cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
2025 CMX Awards

The Zoom Community has won Best Customer Support Community in the 2025 CMX Community Industry Awards!

Celebrate with us

Preventing our numbers from being spoofed.

Gus_Lippolis
Contributor I
Contributor I

‎2024-03-11 08:32 AM

Hello,

Have any of you found a good solution to a ZOOM hosted number being spoofed?

We have had non-customers call and say one of our numbers has called them repeatedly.  

Most of us here know this is a game of whack-a-mole but does not always look good for our reputation.

 

Thanks in advance.

 

 

Topics:
6 REPLIES 6

Eliot
Community Champion | Zoom Partner
Community Champion | Zoom Partner

‎2024-03-11 06:36 PM

hi gus_lippolis,

 

Congress has provided and the Federal Communications Commission has issued rules including a loophole for certain telecom companies not to comply with spoofing prevention measures such as STIR/SHAKEN.  On the other hand, Zoom Phone has completely implemented STIR/SHAKEN. 

 

The Federal Communications Commission has provided major carriers who continue to use ancient technology known as Time Division Multiplexing (TDM) with an exemption.  Some large carriers still have legacy TDM telecom equipment that is not compliable with STIR/SHAKEN.  You can see the list of the carriers which have not implemented STIR/SHAKEN or only partially implemented STIR/SHAKEN in the FCC Robocall Mitigation Database

 

STIR/SHAKEN requires the authentication of the caller-id number by the originating domestic carrier or gateway carrier if the call originates from overseas.  If all telecom companies had to comply with STIR/SHAKEN and the FCC enforced this requirement, spoofing would be greatly reduced. 

 

Second and equally important are rogue VOIP companies that help scammers and spoofers.  FCC and state attorney generals have tried to stop these bad actors, but it is very difficult to do.

 

Suggestions are to contact your congressional delegation to amend the law, file complaints with your state attorney general, the Federal Communications Commission, and the Federal Trade Commission.

 

As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public | Fed...

 

https://www.fcc.gov/spoofing

 

thanks,  eliot

PJM2
New Member
New Member

‎2025-05-21 07:45 AM

We've been having the same issue. At least a dozen people have called our office asking "Did you call me?" or "Did you try to call me?" because someone spoofed our phone number and it came up on their caller ID. Does anyone else have any suggestions beside writing my congressman? 
Thank you.

0 Likes

PJM2
New Member
New Member

‎2025-05-21 07:50 AM

Are there any other suggestions for remedying spoofing?  My office is receiving calls from people asking "Did you call me?" because our phone number is on their caller ID.

Was hoping there is a better, more immediate solution than calling my congressman. 

Thank you.

0 Likes

laurakaruna
New Member
New Member

‎2025-05-21 10:45 AM

Yeah, that just happened to our office today as well. Is this some kind of breach of Zoom phone numbers?

0 Likes

Gus_Lippolis
Contributor I
Contributor I

‎2025-05-21 11:49 AM

@laurakaruna  No, certainly not a breach.  Biggest issue is phone providers allowing numbers not on their platform to be presented as a CID.  

0 Likes

Eliot
Community Champion | Zoom Partner
Community Champion | Zoom Partner

‎2025-05-21 11:59 AM

hi @PJM2 

 

one possible solution is to change the telephone number that is being spoofed.

 

you can use the free caller register to register your business telephone numbers.  this infomation is supplied to analytics engines used to identify spam and spoofed calls.  i have a client that experienced some success with this approach. 

Free Caller Registry | Home

 

there are companies that claim to offer services to mitigate spoofing:

 

How to Stop and Prevent Phone Spoofing of Your Business’ Number | Hiya

 

First Orion - Leading Provider of Branded Communication Solutions

 

The internet Engineering Task Force (IETF) has been working on solutions to telephone number spoofing but has been blocked by the Federal Communications Commission in implementing its STIR/SHAKEN standard.  On 23 February 2025, IETF published a working draft for another approach called Caller ID Verification In Session Initiation Protocol.

"At a high level, CIV is inspired by a call-back verification method used in practice. To verify if the caller ID of an incoming call is genuine, the receiver may just hang up and call back the displayed number [10]. This call-back method ensures that the receiver talks to the genuine caller who owns that number. However, the manual call-back verification is slow and tedious. It may also incur a charge to the verifying party.

 

"CIV follows a similar approach, but it automates the verification process in a secure and efficient manner without incurring a charge to the verifying party. In CIV, the authentication of the caller ID is defined based on checking the ownership of that number. Accordingly, it distinguishes legitimate and illegitimate modifications of the caller ID based on whether the caller owns the number: if they do, they should receive a call-back to that number and respond accordingly."

https://www.ietf.org/archive/id/draft-hao-civ-00.html

 

Did my response answer your question? If so, please don't forget to mark the reply as an accepted solution.

 

thanks,  eliot

 

0 Likes