Egidio
Report · 2026

How a phone number can lie

A call that shows your bank's number isn't necessarily your bank. Spoofing — faking the displayed caller ID — is an old technique, still used at massive scale, that recent protocols are only beginning to counter.

A mechanism distinct from a voice deepfake

This report covers spoofing the displayed number, not cloning a voice with artificial intelligence — a separate topic, covered in the report on generative AI & voice deepfakes. Number spoofing means falsifying the caller ID that shows up on the recipient's screen, by exploiting legacy telephony protocols designed at a time when this kind of verification wasn't a security concern.

"Neighbor spoofing"

The most common technique documented by the US regulator (FCC) displays a number sharing your local area code, to appear familiar and increase the odds you'll pick up — even if the caller has absolutely no connection to your region. The same logic applies to directly spoofing the number of a business or agency you already know. In the United States, the law allows fines of up to $10,000 per violation for this kind of malicious spoofing.

Source: Federal Communications Commission (FCC), "Caller ID Spoofing."

The technical response: STIR/SHAKEN

To address this problem, a call-authentication protocol — STIR/SHAKEN — was deployed to let carriers verify that a calling number is legitimate before passing it along. Adoption is progressing, but remains uneven:

44%
Share of registered phone carriers with full STIR/SHAKEN deployment in the United States, as of September 2025.
FCC, data as of 09/28/2025.
17.5%
Share of traffic signed and verified between small carriers in 2025 — well below the rate among large carriers, creating an uneven verification chain.
TNS, 2026 Robocall Investigation Report.

In other words: the technical verification exists, but as long as it isn't universal across every carrier in a call chain, a spoofed number can still reach its final recipient without being flagged as suspicious.

Spoofing

Falsifying the displayed identifier on a call or text, to pose as a trusted number.

Neighbor spoofing

A spoofing variant using a number that shares your local area code to appear familiar.

STIR/SHAKEN

A technical protocol letting carriers verify and sign the authenticity of a calling number throughout the call chain.

🔒 As long as network-side verification stays incomplete, device-side protection keeps its full value: recognizing a suspicious call pattern even when the displayed number looks familiar. See how Medusa works.

Frequently asked questions

Isn't number spoofing the same thing as a voice deepfake?

No. Spoofing falsifies the number that displays on your screen — a technique that's existed for a long time. A voice deepfake clones a voice using AI. The two can be combined, but they're two distinct mechanisms.

What is "neighbor spoofing"?

A technique that displays a number sharing your local area code, to appear familiar and increase the odds you'll pick up — even if the caller has no connection at all to your region.

Does STIR/SHAKEN fully protect against spoofing?

Not yet completely. This call-authentication protocol is widely deployed among major US carriers, but adoption remains partial among smaller carriers, which leaves gaps in the chain.

Go further