Easy to fake phone numbers
A video recently spread on Facebook has caused the online community to worry when it shows the possibility of forging the caller's phone number right on the recipient's screen.
In the video, the user uses two phones, one of which is installed with a fake dial-up application. When entering a "super beautiful" phone number into the application, immediately, the other phone displays this number as a normal incoming call.
In the next attempt, this person entered her mother's phone number into the application. As a result, the name "Mother" appeared on the phone screen - matching the pre-saved contacts. After that, this person continued to try with many other phone numbers and all gave similar results. The author of the video affirmed that this is a warning to raise awareness, not a user manual.
Below the video, many other users also confirmed that they can create any phone numbers themselves to make calls. Even if the fake number matches the number saved in the contacts, the acquaintance's name will appear as a normal call. This makes identification more difficult than ever, especially for calls related to finance or personal information.
The danger increases when this technique is combined with artificial intelligence voice imitation technology. Currently, with just a short recording, AI systems can reproduce voices with high authenticity. When bad actors both impersonate phone numbers and "copy" the voice of relatives, victims almost have no basis for suspicion.
How to deal with fake phone number scams
Talking to a reporter from Lao Dong Newspaper, network security expert Ngo Minh Hieu said that recently, the Anti-Scam organization has recorded a series of reports about applications that can impersonate phone numbers. In fact, this is not a new trick but a technique of impersonating phone numbers displayed, also known as Caller ID Spoofing, which has appeared for many years.
Regarding the impersonation of Caller ID, the short understanding is that the caller does not necessarily have to use their real number when making a call, but the recipient's phone can still display another number on the screen. In other words, the number I see is not necessarily the real number calling" - Mr. Ngo Minh Hieu said.
Network security experts analyze that, technically, a call is not as simple as we think. It is divided into two separate parts: the actual route of the call in the telecommunications network and the information displayed to the recipient. The number used in the network is the actual identity of the call source for the network operator to connect. The displayed number is the information sent to appear on the recipient's phone screen.
Through intermediate systems such as VoIP (Internet calling service), fraudsters can easily change the displayed data field.
Mr. Ngo Minh Hieu said that when they have impersonated phone numbers, fraudsters will create extremely sophisticated scenarios to deceive users. Common scenarios can be mentioned such as impersonating banks. Accordingly, fraudsters notify "Your account has just had unusual transactions", "Credit card is locked" and request "Need urgent verification to protect money".
Another scenario is to impersonate the police to threaten users related to a case being investigated and request "immediate cooperation". Scammers can also impersonate customer care staff to request information confirmation, provide OTP codes to "handle incidents"; impersonate customers calling banks to request changes in account information, reset passwords...
The common point is that scammers always use a pressing tone so that victims do not have time to think, request victims to keep the phone constantly and request to provide OTP/verification codes, card information or request to transfer money to accounts.
Mr. Ngo Minh Hieu affirmed: "The phone number displayed should only be reference information, not verification evidence. What needs to be distinguished is not the displayed number, but the content of the call".
According to the expert, even if the screen shows the correct phone number and contact name, people should not lose vigilance. When receiving a call with urging content, requesting to immediately provide a password, OTP code, account number, CCCD... or requesting to transfer money, people should proactively turn off the phone and press call back. The reason given is that fake applications can only make outgoing calls but cannot receive calls. Therefore, even if the call history in the phone still displays the fake number, when making a call back, the person who answers the phone will be the owner, not the scammer.
