Fraudsters on the Line: The Rise of Call Spoofing

Scammers commonly use call spoofing so that calls to their victims seem "real" — and the financial services industry is among the biggest targets.

By Jonjie Sena, VP of Product Management TransUnion

Published on January 16th, 2025 in Banking Trends

Today, we all carry a device everywhere we go, leaving us highly vulnerable to imposter scams, call spoofing and data breaches. With advances in AI, threat actors can commit fraud simply by imitating a person’s voice on the phone. This disturbing trend is impacting consumers and businesses alike, and financial institutions are particularly at risk.

In one increasingly common imposter scam, called the "grandparents scam," the threat actor calls someone posing as a family member, claiming to be in some sort of trouble, such as a car accident or an arrest, and requests money to help get them out of the predicament. The fraudster sounds like the person they claim to be simply by cloning that person’s voice with AI. Today’s technology is so advanced, that only a short audio clip is needed.

According to 2024 Federal Trade Commission data, consumers reported that imposter scams were the main way they were defrauded in 2023, with the highest losses per person coming from phone scams.

Scammers have stolen over $10 million from Americans this year – reaching an all-time high, according to this year’s Federal Trade Commission data.

A recent report on cyberattack trends found that financial services is the most impersonated industry by fraudsters. Case in point, a Hong Kong finance worker was duped out of more than $25 million after falling prey to a deepfake video call scam earlier this year, in which the attendees looked and sounded just like his coworkers.

Call Spoofing: An Essential Tool for Threat Actors

Call spoofing is the deliberate falsification of a caller’s phone number and caller ID information. Scammers commonly use this tactic so that calls to their victims seem "real." A common banking phone scam involves calling a bank customer and pretending to be a bank employee—ironically, in the fraud department. The incoming number the customer sees looks like a legitimate number from their bank.

The caller then tells the customer there has been fraudulent activity on their account and asks for their personal banking details. Through social engineering schemes, threat actors convince targets that their accounts have been hacked, which leads to the customer providing sensitive account information or, in some cases, wiring the caller money via apps such as Zelle and Venmo.

According to a recent consumer survey, more than 70% of people said they had received at least one call in the past three months in which the caller pretended to be someone else. As a result, 74% say they do not answer calls from unknown numbers because they fear they might be scams. Additionally, 70% of consumers said they ignored calls from legitimate businesses because they thought they were scam calls, only learning after that the businesses were genuine.

-- Article continued below --

Data Breaches Are Fueling Financial Fraud

More than 1,500 data breaches affected over one billion people in the first half of the year, including those impacted by more than one incident — a 14% increase in the number of compromises reported in 2023, a record-setting year. And financial service-related data breaches increased 67% year over year, making financial services the most compromised industry in H1, according to the Identity Theft Resource Center. This rise in data breaches creates a higher risk of financial fraud and call spoofing—a vicious cycle that leaves consumers and businesses vulnerable.

Armed with the victim’s name, address and other personal details obtained from data breaches, the dark web and phishing attacks, criminals can make an even more convincing case over the phone. Fraudsters use their persuasive stories during these vishing attacks, coupled with the highly personal nature of voice calls, to create a false sense of trust. They often seal the deal by sending the target a fake text link, known as "smishing." These text and phone scams are so common, that one in three Americans has received one.

Just this month, more than a third (35%) of Americans said they were notified that details about their identities or online accounts had been stolen in a data breach — up from 28% last year according to the TransUnion 2024 Q4 Consumer Pulse Report.

Learn more:

One might assume that the larger the bank, the greater the temptation for fraudsters, but smaller banks and credit unions are seeing the most fraud. According to a recent report, 79% of credit unions and community banks saw more than $500,000 in direct fraud losses in 2023—higher than any other segment surveyed. Smaller banks and credit unions lack the fraud prevention resources, data and technologies used by larger banks, and they provide more personalized, phone-heavy customer service, leaving them more susceptible to fraud.

-- Article continued below --

Technology Can Help Combat Call Spoofing

Though customers are increasingly aware of call spoofing and other phone-related scams, they enjoy the personal touch that only the phone can bring. Nonetheless, they’re demanding that more be done to protect them against phone fraud and unwanted calls. Customers want to feel safe to answer the phone when they receive a wanted call from their financial institution, school or physician’s office.

Industry-developed protocols such STIR/SHAKEN call authentication, which digitally validates a caller’s identity, have helped to combat call spoofing. However, STIR/SHAKEN is not always sufficient to ensure that mobile operators can differentiate between legitimate and spoofed calls. Due to the limitations of legacy networks and inconsistent implementations, they often lack the information they require to distinguish legitimate calls from robocalls calls – causing legitimate calls to be mistagged as spam. That makes it impossible for consumers to know when to answer the phone.

Other measures are available to help financial institutions reduce call spoofing, such as technology that allows them to digitally "sign" their own calls. This option stops spoofed calls from reaching the customer by providing mobile operators with the intelligence they need to block spoofed calls with confidence through complete end-to-end call authentication.

Because this method ensures mobile operators receive the authentication information they need it greatly reduces the number of legitimate calls that are mistagged as "fraudulent". That means fewer customers would block calls from those numbers (including calls from the business).

The recent consumer survey also found that three quarters of consumers said tagged or branded calls would improve the customer experience when they are expecting a call from a particular business. In addition, nearly the same amount (73%) said if a business displayed its name and logo on calls, they would not only be more likely to answer calls, but they would also view the company more favorably.

While consumers need to engage with businesses to resolve their most sensitive, urgent, and complicated matters, this data shows they are simultaneously held back by fears of falling victim to fraud. The solution that consumers responded to most was branded calling that verifies the company calling and shows its name and logo.

According to Juniper Research, "The use cases for branded calling are widespread, with any enterprise which contacts their customers via phone calls benefitting from branded calls. This will include but is not limited to healthcare services, banks, insurance companies and social media platforms."

Empowering enterprises to take the reins on call authentication this way is a sound business strategy; after all, no one has a larger stake in protecting their customers and their business than the financial institutions themselves.

About the Author

Jonjie Sena is VP of Product Management at TransUnion, responsible for driving the go-to-market strategy for Contact Center and Communications Solutions. Jonjie and his team focus on helping businesses overcome the impacts of the robocalling epidemic and restoring trust in phone calls. Jonjie has over twenty years’ experience leading product strategy, technology and marketing teams to launch and drive market adoption of solutions for communications service providers and enterprises. He holds multiple patents in personalized and authenticated communications. Prior to joining TransUnion, Jonjie held executive roles as VP Product Marketing at Neustar, VP Marketing at TEOCO, and VP Products & Technology at ACE*COMM.

The Financial Brand is your premier destination for comprehensive insights in the financial services sector. With our in-depth articles, webinars, reports and research, we keep banking executives up-to-date with the latest trends, growth strategies, and technological advancements that are transforming the industry today.

© 2025 The Financial Brand. All rights reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of The Financial Brand.