Comprehensive glossary of phone scam terminology — from robocall to STIR/SHAKEN to SIM swapping, all explained clearly.
Attestation (STIR/SHAKEN): A rating assigned to a call by the originating carrier. Level A (full attestation) = carrier verified the caller is authorized to use the displayed number. Level B (partial attestation) = carrier verified call origin but not the specific number. Level C (gateway attestation) = call entered the US from an external source the carrier cannot fully verify. Autodialer (ATDS): Automated Telephone Dialing System — equipment that dials numbers from a stored list or randomly generates numbers to dial. Regulated by the TCPA, which requires prior express written consent before using autodialers for non-emergency calls to cell phones. Violations: $500-$1,500 per call in statutory damages.
Callback Scam (Wangiri): A scam using missed calls from expensive international numbers to bait victims into calling back, generating premium-rate charges. Wangiri is Japanese for "one ring and cut." Caller ID Spoofing: The deliberate falsification of caller ID information. Illegal under the Truth in Caller ID Act of 2009 (47 U.S.C. §227(e)) when done to defraud or harm. VoIP systems make spoofing trivially easy. CNAM (Caller Name): The database lookup system providing the name displayed alongside a phone number. Not real-time — name data is often outdated. VoIP callers can often write their own CNAM records, which is why caller ID names are unreliable as authentication. Deepfake Voice: AI-synthesized audio mimicking a specific person's voice, generated from existing recordings. Used in sophisticated vishing attacks impersonating executives (CEO fraud), family members (grandparent scam variant), or government officials. Open-source tools can generate convincing voice clones from as little as 3 seconds of audio as of 2024. DNCL (Do Not Call List): The National Do Not Call Registry, maintained by the FTC at donotcall.gov. Restricts most unsolicited sales calls (with exceptions for charities, political organizations, and companies with existing business relationships). FCC: Federal Communications Commission — the US government agency that regulates interstate communications, enforces the Truth in Caller ID Act, and mandated STIR/SHAKEN implementation. Complaint filing: consumercomplaints.fcc.gov. FTC: Federal Trade Commission — the primary federal agency for consumer fraud enforcement, including phone scams. Maintains the Do Not Call Registry and the Consumer Sentinel complaint database. Fraud reporting: ReportFraud.ftc.gov.
Ghost Call: A call where the recipient answers and hears only silence before the line disconnects. Generated by autodialers that dialed more numbers than available agents to handle. Also used deliberately to profile answering behavior for targeting. Gray Route: International call routing through unofficial channels that bypass regulated carrier interconnects, often to avoid termination fees. Gray route calls frequently arrive with inaccurate or spoofed caller ID. Scam operations frequently use gray routes to obscure call origins. IMSI Catcher (Stingray): A device that impersonates a cell tower to intercept mobile communications, including calls and SMS. Used by law enforcement with warrants but also commercially available in unauthorized configurations. Can capture SMS-based 2FA codes in transit. IVR (Interactive Voice Response): Automated phone system responding to caller keypad input ("Press 1 for English"). Scammers use IVR systems to make robocall operations appear professional and to route respondents to human operators. Jamming: The illegal transmission of radio signals on cellular frequencies to prevent phones from connecting to legitimate towers. Illegal in the US under 47 U.S.C. §333 but sometimes used to force phones to connect to attacker-controlled equipment (IMSI catchers). Know Your Customer (KYC): Identity verification requirements financial institutions apply when onboarding customers. Scammers with stolen personal information can sometimes bypass KYC checks by providing correct SSN, date of birth, and address data from data breaches. Latency Fraud: Artificially delaying live operator connection to an answered call, causing the brief silence recipients often hear after saying "hello." Excessive latency fraud violations are an FTC enforcement priority under the Telemarketing Sales Rule. Lead Generator: A company that collects consumer information (often through deceptive free offer promotions) and sells contact lists to telemarketers and scammers. FTC's 2022 dark patterns enforcement actions targeted several lead generation companies.
