Why do scammers use spoofed phone numbers and how does it work?
Caller ID spoofing lets scammers display any phone number they choose, including official government and bank numbers, making their calls appear to come from trusted sources.
Last reviewed: 10 June 2026
Explanation
Caller ID was developed as a consumer convenience — a way to see who was calling before answering. It was not designed as a security system, and it has a fundamental flaw: the number displayed does not have to be the number the call is actually coming from. Internet-based calling (VoIP) services make it technically straightforward to specify any number to display as the originating caller ID, and this capability is widely used by scammers.
The practical impact is significant. A scammer can display the number of your bank's fraud line, your local police station, a government tax authority, or the technical support line of a software company you use. When a victim sees a number they recognise or look up and find belongs to a legitimate entity, their confidence in the caller is immediately increased. Many people are aware of the general risk of unknown numbers but feel safer answering a call from a recognised institution.
Spoofing is particularly effective in combination with detailed personal information. If a caller displays your bank's number and then correctly names your account type, references a recent transaction, and addresses you by name, the combination of familiar number, correct detail, and authoritative tone creates a very convincing impersonation. Each of these elements individually might be explainable; together they can be convincing enough to override scepticism.
Telecommunications regulators in various countries have introduced measures to reduce spoofing, such as STIR/SHAKEN protocols in North America that verify whether a number is genuinely originating from the subscriber it claims. These measures have reduced some categories of spoofing but have not eliminated it, particularly for calls routed through international systems or compliant-but-permissive VoIP providers.
Common red flags
- A call from a bank or government number asks you to make a payment or share credentials during the call
- A caller from a number you verified as legitimate still behaves like a scam call
- The caller asks you not to hang up and call back on the number on your card
- A second 'call' immediately follows one you just made to your bank, claiming to be the same department
- The conversation follows a scripted pattern despite appearing to be from a known organisation
What to do now
- Do not trust caller ID alone — it can be spoofed
- Hang up and call back on a number from the organisation's official website or your card
- Never share PINs, passwords, or one-time codes during an incoming call
- If a caller from your bank's number asks you to call back, use a different phone to do so — some scams hold the line open on the original phone
- Report spoofed number fraud to your telecommunications regulator
Frequently asked questions
Can a scammer spoof a number so it looks like it is coming from inside your own organisation?
Yes. Internal number spoofing is used in business fraud to impersonate a colleague, manager, or the IT department. This is why even internal-looking calls requesting credentials or financial authorisations should be verified through a separate channel.
Is there any way to check whether a number calling you is spoofed?
Consumer-level tools cannot reliably detect spoofing in real time. The safest approach is to treat the content of the call rather than the number as the determining factor — any call requesting payment or credentials is suspicious regardless of what number it appears to come from.