A mechanism distinct from a voice deepfake
This report covers spoofing the displayed number, not cloning a voice with artificial intelligence — a separate topic, covered in the report on generative AI & voice deepfakes. Number spoofing means falsifying the caller ID that shows up on the recipient's screen, by exploiting legacy telephony protocols designed at a time when this kind of verification wasn't a security concern.
"Neighbor spoofing"
The most common technique documented by the US regulator (FCC) displays a number sharing your local area code, to appear familiar and increase the odds you'll pick up — even if the caller has absolutely no connection to your region. The same logic applies to directly spoofing the number of a business or agency you already know. In the United States, the law allows fines of up to $10,000 per violation for this kind of malicious spoofing.
Source: Federal Communications Commission (FCC), "Caller ID Spoofing."The technical response: STIR/SHAKEN
To address this problem, a call-authentication protocol — STIR/SHAKEN — was deployed to let carriers verify that a calling number is legitimate before passing it along. Adoption is progressing, but remains uneven:
In other words: the technical verification exists, but as long as it isn't universal across every carrier in a call chain, a spoofed number can still reach its final recipient without being flagged as suspicious.
Spoofing
Falsifying the displayed identifier on a call or text, to pose as a trusted number.
Neighbor spoofing
A spoofing variant using a number that shares your local area code to appear familiar.
STIR/SHAKEN
A technical protocol letting carriers verify and sign the authenticity of a calling number throughout the call chain.
Frequently asked questions
Isn't number spoofing the same thing as a voice deepfake?
No. Spoofing falsifies the number that displays on your screen — a technique that's existed for a long time. A voice deepfake clones a voice using AI. The two can be combined, but they're two distinct mechanisms.
What is "neighbor spoofing"?
A technique that displays a number sharing your local area code, to appear familiar and increase the odds you'll pick up — even if the caller has no connection at all to your region.
Does STIR/SHAKEN fully protect against spoofing?
Not yet completely. This call-authentication protocol is widely deployed among major US carriers, but adoption remains partial among smaller carriers, which leaves gaps in the chain.