Phone Number Spoofing maps to Defense Evasion in the MITRE F3 Framework. It is one of the primary technical enablers of vishing attacks, making a fraudulent call appear to come from a number the recipient already trusts.
Sub-techniques
| Sub-technique | Target | Goal |
|---|---|---|
| Official Phone Number Spoofing | Individuals / customers | Impersonate a bank, government agency, or law enforcement |
| Customer Phone Number Spoofing | Financial institution staff | Impersonate a legitimate account holder to bypass verification |
How does official phone number spoofing work in practice?
A fraud actor calls a victim from a number that displays as their bank's published customer service line. The victim, seeing a familiar number, answers and trusts the caller. The attacker then uses pretexting (claiming suspicious activity, a pending transaction, or a security alert) to extract OTPs, card details, or account credentials.
How does customer phone number spoofing work?
Here the direction reverses: the fraud actor calls the bank, spoofing the phone number of a legitimate account holder. Contact centre agents who use caller ID as a verification factor may grant access, change account details, or perform transactions based on a number they believe belongs to a real customer.
Why is phone number spoofing a specific training priority?
Employees in contact centres and bank branches are the targets of customer-number spoofing. Training them to treat caller ID as an untrusted signal (and to enforce out-of-band identity verification) is a direct countermeasure. Arsen's vishing simulation platform replicates spoofed-number scenarios to build this reflex.
Key takeaways
- Phone Number Spoofing is a Defense Evasion technique in MITRE F3 with two sub-techniques.
- Official spoofing targets customers; customer spoofing targets bank staff.
- It is the primary technical enabler of vishing attacks.
- Caller ID cannot be trusted as an authentication or verification mechanism.
- Contact centre staff need specific training to verify identity through out-of-band channels regardless of displayed number.
What is MITRE Fight Fraud Framework™ (F3)?
The MITRE Fight Fraud Framework (F3) is a curated knowledge base of tactics, techniques, and sub-techniques used by fraud actors in cyber-based financial fraud incidents. Developed by MITRE's Center for Threat-Informed Defense in collaboration with FS-ISAC, JPMorganChase, and Lloyds Banking Group, it provides a common language for fraud-fusion teams to describe, detect, and prevent financial fraud. F3 is modeled after MITRE ATT&CK® and focuses on banking institutions as its initial scope.
