Skip to content
Naked Security Naked Security

Burglars allegedly spoof caller ID to scare couple out of their home

They'd arrested a man, the "cop" said, and found photos of the couple's daughter. He urged them to take her to a safe location. Then the "cop" allegedly robbed their house.

Two Missouri men have been arrested for allegedly spoofing the police department’s phone number to scare a couple out of their home so that they could burglarize it.

According to the local paper Houston Herald, on Saturday, 30 January, Marna Streetman got a call at 10:30 a.m.

The caller identified himself as an undercover officer with the Missouri State Highway Patrol.

His story: he was working on a sexual offense case with the West Plains Police Department. They’d arrested a man, he said, and found that he had photos of the Streetmans’ 23-year-old daughter.

The police, purportedly in pursuit of a second suspect, had reason to believe that the Streetman’s daughter was in danger, he said.

You’ve got to drive over to West Plains immediately, he said. Get her to a safe location until we nab this guy.

The real cops said that the bogus cop turned out to be James J. Woolsey, 25, of Summersville, Missouri.

He, along with Lenny J. Hebert, 27, of Hartshorn, Missouri, allegedly hopped over to the Streetmans’ house after scaring them out, where they proceeded to steal firearms and apparently try to steal a car.

The two have each been charged with second-degree burglary, first-degree tampering with a motor vehicle and three counts of stealing a firearm.

In addition, Woolsey, already a convicted felon, was also charged with unlawful possession of a firearm. Hebert was reportedly already on felony probation.

Streetman told the Houston Herald that she didn’t believe the caller at first, so she tried to trip him up:

I didn’t believe him. I told him it didn’t sound right.
I said ‘OK, Tell me where my daughter lives.’ He told me exactly where she lives, and not many people know where she lives.

The reason the suspects knew all the answers was that they’d both gone to high school with her, it turns out.

Don’t attempt to contact your daughter, the bogus cop caller told Streetman.

She ignored that advice and called her daughter from her husband Louie’s phone.

No time to explain: we’re on our way, she told her daughter.

I told her to lock the door, get your gun in one hand and phone in the other.

Streetman didn’t just drive over to get her daughter out of supposed harm’s way, though: the suspicious woman kept acting on her hunches.

And that, in fact, is how a neighbor managed to spot the alleged burglary in progress.

How did the caller manage to convince this suspicious woman in the first place?

He did it by using one of many tools out there that allow anybody to disguise their identity by sending fake information to caller ID.

What is caller ID spoofing?

Caller ID spoofing apps aren’t illegal, but using them to harm or defraud somebody is.

Caller ID spoofing is often used to try to trick someone into giving up valuable personal information so it can be used in fraudulent activity or sold for identity theft.

It’s also increasingly used in the act of swatting, when fake calls are placed to emergency services.

As we’ve written with regards to fraudulent calls targeting US banks, caller ID spoofing can be particularly convincing in the US, given that the call display service used by most phone companies here does a reverse lookup for the name information based on the caller ID number provided by the call.

Once a criminal determines the phone number he wants to have fraudulently show up as his caller ID number – in this case, the number for the local police – it’s trivial to display that number on the call recipient’s display.

Caller ID spoofing has been around for years through various technologies: ISDN PRI circuits used by collection agencies, law enforcement, and private investigators, all of whom have used it with varying degrees of legality; spoofing services such as Star38.com; and through Voice over IP (VoIP) technology.

What to do if you suspect you’re being spoofed

In the US, the Federal Communications Commission has released a guide warning consumers about caller ID spoofing.

In the UK, Ofcom offers this guide.

The agencies’ tips:

  • Never give out personal information such as account numbers, taxpayer numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you’re at all suspicious – particularly if you’re being pressured to hand over information immediately.
  • Don’t rely on Caller ID as the sole means of identification, particularly if the caller asks you to do something that could have financial consequences.
  • If you get an inquiry from someone who says they represent a company or a government agency seeking personal information, hang up and call the phone number on your account statement, in the phone book or on the company’s or government agency’s website to verify the authenticity of the request.
  • If you have a voicemail account with your phone service, be sure to set a password for it.  Some voicemail services are preset to allow access if you call in from your own phone number.  A crook could spoof your home phone number and gain access to your voicemail if you don’t set a password.
  • If the crime’s in progress, call your country’s emergency line, such as 911 in the US or 999 in the UK.

As you can infer from the tips above, spoofing crooks usually stick to identity theft, unless they’re pulling a stunt like swatting.

What about when a caller identifies himself as being a cop?

The whole thing sounded fishy to Marna Streetman.

So she hit redial on her iPhone to call the number back, to verify whether it was a real law enforcement agency. (Mind you, it’s best to look up the calling party’s number on your own instead of just dialing back the number the call came from.)

West Plains Police Department did, in fact, answer the call, but they couldn’t identify the officer based on the fake name Woolsey had given her.

OK, that’s weird, the Streetmans thought.

But hey, Woolsey said he was an undercover cop. Maybe he was using an alias, or working unidentified?

Streetman kept making calls. First, she called highway patrol.

Then – smart woman! – she called a neighbor and asked him to check on their home.

The neighbor said he’d check after his chores – he’s a dairy farmer – were finished.

When he did check, the neighbor spotted a strange man in the yard and another man inside the patio door of the Streetman’s house.

Given Ms. Streetman’s example, maybe we should add another tip onto that list of how to handle caller ID spoofing: “Be suspicious, and keep acting on your hunches!”

4 Comments

Burglarize? BURGLARIZE? What’s wrong with the perfectly good verb to burgle??

Otherwise a good article. Insecurity of CLI is worrying.

“Burglarize” is an unexceptionable American English equivalent for “burgle” that emphasises the action and activity of burglary, not merely the overall outcome. Like “getting busy burgling.” I quite like “burglarize,” though I’d end it in -ise instead of in -ize. The act of burglarising, of course, is burglarisation, and a tendency to be a burglar is burglarisationism. The police, by the way, are antiburglarisationists.

Sometimes American English words are longer, like here, and like “faucet” when “tap” would do just as well; sometimes they’re shorter, like “fall” for “autumn” and “normalcy” for “normality.”

All part of the global appeal of this fabulous language. Plus…you knew what it meant :-)

I’m curious why they couldn’t bring charges for him impersonating a police officer, since he purposely spoofed the number to look like he was the local constabulary, AND told her he was a police officer.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?