Feasibility of "VoIP-spoofing"

Not sure about category.

Yesterday a local newspaper reported an incident where a number that by the scheme belongs to german police (110/xxx.....) called somone telling they found some of their possessions and he should come pick them up. Then after some back and forth the caller told the victim to call the police to reassure him. Got connected to the right department. The officer in question did not make any calls that day which is how they found out it was a "scam".
As of now, the authorities have no idea how the caller made a police number appear in the victims display.

My idea:
Similar to DNS-Spoofing to make emails look as if they come from Paypal, Google, etc. the caller somehow got the VoIP system to display a different "name" (=number).
As I have little understanding of networking and that kind of trickery, I figured someone here might have the knowledge to shine some light on this.

1 Like

I actually watched a defcon talk on a similar topic last week. I'll try to find it. There's a bit in there about spoofing the number.

2 Likes

Yes, asterisk is the application to use for spoofing numbers. Loads of guides en how-tos available

2 Likes