Thousands of Brits bombarded in caller spoofing riddle
Small biz blamed for silent calls at 2am
Thousands of Brits were tormented by nuisance calls after West Midlands businesses were caught up in a caller ID spoofing blitz.
Firms including We Solve IT and solicitors Bridgehouse Partners appeared to bombard residents at all hours of the day and night thanks to a foreign outfit that used the companies' numbers to mask the real source of the calls.
"Apparently our phone number has been hacked or spoofed, and our number is calling people at a rate of 1000 per hour," We Solve IT managing director Steve Davies said in a statement on his firm's website. "It is not coming from us or our phone system, but likely coming from a number abroad."
We Solve IT said that, at first, its telephone system provider Telappliant had "drawn a blank" on how to trace the calls, and appealed to people receiving the calls to report the nuisance to their own telecoms provider.
The IT company also got in touch with Ofcom to try to resolve the issue, as did Bridgehouse Partners.
"We have now been in contact with Ofcom and the Information Commissioners Office. We urge you to do the same, please," Bridgehouse said on its website.
"We have also filed a report with the Action Fraud Team, a branch of the police. Please do not think we are being complacent in asking you to contact your service providers to report the problem; the reason we ask you to do this is because none of these calls are going through our system at any point and therefore it is very difficult for us to trace them," the statement explained.
"However they are coming through to you via either BT, Virgin etc. If enough people get onto these big providers they will be able to trace the calls and hopefully put a stop to it."
Finding the antisocial source
A spokesperson for Ofcom told The Register that it had worked with telecom providers to fix the issue and said it was now resolved.
"It all happened quite quickly, but we worked with the phone providers in working out what had happened and putting an end to it," they said.
According to both Bridgehouse and We Solve IT, BT and Ofcom were able to track the source of the nuisance calls, which now appear to have stopped.
A BT spokesperson told The Register that its customers had called into its Nuisance Call Bureau to report the issue.
"Following reports from customers of silent calls from several 0121 and 0203 numbers, BT contacted the service provider of the lines involved and confirmed that there were no faults on the lines and that the calls had not come from them," they said.
"We identified the calls were from an international source with an incorrect calling line identification and were being carried over various networks. Working with other network providers we have now stopped these calls affecting ours and other providers’ customers."
We Solve IT's Davies told the Wolverhampton Express and Star paper that the nuisance calls, often received late at night, had resulted in him getting threatening and insulting messages from the enraged victims.
"If victims manage to answer the phone, it seems it either goes dead or there is a voice telling them ‘that extension is no longer available’ before cutting off,” he said.
“Whoever is doing it is a horrible person as I’ve spoken to people who have been deeply upset by the phone calls. Lots of people said they thought it was a call to tell them their elderly mother or father was dead, others were just upset that it had woken the whole household.”
On WhoCallsMe.com, a reverse phone number lookup community that supplies numbers of companies and telemarketers known for unwanted calls, complaints about We Solve IT's number were racking up.
"Got a silent call this am at 0220hours, got the fright of my life, have young children who were woken and hubby had to get up for work 3 hours later so not good, really peeved," said one complaint.
"Please get it sorted for the sake of our sanity and to prevent a heart attack."
Changing the number that pops up on the caller ID of a phone can be done for valid reasons. For example, a company that has hundreds of different extensions might prefer to report the main switchboard number.
But there has been a rise in caller ID spoofing for malicious purposes.
It's unclear how calling hundreds or thousands of homes and then immediately hanging up, such as in this case, could be profitable for perpetrators, but one possibility could be "pinging" - where numbers are checked to see if they are in use so that marketers can then use them.
In other cases, malicious caller ID spoofing can be used for some sort of financial scam, such as pretending to be a utility company to trick victims into handing over credit card details for urgent bills or even masquerading as a credit card company or the victim's bank. ®
Updated to Add
Since publication of this story, Telappliant representatives have been in touch to forward a statement on the matter to us, which we reproduce here in part:
At Telappliant we take security breaches very seriously and an initial investigation has confirmed that the spoof calls were not made over our network. It appears that a third party has ‘spoofed’ the customer number – and this can happen irrespective of the network that number is on. However, we are looking into this matter in more detail ...
Putting this specific incident aside – unfortunately the spoofing of telephone numbers does happen from time to time, and it is outside the control of the company providing the number.