005 per minute if made from a European number, but several times that amount if made from a US number. Therefore, prices for termination to the same network with a European A-number and a non-European A-number differ significantly. The challenges in the EU are further complicated by GDPR data protection regulations which limit the database queries used to identify some CLI spoofing scams.

Traditional fraud protection systems have not been able to tackle the CLI spoofing problem effectively. Since they are primarily reactive and rely on sampling and analysis after the fact, some fraudulent calls always get through. Operators are forced to absorb the costs of the fraudulent calls so as not to lose the customers. The losses are significant — a survey of telecom service providers in 2019 estimated that telcos worldwide lost up to $28.3 billion to fraud in that year alone.

The AB Handshake is revolutionizing CLI spoofing protection and turning the entire paradigm of fraud management on its head. The system is structured upon the AB Handshake Community, a group of operators that use a common 'handshake' to validate each and every call and render telcos “spoof-proof"—preventing caller ID spoofing entirely.

The method is simple. A fraudster can change the A-number (spoof the caller ID) of an outgoing call to mimic a number that is familiar to the recipient. Normally, there would be no way for either the originating or terminating operator to realize what had occurred. However, with AB Handshake, the originating operator sends a verification request directly to the terminating operator, and the terminating switch sends the call details to the terminating call registry. The terminating operator then reaches out to the owner of the spoofed range but, in the case of CLI spoofing, does not get call verification. The call is also not verified by the originating operator. It is automatically identified as fraudulent in real-time and either blocked or labeled as fraud with all details available in a validated log that can be used to raise a complaint with the carriers.

It's a win-win proposition. Retail operators have a clear incentive to join the community so as not to exchange traffic with operators whose traffic cannot be verified. Customers benefit from the elimination of nuisance and privacy violations, so it's a win for them too. The only losers in the equation are the fraudsters, and actually, that's a win too.

Learn about other fraud types we protect from:

Request call flow diagram