U.S. Business Practices Oppose Effective Crackdown on “Spoofing” Scams

U.S. Business Practices Oppose Effective Crackdown on “Spoofing” Scams

By: Ian Lipka

 

In 2020, Indian national Hitesh Madhubhai Patel was sentenced to twenty years in prison and almost $9 million in restitution for crimes relating to online and telephone scams he owned and organized.^[1] Patel funded and ran India-based call centers that defrauded U.S. victims out of somewhere between $25 million and $65 million from 2013-2016.^[2] While Patel’s conviction was certainly a victory for the Justice Department, the issue of online and telephone scams has dramatically increased since Patel’s sentencing five years ago. The Federal Bureau of Investigations (FBI) concluded that U.S. victims lost $16.6 billion in 2024 from online and telephone scams—compared to just shy of $4 billion in 2020.

Citizens are fraudulently deprived of their money now more than ever. And while criminal prosecutions are effective in their own right, the international nature of these scams makes it extremely difficult for countries to stifle them.^[4] Most scammers operate overseas and are therefore often beyond the jurisdiction of the victim nation.^[5]

Almost four out of every five adults in the U.S. view online/telephone attacks as a major national problem.^[6] Countermeasures are needed, but solving the issue of international scamming is not so simple. The problem may be better addressed by tackling the contributing smaller issues gradually. One such issue primed for change is known as “spoofing.”

 

What is CLI Spoofing?

Have you ever received a phone call from an unknown number that was strangely from a nearby area code? Chances are that the phone call was spoofed. Calling Line Identification (CLI) spoofing is often utilized by digital wrongdoers to trick phone call recipients into believing that they are receiving a call from another (often credible) number. Spoofing generally consists of concealing caller ID information, such as names and area codes.^[7] Fraudsters engaged in spoofing frequently impersonate real institutions—local banks, government offices, or companies like Microsoft—by providing phone call recipients with falsified area codes and credentials.^[8] Spoofing is frequently utilized as a gateway technique employed to trick victims into giving away private information that can lead to worse scams like phishing.^[9]

 

Scams by the Numbers

The variety and types of online/telephone scams are plentiful. The most economically damaging scams of 2024 were investment scams, business email compromises, and tech support scams—totaling $10.8 billion.^[10] The least “lucrative” schemes that scammers deployed consisted of threats of violence, malware, and crimes against children—totaling $3.7 million.[11]

The impact of such crimes is also disproportionately spread across numerous demographics. While the number of persons who report having encountered online attacks is relatively uniform across age brackets,^[12] the amount of money lost often differs severely. People sixty or older incur higher economic losses per incident. The average elderly victim of an online/telephone scam loses $83,000 per scam.^[13] Low-income families are also more susceptible to repeated encounters with such scams than their middle- or upper-class counterparts.^[14]

The most common way scammers reach victims is through a phone call. Just over two-thirds of American adults report getting fraudulent phone calls each week.^[15] As a result, the most commonly reported crime to the FBI’s Internet Crime Complaint Center (IC3) is spoofing/phishing.[16] Spoofing/phishing complaints made up twenty-two and a half percent of the total complaints submitted in 2024.^[17] This was more than double the frequency of the next most common crime type.[18]

 

The Tricky Nature of Controlling Spoofing

Scam call centers are extremely difficult to dissolve when they function in foreign nations. The United States has limited options when trying to extradite or charge persons overseas,[19] and these options are not always efficient.[20] Scam call centers often mix legitimate and illegitimate operations in the same office space.[21] This strategy has two primary purposes. “First, it masks the fraudulent activities behind the veil of routine operations. Second, it creates a financial flow that appears healthy and diversified. When banks or auditors review the company’s financial statements, they see income from legitimate contracts—such as providing support services for popular platforms like Netflix—and are less likely to question large sums of money coming into the business.”^[22] Many financial institutions often authorize transactions to and from these scam companies because their verification concerns are satisfied by the face-value legitimate business.^[23]

Another key issue with preventing spoofing stems from the current geography of U.S. business practice. Companies of all sizes frequently outsource customer service to third party call centers.^[24] These call centers then utilize spoofing to alter their credentials to represent the company. The benefits of outsourcing customer service issues are plentiful for businesses. Outsourced customer services save businesses money, reduce workload, and provide after-hours coverage among other advantages.^[25] However, the parties most unlikely to benefit from such services are, as you might’ve guessed, consumers. Outsourcing customer services can leave customers feeling unsatisfied. Third party service providers cannot guarantee the same knowledge, passion, or priorities as in-house employees. “A call center rep may handle a customer service inquiry for a clothing retailer one minute and a call for home loans the next.”^[26] Finally, the most glaring problem with third party customer service is the security risks associated with credit cards, banking, and personal information.^[27] It is unlikely businesses employ adequate due diligence and in-depth investigations into prospective third-party service providers to fully guarantee information is secure.

 

What About Change?

