I've ranted about CLI and CLI Spoofing on many, many, occasions but more and more often scammers are using it as an extra step in their scam to "prove" they're genuine.
In the example below the scammer directs the victim to the HMRC website, and then through various pages until they see an 0345 number for HMRC then call back immediately from that number "proving" that they're from that department.
I've seen the same scam used when impersonating HM Courts and Tribunal Service too.
It strikes me that there's a very simple solution to this or, if not a solution, at least a means of reducing the liklihood of people falling victim to it.
A simple solution?
HMRC, HMCTS, and GOV.UK could easily put a message on the pages the scammers frequently use.
Imagine instead if that web page looked like this;
How many people would still fall for it?
Technical solutions?
CLI spoofing itself is what facilitates this scam, whilst there are various (complicated!) methods to ensure confidence in CLI such as STIR/SHAKEN that are likely to be introduced through time it would seem that there are several really simple things that networks could do to reduce the effectiveness and impact of this sort of scam.
- Prevent "untrusted" sources originating numbers from a known list (this should be all 030 numbers for a start, and other dedicated numbers used by services such as HMRC) – ultimately HMRC don't originate any genuine calls from some random Indian IP address.
- Organisations such as HMRC could easily have some numbers reserved for inbound use only; perhaps a block in the 030 range could be dedicated for this, and networks could block all traffic originating from those CLIs, making it impossible to spoof one of these published numbers.
- Slightly more involved, but the scammer generally relies on call waiting, they hate you ending a call as they like to be in complete control and hear anything happening in the background (i.e. someone asking who you're talking to) so I expect a good profile could be built up of the other numbers the scammers are using by looking at calls from one of these 'known' numbers to a subscriber that already has a call in progress - I'd bet a pattern would soon emerge!