Skip to content

Illegitimate Spoofing

Mission

The “Illegitimate Spoofing” working group is focused on addressing the problem of bad actors spoofing national numbers to make international calls that falsely appear to come from legitimate businesses, thereby fraudulently misrepresenting those entities. While number spoofing can serve legitimate purposes such as protecting user privacy or enabling authorized business communications, it is often difficult to distinguish between lawful, authorized spoofing and malicious or fraudulent activity. The group’s goal is to establish methods that restore trust in caller identity by ensuring that national numbers used on international trunks can be reliably verified or validated, while also preventing their unauthorized use.

Leadership

Katia Gonzalez

Proximus Global

Eli Katz

XConnect

Featured Documents

  • Document coming soon >

Use of national numbers as origin on international inbound call

Enabling legitimate spoofing use cases 

  • Why would a call coming from abroad, with an origin number (CLI) from the destination country, be legitimate?
  • Clearly, the origin number has been spoofed (i.e. modified/altered)
  • To protect their country’s people and businesses, regulators look to block such spoofed international inbound calls
  • But multiple use cases of such spoofing are legitimate
    • roaming : when a roamer calls home from abroad, the origin number is his home mobile number – the call coming from abroad looks like it’s coming from the destination (home) country
    • cloud numbers
  • One Consortium focuses on mechanisms to distinguish legitimate use cases from traffic that should be blocked – and discusses the regulatory framework with GIRAF
  • Status to date : high level paper available, initiated joint discussion with GIRAF

Trusting national CLIs on int’l calls : roaming checking if an incoming national CLI is from an outbound roamer calling home from abroad

Is-roaming WG4 subgroup status

  • For mobile the home network of originator (A-party) knows if subscriber is roaming
  • For SIP/VoLTE the call is routed via the home network.
    • The originators home network can check roaming and block if not
    • The destination network (or the national gateway) can check the call arrives nationally
    • Easy long-term solution
  • For SS7 (2G/3G) the destination network or international gateway must check roaming
    • this may be a mobile or a landline network
    • a standard approach to check roaming is required
    • SS7 will be around for a long time
  • Is-roaming check options
    • Signalling – Technically easy and exists, but security risk exploited in the past
    • API – Standard APIs exist but not are widely deployed. Recommended
    • Query could be to individual operators or a shared gateway
  • Other controls required (by A party) for wifi, late call forwarding and fraudsters using roaming SIMs
  • Presented and discussed with GIRAF

Trusting national CLIs on int’l calls : Cloud Communications

Cloud Communications WG4 subgroup
(Work in Progress)

  • What are “cloud numbers”? they are virtual phone numbers, i.e. regular phone numbers that are not linked to any mobile phone or a landline, that are utilized in cloud-based technology to facilitate communications.
  • Unlike traditional phone numbers tied to physical phone lines, cloud phone numbers are part of a VoIP system, allowing users to make and receive calls over the internet

  • Use-case : Number Anonymity

    • objective: anonymize called identification facilitating communications between end-users and service providers without exposing personal phone numbers

    • examples: Identity masking is used by Uber, Airbnb, etc

  • Use-case : Conferencing Platform

    • objective: allow users to join a meeting from any location using dial-in numbers or to invite user to join the meeting (dial-out)
    • examples: Teams, zoom, etc

  • Other use-cases : Cloud Contact Center, Corporate telephony, Call Center, Call Forwarding, DIDs for remote device, Click to Call, etc