Comment by athenot
4 months ago
This.
Also healthcare providers, though they seem to have finally wised up. They would call me from poorly configured phone systems (so unrecognizable caller id) and the first thing they would ask is to confirm full name and date of birth.
Patterns like this do a great deal of damage in desensitizing folks and making them accept dangerous patterns that get exploited by scams.
Even if you recognized it, the number shown by Caller ID is easy for the caller to spoof -- or at least it was a few years ago (the last time I paid attention).
Thankfully that part has vastly improved with STIR/SHAKEN, combined with number reputation management.
The problem with that, at least on my experience with iPhone, is you can only get the authentication signal after you’ve already hung up. The only thing I see is a small checkmark next to the “location” of the call in my recent call log. I can’t find any indication of a stir/shaken status in the active call screen.
So asking people to take the step to confirm the call is legitimate won’t work- they can’t tell until they’ve already terminated the call. It’s useless for purpose imo.
2 replies →
I remember when I used Ting, I could specify what would appear as caller id. If I had wanted to abuse this, I could easily have had it display whatever number I wanted instead of my name. Since a number of phones would display the caller id instead of the number when caller id was available, nobody would know that the number was not real. I am not sure if this has changed at all.