The phone companies, always wanting to sell more services and features, developed and proposed caller ID. And boy did that make a stink.

Unless you are old enough to have lived through and witnessed the introduction of caller ID then you might not believe there was a raging debate in the US about whether caller ID should even be allowed. There were loud protestations from a vocal minority of people who believed that a caller should be allowed to call you anonymously -- that the recipient of a phone call had no right to know who was calling prior to lifting the receiver. Imagine that.

Obviously the pro caller ID camp prevailed and now caller ID is universal. One of the best analogies in support of caller ID was comparing it to a peephole in the front door. No sane person opposes a person's right to know who's at the door before opening it, right? It's pretty funny to think about it today but back then it was a serious fight.

Is my phone lying to me?

People place a lot of faith in caller ID -- too much faith as it turns out. Up until the early aughts, caller ID was a pretty reliable way to know the calling number. And with the caller's name also being displayed, you could quickly make an informed decision about whether to answer. Not so much now.

Telemarketers, especially fly-by-night boiler rooms, don't care about the Do Not Call list so they're making their pesky calls regardless. But since they know that most people are unlikely to answer calls from a different area code then they needed a way to make their calls appear to originate in your area. Years ago they did this by buying local phone service in various cities and setting up a call forwarding system. But that's expensive so many telemarketers don't want to do that.

Internet-based Voice over IP (VoIP) calling fixes all that. Well, fixes it from the telemarketers perspective. Without getting into the technical details, what this means is that telemarketers, crooks, and any one else, can spoof any area code or phone number they want so your phone will display that spoofed number. They'll use your area code and sometimes the first three digits of your phone number (prefix) to make it look more legit. This is known as neighbor or affinity spoofing because it looks like the caller is from your immediate area. Your guard is down a bit more and perhaps you answer.

Your number is likely being spoofed as well. Ever get a call from some random person saying "did you just called me?" Yeah, I've received a few of those. You'll say you didn't call then they'll say that your number "is right here on my phone" -- the implication being that you are lying. Assuming you didn't pocket-dial them, then congrats, your number was spoofed. And again, there is nothing you can do to stop this. You can explain to the confused caller that your phone number has been spoofed or hijacked by a telemarketer and that it happens all the time.

How common is it? Go to Google and type in "my phone number is" (without the quotes) and the term "being spoofed" will appear in the drop down list of suggestions before you even touch enter. There's an excellent article on Ars Technica about caller ID spoofing and the problems it causes.

There are websites that let you do your own spoofing "as a prank" on your friends. Ha ha, some fun.

Why isn't that illegal?

Caller id spoofing has some legitimate uses, such as

• Your doctor may return your call from his mobile or home phone, but s/he wants the office's number to appear on your phone.
• A company may have several locations, all with random phone numbers. But they want their outgoing calls to have a central number that perhaps matches their advertising.
• A women's shelter may want their individual onsite phone number to appear from the dept. of family services main phone number or just flat out show "blocked" to protect their privacy.

These are just a few of the many legitimate reasons for tweaking caller ID and have all been in use since caller ID became popular in the 1990s. But prior to VoIP, these methods all required business class telephone service and cost a lot of money.

There's really no good answer right now for how to solve caller ID spoofing. There are efforts underway, but unfortunately the telephone companies and even the FCC aren't doing enough about it.

Just understand that the caller ID being displayed on your phone is probably true and correct and is usually a good-enough indicator of whether you should answer or not. But don't place absolute trust in it. If the caller is asking for any personal information then you must confirm their identity first. Hanging up and calling them back using a publicly listed phone number or a phone number that you already have, such as your bank or credit card, is a good idea. Reverse spoofing, where the number you call is hijacked is difficult (but not impossible!) to do. Enough so that it's not really a concern right now.

Bond. James Bond.

The FCC is trying to eliminate caller ID spoofing using a new authentication technology called STIR/SHAKEN (a tortured backronym whose geeky meaning is unimportant).

This new tech is supposed to eliminate unlawful spoofing by requiring the various telephone carriers, including wireless, to authenticate callers before completing the call. It sort of works. Yes, it can eliminate neighbor spoofing like what I discussed above, but it'll do little or nothing to achieve our primary objective -- and that's the elimination of robocallers. That's because telemarketers are a savvy lot. They are adapting their ways to get through to you even with STIR/SHAKEN. Mainly by using temporary, throwaway numbers.

What about SMS and text messages

Text messages with spoofed sending numbers aren't all that common. But there are plenty of scam/spam text messages that use legitimate phone numbers. And when I say "legitimate", I mean the number wasn't faked in the technical sense. But it's still spam (or scam).

We often receive actually legitimate text messages but still wonder if they're a scam or not because we've become suspicious due to so much fraud these days.

Most legitimate larger companies, services, organizations, etc. that might text you today are using a so-called "short code" as the sending number. Instead of a regular 7 or 10 digit phone number, a short code is usually 5 or 6 digits long. Are these suspicious, too?

Messages sent from a short-code are almost certainly legitimate. (I like to hedge a tad when using superlatives.) That's because not just anyone can get a short code. They are quite expensive, they require vetting at multiple levels which can take months, and they're easy to disable if ever abused.

So, for all practical purposes, texts from short codes are legit. But that doesn't mean you aren't being scammed. e.g. If you get a text with a two-factor authentication (2FA) code* in a context where none should be sent, like clicking a link in an email, then STOP.

* Don't confuse the 5 or 6 digit sending number (the short code) with the 6 digit 2FA number. The short-code usually appears outside the message "bubble" whereas the 2FA number should always appear inside the bubble. This little factoid is mainly so you don't use the wrong number and then can't login to whatever it was.

Alas, all this can be very confusing. Modern online life requires a deeper level of technical savvy than what many of us are accustomed to. As an I.T. and tech geek, I understand all this stuff. But I totally respect that many people do not and I want to help fix that.

If you just want to get rid of robodialing telemarketers, then read my ~~article here.