Beware of caller ID ‘spoofing’

Advocate staff photo by PATRICK DENNIS -- Pat and Andrea Van Burkleo have been victims of 'spoofing,' with telemarketers using their names and phone numbers on caller ID without their permission.
Advocate staff photo by PATRICK DENNIS -- Pat and Andrea Van Burkleo have been victims of 'spoofing,' with telemarketers using their names and phone numbers on caller ID without their permission.

Couple falls victim to scam

Strangers call Pat Van Burkleo’s house daily, demanding that he stop calling and harassing them.

Van Burkleo, of Baton Rouge, says he and his wife have nothing to do with those calls.

A telemarkerting service made the calls, changing the name and number that appears on caller ID to show Van Burkleo’s name and landline phone number instead of its own.

It’s a practice called “spoofing.”

About two months ago, Van Burkleo, president of the Boys & Girls Club of Greater Baton Rouge, said he began receiving at least one angry phone call a day from people who received those calls.

Soon, friends and people he knew were calling him about phone calls they received from his number.

He said AT&T officials told him he might be the victim of caller ID spoofing, but disconnecting his number would not put an end to it; once the spoofers have your information, there is little to do but wait it out.

Spoofing allows telemarketers to circumvent federal and state “do not call” lists created to protect people from unwanted phone calls from telemarketers.

Brenda Headlee, program manager of the do not call list at the Louisiana Public Service Commission, said her office receives between 50 and 60 written complaints a month regarding violations of the list and about 75 percent of those complaints involve spoofing or identity theft.

Headlee said the office has collected more than $500,000 in fines in 10 years.

The best way for people to protect themselves against identity theft, Headlee said, is not to give telemarketers any personal information such as address or maiden or middle name.

“They’re not solicitors, they’re criminals,” Headlee said. “Calls that use spoofing have nothing to do with legitimate solicitation.”

The federal Truth in Caller ID Act in 2009 made spoofing illegal when used to defraud, cause harm or obtain something of value from a person by fraudulent means. Law enforcement agencies and instances where a court order allows the use of spoofing are exempt from the law.

On June 22, 2011, the Federal Communications Commission announced it would levy fines of $10,000 per offense and up to $1 million for any single spoofing violation.

John F. Blevins, an associate law professor at Loyola University in New Orleans who studies FCC and communications law, said the FCC can begin levying fines on the first offense, which is an interesting wrinkle in the law. He said the FCC usually issues a warning on the first offense, then begins issuing fines on the second offense.

The Federal Trade Commission and states also have the authority to investigate, and in the states’ case, prosecute spoofers.

The FTC recently shut down five companies running illegal computerized calling operations aimed at defrauding people. However, Frank Dorman, public affairs specialist for the FTC, said he doesn’t recall the FTC ever investigating any business or person in Louisiana for spoofing.

Amanda Larkins, director of communications for the Louisiana Attorney General’s office, said Louisiana does not currently have an anti-spoofing law and her office has not prosecuted any spoofing cases.

“Our office has received hundreds of complaints about scam calls in general, including do not call callers who manage to get around the registry,” Larkins said.

Florida and Mississippi passed laws to curb spoofing, but federal district courts in both states overturned them.

TelTech Systems Inc., the parent company of Spoofcard.com, sued Florida and Mississippi over their anti-spoofing laws.

Co-founder Meir Cohen said he created his company’s spoofing technology while working for a business that had difficulties getting clients to pay their bills and answer their phone calls. He said he devised a way to change the information that showed up on caller ID to get around the call screening.

“The overwhelming majority of our customers are good, law-abiding citizens,” Cohen said.

The customers include law enforcement agencies, which are exempt from the federal law, and battered-women’s shelters, which use the technology to allow women in their care to place calls and not let people know where they are, he said.

In 2009, the U.S. District Court in Miami ruled the Florida anti-spoofing law violated the U.S. Constitution’s Commerce Clause.

In 2011, the U.S. District Court in Jackson, Miss., issued a similar ruling.

“The idea is that a third-party spoofing service in a different state could potentially violate the state law if the call’s recipient happened to be driving through Mississippi when she received the call,” Blevins said.

Mississippi officials appealed the ruling, and the case is pending before the 5th U.S. Circuit Court of Appeals in New Orleans.

Cohen said the terms of service for his spoofing products and devices prohibit fraudulent use of the products. The company will cooperate with law enforcement when it learns a customer is using the product for illicit gain, he said.

Some entities using spoofing fraudulently are outside the jurisdiction of the FCC and law enforcement agencies.

“Generally, the information provided to us is just the number and nature of the call, and the numbers change rapidly, which hinders tracking the culprits,” said Larkins, of the Louisiana Attorney General’s Office. “Many are now computer-generated from overseas, which also hampers tracking.”

Sue Sperry, spokeswoman for AT&T Louisiana, said many of the complaints AT&T receives center around automatic dialers, or robocallers.

“These are offshore computers that dial constantly and constantly with millions of numbers,” Sperry said.

Meanwhile, the FCC has recommended that Congress amend the Truth in Caller ID Act to include text-message spoofing and to give the FCC authority to regulate third-party spoofing services.

Sperry said AT&T has seen a rise in the occurrence of text-message spoofing and email spoofing, also known as “phishing.”

For now, Van Burkleo awaits the day when he does not have to fret over who’s going to be on the other line when he answers his phone.

Van Burkleo said he and his wife continue to receive the calls, now about one every other day, and they changed the message on their answering machine to advise callers that they had been spoofed and there is no telemarketing service at their number.

“I don’t like the term ‘spoofing.’ There is nothing funny or joking about it,” Van Burkleo said.