Neighbor Spoofing: A caller ID spoofing technique where the displayed number matches the recipient's local area code and prefix, making the call appear to come from a nearby number. Designed to increase answer rates by appearing local. STIR/SHAKEN has reduced but not eliminated neighbor spoofing. Number Hijacking: Unauthorized acquisition of someone's phone number through port-out fraud or SIM swapping, enabling interception of calls and texts intended for the original owner — including 2FA codes. One-Ring Scam: See Wangiri. A single ring from a premium-rate number designed to prompt a callback. Most active from Caribbean area codes (876, 473, 649) that begin with US country code +1, making them appear domestic. OTP (One-Time Password): A time-limited code sent via SMS, email, or authenticator app to verify identity. OTP theft via SIM swapping, smishing, or real-time phishing relay attacks is one of the most common 2FA bypass techniques. PBX Hacking: Unauthorized access to a business's private branch exchange phone system to generate fraudulent long-distance calls or to make outbound scam calls appear to originate from legitimate business numbers. Phishing: The broad category of social engineering attacks using fraudulent communications to steal information or deliver malware. Voice phishing = vishing; SMS phishing = smishing; email phishing = phishing (original meaning). Port-Out Fraud: The unauthorized porting of a victim's phone number to a carrier controlled by the attacker. See Number Hijacking. Premium Rate Number: Phone numbers (historically 900-prefix in US, various formats internationally) that charge above-standard per-minute rates. Used in callback scams to generate fraudulent charges when victims call back missed calls. Robocall: An automated phone call delivering a pre-recorded message. Legal for political campaigns, charities, emergency notifications, and healthcare reminders; illegal for sales calls without prior express written consent under the TCPA. Robodialer: See Autodialer. Software or hardware automating outbound dialing at scale.
SIM Swap: An attack where a criminal convinces a mobile carrier to transfer a victim's phone number to a new SIM card (within the same carrier) controlled by the attacker. Distinguished from port-out fraud (different carrier). Both achieve the same goal: intercepting the victim's calls and texts. Smishing: SMS phishing. Fraudulent text messages designed to steal information or bait victims into calling scam numbers. Spoofing: The falsification of caller identity information. Legal versions exist (businesses displaying their main number rather than an employee's extension) but illegal when used to defraud. SS7 (Signaling System 7): The protocol suite handling call setup, routing, and billing across the global telephone network. Contains significant security vulnerabilities documented since 2014 that allow sophisticated attackers to intercept calls and SMS messages in transit. Exploited by nation-state actors and well-resourced criminal organizations. STIR/SHAKEN: Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs. The US call authentication framework mandated by the FCC in 2021. Uses digital signatures to verify that the carrier originating a call has authenticated the caller's right to use the displayed number. TCPA (Telephone Consumer Protection Act): The 1991 federal law governing unsolicited phone calls and texts. Establishes the Do Not Call Registry, prohibits autodialed calls to cell phones without consent, and provides a private right of action: $500-$1,500 per violation. Toll-Free Fraud: Scam operations using toll-free numbers (800, 833, 844, 855, 866, 877, 888 prefixes) to appear legitimate. The FCC's toll-free registry (somos.com) allows verification of toll-free number ownership. Vishing: Voice phishing. Fraudulent phone calls designed to steal information or money. Wangiri: Japanese for "one ring and cut." A callback scam technique where premium-rate international numbers are briefly dialed to generate a missed call notification, prompting the victim to call back at expensive per-minute rates. Wardialing: Automated sequential dialing of phone numbers to identify live numbers for subsequent scam targeting. ZipZap: Rapid sequential spoofed calls using multiple numbers to overwhelm call blocking filters — a new number is spoofed for each call attempt so previous block lists are ineffective. Used by high-volume scam operations to maintain access to targeted phone numbers that have blocked prior attempts.
RELATED GUIDES
LOOKUP BY AREA CODE