Not all forms of spoofing are illegal in the United States. For example, a banker may call a client from his private cellphone. The call recipient would see the client ID information of the bank, not the caller’s private phone number. But with these exceptions come the abuses of opportunistic scammers. Congress has pondered over a few “robocall” bills in recent years. The issue of spoofing, however, has largely been untouched until July, 2025. The Keep Call Centers in America Act of 2025, introduced as a bill in the Senate, aims to encourage American businesses to keep their customer services domestic.[28] The Act requires companies to notify the Secretary of Labor at least 120 days in advance of their plans to outsource customer services to an international third party.^[29] The Secretary then subsequently maintains a publicly available list of companies that outsource such services overseas.^[30] Any company appearing on this list is considered ineligible for direct or indirect federal loans or grants for five years.^[31]

Supporters of the bill argue that companies who support CLI spoofing believe that Americans are far less likely to answer a call originating from overseas.^[32] Allowing companies to outsource their customer service and employ “legitimate” spoofing to mask the foreign origin incoming calls only aims to benefit the company and not the consumer. The bill would not ban the use of offshore call centers, but it would make them far less attractive to some businesses.^[33] “There is less motivation to spoof the CLI, and hence to implement all the checks and controls that would genuinely prevent illegal spoofing, if businesses make far less use of overseas call centers.”^[34] Additionally, the relocation of call center jobs to the U.S. creates more job opportunities for Americans.

As mentioned before, a major problem with spoofing is that it’s largely employed by American businesses via their customer service operations overseas. The present U.S. business model relies on spoofing through call centers as a proxy. The Keep Call Centers in America Act of 2025 is more than likely to face backlash from businesses and their lobbyists because it disrupts the cheap, non-secure practices they enjoy. Spoofing remains a cornerstone of online/telephone scamming. But, at the end of the day, Congress must weigh the security of the people versus the market impact of the bill. Victims lose more money to scams every year than ever before. In an age of digital tumult, cracking down on spoofing is a step in the right direction.

 

Link to Image Source:

https://pixabay.com/illustrations/call-center-phone-service-help-1015274/

 

^[1] Office of Public Affairs, Owner and Operator of India-Based Call Centers Sentenced to Prison for Scamming U.S. Victims out of Millions of Dollars, Dep’t of Just. (Nov. 30, 2020), https://www.justice.gov/archives/opa/pr/owner-and-operator-india-based-call-centers-sentenced-prison-scamming-us-victims-out-millions.

^[2] Id.

^[3] Internet Crime Complaint Ctr., Federal Bureau of Investigation Internet Crime Report 2024 at 7 [hereinafter Internet Crime Report], https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf (last visited Oct. 22, 2025).

^[4] Michelle Lepkofker, Prosecuting the Phone Scammer When Extradition Fails and Concurrent Jurisdiction Exists, 47. Brook. J. Int’l L. 188, 191-92 (2021).

^[5] Id.

^[6] Jeffrey Gottfried et al., Online Scams and Attacks in America Today, Pew Rsch. Ctr. (July 31, 2025), https://www.pewresearch.org/internet/2025/07/31/online-scams-and-attacks-in-america-today/.

^[7] Fionan Mc Grath, CLI Spoofing, Cellusys (Jan. 20, 2025), https://www.cellusys.com/2025/01/20/cli-spoofing/.

^[8] Id.

^[9] Spoofing and Phishing, FBI, https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/spoofing-and-phishing (last visited Sept. 20, 2025).

^[10] Internet Crime Report, supra note 3, at 10.

[11] Id.

^[12] Gottfried, supra note 6.

^[13] Internet Crime Report, supra note 3, at 27.

^[14] Gottfried, supra note 6.

^[15] Id.

[16] Internet Crime Report, supra note 3, at 4, 9.

^[17] Id.

[18] Id.

[19] Lepkofker, supra note 4 at 211–213.

[20] See id.; see also Criminal Division, Frequently Asked Questions Regarding Extradition, Dep’t of Just. (updated Aug. 11, 2023), https://www.justice.gov/criminal/criminal-oia/frequently-asked-questions-regarding-extradition (noting extradition can take several months or years).

[21] The Hidden World Of Call Center Scams: Unmasking The Disguise, Faisalkhan, https://faisalkhan.com/knowledge-center/magazine/fraud-scams/the-hidden-world-of-call-center-scams-unmasking-the-disguise/ (last updated Feb. 17, 2025).

^[22] Id.

^[23] Id.

^[24] Marisa Sanfilippo, The Pros and Cons of Outsourced Customer Service, Business.com (last updated Oct. 11, 2024), https://www.business.com/articles/outsourced-customer-service/.

^[25] Id.

^[26] Id.

^[27] Id.

[28] See generally Gallego, Justice Introduce Bipartisan Bill to Protect Americans’ Access to Quality Customer Service, Preserve U.S. Jobs, Ruben Gallego Senator for Arizona (July 30, 2025), https://www.gallego.senate.gov/press-releases/gallego-justice-introduce-bipartisan-bill-to-protect-americans-access-to-quality-customer-service-preserve-u-s-jobs/.

^[29] See generally Keep Call Centers in America Act of 2025, S. 2495, 119th Cong. (1st Sess. 2025).

^[30] Id.

^[31] Id.

^[32] Eric Priezkalns, “Keep Call Centers in Americas Act” Would Transform the Global Anti-Fraud Landscape, CommsRisk (Aug. 26, 2025), https://commsrisk.com/keep-call-centers-in-america-act-would-transform-the-global-anti-fraud-landscape/.

^[33] Id.

^[34] Id.