VoIP caller ID definition
VoIP caller ID is a feature in Voice over Internet Protocol telephony services that identifies and displays the phone number and, where available, the name of the incoming caller.
Unlike traditional caller IDs in analog phone systems, VoIP caller IDs transmit this information over the internet as digital data, allowing for more advanced functionality such as integration with digital address books or customer relationship management systems.
Attacks that exploit VoIP caller ID
- Caller ID spoofing. The most prevalent abuse of VoIP caller ID. Attackers manipulate the caller ID to display a different number or name, making the call appear to be from a trusted source, such as a government agency, a well-known company, or a contact in the victim’s phone book.
- Swatting. An extreme form of caller ID spoofing. Attackers make emergency calls to law enforcement, lying about a serious emergency (hostage situation, bomb threats, etc.) in the victim’s residence to provoke a dangerous police response.
- Spam over internet telephony (SPIT). SPIT involves unsolicited bulk calls made over VoIP. Attackers sometimes use spoofed caller IDs to increase the chances that their calls are answered.
- Wangiri fraud. This fraud involves making short, one-ring calls to numbers using a spoofed caller ID, inducing the recipients to call back, often resulting in charges to premium-rate numbers controlled by the attackers.
- Social engineering. With a falsified caller ID, attackers can impersonate authority figures or known contacts to manipulate the victim into performing actions like transferring funds, providing access to secure systems, or revealing confidential information.
- Identity theft. By combining caller ID spoofing with stolen personal information, attackers can convincingly impersonate victims, gaining access to their accounts and services.