Somebody please explain.

First I get some call about some investing bs, then I get an automated voice call also about something financial related

From fucking +000000

What is this fuckery?

@Haxk20 how'd they even get such a number, or rather spoof it

@Haxk20 didn't know that that's still common and used at (as it looks) in a grand scale

Yep, spoofed number, I sometimes get calls from similar spoofed numbers as well

I got a phone call from voicemail a few months ago

Pwnd

I can call you from 911, from your number, from your mother's number, or anything else I between. It's scary how easy it is to spoof a number. Hang up on them, any "company" that can't use their actual number doesn't deserve your time. Stay safe!

@Stuxnet What did it want? Did it just scream at you because you have thousands of messages?

You can get a marketing sms that only says from this&that company or some sms alerts from your government (we got notification about corona related restrictions this way). If you check who it's from on your phone you'll probably get an unknown under the field that usually contains a phone number.

Same can be done with calls, anything really can be displayed as the CLI, though they usually use some numbering range that is actually in use by some operator.

If the fraud is directed at you (common people, not operators), it won't even ring long..so you get a missed call notification and if you call back it's probably linked to some reserved phone number that has a crazy charge linked to it..

But it can also happen that it's an interconnect fraud, meaning mobile operator changes the number you're supposed to be calling from to get better rates and avoid routing the call properly..

Telephone numbers are not signed, and many still run over SS7/CCSS7, so you can basically transmit using whatever number you want given the right hardware.

Certified Meizu Moment

@AnonyOps what tools/methods are required to do number spoofing? I've been trying to do some research on it since I received some phone callls from very weird prefixes (literally North Korea, among others), and I want to understand how it works but I haven't found any actual technical information, just some useless articles about h4xx0rz stealing your money with it.

@endor Sure, give me adound 30 minutes to an hour and I'll give you some info, ive got to run into a meeting

@AnonyOps I'm also interested, please follow up with more info :p

you got an update

Let me add my little 📍 so I can too understand how it's done. I'm getting a lot of these spam calls and I've always wondered how they did to get fake numbers.

Sorry, I'm still at work. I haven't forgot about you, my networks needing some TLC. Will update when I get off.

Okay, after about 17 hours I'm off work. There's depth in this, but honestly not much. I'm going to simply ot a bit because I'm tired. NPA-NXX spoofing, or neighborhood spoofing is what you'll generally see with scammers and telemarketers. They do this because generally if a person sees a number from their area code "NPA" They tend to answer it. Say your number is 785-082-0990, they'll spoof their number to match to conduct their scam to an area close to yours... 785-NXX-XXX.

Now, caller ID spoofing is where a caller tricks the telephone network into displaying a fake number and fake name. This is where shit gets crazy because youre able to use this to gain access into just about anyone's voicemail. Even when its passcode protected (works sometimes). So, when a phone rings there are different frequencies. Someone correct me if km wrong, but if i remember correctly, the spoofing occurs when the binary is translated between the first and second ring of the phone call. Caller ID is

Shown using frequency shift keying. Its in this stage where the spoof takes place. With applications like spoof card, youre routing a phone through them where they then push the vulnerability.

Now, for the "cool" part. Its possible to spoof your number to the targets and then listen to their voicemails. A shitty make in the backbone of telecommunications. Even with a pascode set, most users will opt for the 'don't require passcode when calling from my number ' allowing spoofs to listen when calling from "your number" and if your voicemail is open, well forget about your security.

Don't mind the spelling and the all over the place-ness. If you have more questions or I need to revise shtuff, just lemmi know.

Also see: orange box

Okay, I'm off for the night.

@AnonyOps thank you! I'll look into this

Dude.dude.. That's a scam number. I picked it up and had to reset my phone..

@LOLjustCoding yeah, no shit. The thing about having to reset your phone confuses me tho

@shakur Yep, that's gotta be it