Teraquant 'No Fluff' Blog

Call Spoofing leads to Account Takeovers and Ransomware

• Consumers are concerned. $12 billion was lost to fraudsters in 2024 according to FTC.
• Account TakeOver (ATO) is one of the top security concerns to Enterprises.
• Impostor scams are the fastest growing.
• Consumers are moving swiftly away from Enterprises that do not treat their account and private information with the utmost care and vigilance.

Call Spoofing is the core technique used in:

• • Account TakeOvers and
  • Ransomware and
  • is the biggest cause of destruction of trust in the phone network.
    • This is why only 10% of calls are answered in the USA.

Definition: Call Spoofing is where a call is sent using the caller ID of another business entity. In the USA this is plain and simple illegal.

Nobody believes Caller ID, even when presented. If we believe the phone network must be sustained to allow folks to talk remotely, the happy halfway house between messaging and face-to-face conversation, we need to restore trust in the telephone network. Voice is also the default interface to AI via LLM’s.

See who’s behind the fraud here.

The telecom industry achieved control over toll fraud/IRSF. The telecom industry, working with enterprise can fix this problem…but wait!

Wasn’t STIR/SHAKEN invented to fix this problem?

STIR/SHAKEN’s Leaky Back Door
A telephone call signed with the FCC mandated STIR/SHAKEN signature is a process implemented exclusively by the originating service provider (OSP: MSP, ILEC) i.e. your Telco. The business enterprise which made the call has no control…but may have influence. The guiding principle is KYC (Know Your Customer). The OSP is required by the FCC to:

• • 1. Know which Customer is originating the call, direct enterprise or upstream telco/service provider.
    2. Attest to the authenticity and intent of the callER with an attestation value A, B or C.

Apparently, some entities are not that well-known by their telco. 95% of fraud originating with a phone call, hat was investigated in 2024 came through with attestation “A”—the best rating.

Since the TRACED Act of 2019 and the mandatory implementation of STIR/SHAKEN in Telco operators, this leaky back door has become the major hiccup in restoring trust to the telephone network.

Fencing Off the Garden and Protecting that Back Door

The only recourse and obvious Next step is for the Telco industry to ask all the flowers in the garden to bloom and be identified. The Enterprises and business entities, are of course, the flowers in this garden.

Enterprises need to step up, be identified, show they are Bonafide business entities and establish their Right to Use (RTU) their own phone numbers, i.e. the phone numbers that have been allocated to them by their Telco.

Enterprises are Asked to:

• • • Register RTU (Right to Use) for the phone numbers allocated to them by their Telco.
    • Specify your Telco company through which these calls will originate.

Your Telco can help you do this or reach out to Teraquant here.

This identifies the Enterprises authorized to send calls in through the back door of the Telco network, who then forwards them through the front door to the PSTN.

Enterprises to Assert Your Right to Use (RTU) Your Own Phone Numbers

The solution to controlling impostors on the phone network is to Verify the Identity of Business entities calling consumers. Downstream carriers will soon be blocking calls where the calling number does not match the ILEC/local MSP it is assigned to, or other anomalies just as they are now mandated to block DNO.

• • • FCC mandated that all calls originating from a Do not originate (DNO) number should be blocked December 2025.
    • So many of the mechanisms and standards and protocols are already in place to implement the next phase.

This increases Trust in the phone network and reduces fraud.

The current effort to tighten up rules to combat phone number spoofing used by scammers is part of the FCC’s December 2025, Further Notice of Proposed Rulemaking (FNPRM). The comment phase is complete and the FCC will be voting on the different measures over the next few months to assist this process.

Certified Branded Calling Achieves the Ultimate End Goal

The ultimate end goal is for enterprises to get their calls answered. Consumers are consistently articulating their views through surveys. If:

• • 1. callER details presented on the phone can be trusted.
    2. Calling Business entity is known.
    3. “Reason for Call” is of interest.
       1. Consumers will answer the call.

Business enterprises calling consumers and customers with genuine intent and integrity would wish to securely identify themselves with their easily recognizable:

• • 1. Trade logo.
    2. Phone number—for which they have the Right to Use (RTU).
    3. Reason for the Call.

But 2 other requirements are essential:

• • 1. Secure cryptographic certification of the identity of the calling party traced to the phone number—tamper proof with Built-in Zero Trust.
    2. A single Standards-based ecosystem—allows:
       1. 1. Free and open movement of subscribers/enterprises between telco/carriers
          2. and branded calling platforms
             1. Whilst maintaining current valid, on-boarded and Vetted customer enterprises and credentials.
          3. Standards:
             1. Ensure interoperability.
             2. Choice and portability between vendors.
             3. Provide a fair and transparent marketplace.
             4. Minimize costs.
          4. Proprietary Branded Calling solutions:
             1. Lock you in.
             2. Less accountability.
             3. Single authority to arbitrate concerns about presentation.
             4. Reduced choice.
             5. Ultimately, higher cost.

CTIA’s® BCID® is a standards-based branded calling open ecosystem which certifies and authenticates the call originator’s identity and securely, transferring proof of that identity and tamper-proof message to the party receiving the phone call.