To showcase the ease of which it can be done, the episode saw Presenter Matt Allwright positioned in the middle of a busy shopping centre – along with a magician for a bit of showmanship. Passers-by were stopped and asked for the name of their bank and mobile number – which was then relayed through a hidden microphone to SureCloud’s own team, set up in the restaurant upstairs.
Moments later, said members of the public received a phone call which seemed to originate from the phone number printed on the back of their debit or credit card – the phone number of their bank. Of course, the technical capabilities for this were all set up by SureCloud.
Ofcom has teamed up with UK Finance to help tackle scam calls through a list of ‘Do Not Originate’ numbers. These are then allocated to banks and other financial institutions, with the agreement that the businesses in question never use them for outbound customer communication. The phone number is then printed on your debit or credit card, and then, whilst you can still use that number to make calls to the bank, should you ever receive a call on the same number, you know that it’s a spoof – provided your mobile network is also signed up to the scheme.
It’s a powerful step in the right direction, but as demonstrated, it is still all too easy for bad actors to spoof that all-important phone call. Protection from call spoofing requires a two-pronged attack – technical solutions like the ‘Do Not Originate’ list combined with user education and awareness of the prevalence and dangers of call spoofing.
Commenting on the issue of number spoofing, Luke Potter says: “Unfortunately, it’s commonplace for fraudsters to pose as representatives of banks to gain access to sensitive data, so people should never give out such information in response to an incoming call. It’s always best to be cautious and vigilant or there could be financial consequences.”
Luke oversees SureCloud Cybersecurity Solutions. He also manages our Secure Private Cloud. Luke is a recognized cyber security expert. He is a CHECK team leader, Tiger Scheme senior security tester, ISO 27001 lead auditor and Microsoft Certified enterprise administrator. Previously, Luke managed the IT team at a large UK insurance brokerage.
Learn about SureCloud’s other BBC features below: