Skip to content

Illegitimate spoofing

Work Group

Illegitimate spoofing

Trusting national numbers on international calls
Enabling legitimate spoofing use cases, blocking fraudulent traffic

Use of national numbers as origin on international inbound call

Enabling legitimate spoofing use cases 

  • Why would a call coming from abroad, with an origin number (CLI) from the destination country, be legitimate?
  • Clearly, the origin number has been spoofed (i.e. modified/altered)
  • To protect their country’s people and businesses, regulators look to block such spoofed international inbound calls
  • But multiple use cases of such spoofing are legitimate
    • roaming : when a roamer calls home from abroad, the origin number is his home mobile number – the call coming from abroad looks like it’s coming from the destination (home) country
    • cloud numbers
  • One Consortium focuses on mechanisms to distinguish legitimate use cases from traffic that should be blocked – and discusses the regulatory framework with GIRAF
  • Status to date : high level paper available, initiated joint discussion with GIRAF

Trusting national CLIs on int’l calls : roaming checking if an incoming national CLI is from an outbound roamer calling home from abroad

Is-roaming WG4 subgroup status

  • For mobile the home network of originator (A-party) knows if subscriber is roaming
  • For SIP/VoLTE the call is routed via the home network.
    • The originators home network can check roaming and block if not
    • The destination network (or the national gateway) can check the call arrives nationally
    • Easy long-term solution
  • For SS7 (2G/3G) the destination network or international gateway must check roaming
    • this may be a mobile or a landline network
    • a standard approach to check roaming is required
    • SS7 will be around for a long time
  • Is-roaming check options
    • Signalling – Technically easy and exists, but security risk exploited in the past
    • API – Standard APIs exist but not are widely deployed. Recommended
    • Query could be to individual operators or a shared gateway
  • Other controls required (by A party) for wifi, late call forwarding and fraudsters using roaming SIMs
  • Presented and discussed with GIRAF

Trusting national CLIs on int’l calls : Cloud Communications

Cloud Communications WG4 subgroup
(Work in Progress)

  • What are “cloud numbers”? they are virtual phone numbers, i.e. regular phone numbers that are not linked to any mobile phone or a landline, that are utilized in cloud-based technology to facilitate communications.
  • Unlike traditional phone numbers tied to physical phone lines, cloud phone numbers are part of a VoIP system, allowing users to make and receive calls over the internet

  • Use-case : Number Anonymity

    • objective: anonymize called identification facilitating communications between end-users and service providers without exposing personal phone numbers

    • examples: Identity masking is used by Uber, Airbnb, etc

  • Use-case : Conferencing Platform

    • objective: allow users to join a meeting from any location using dial-in numbers or to invite user to join the meeting (dial-out)
    • examples: Teams, zoom, etc

  • Other use-cases : Cloud Contact Center, Corporate telephony, Call Center, Call Forwarding, DIDs for remote device, Click to Call, etc