| | Return to Course 105
LAB | Government Impostor 105
Interactive Lab
Skip
LAB — GOVERNMENT IMPOSTOR 105

The Spoofed Call

You Are Dialing From the IRS

Professor Phish
PROFESSOR PHISH

"The number she trusts is real. The call is not. That's the genius of spoofing, recruit."

Step 1 — Choose Your Agency

Pick the government agency you will impersonate. Your choice determines which real phone number appears on Margaret's caller ID.

Pick an agency to begin

Step 2 — Look Up the Real Number

Scammers don't invent numbers. They use the real government number. When Margaret sees it on her phone, she has no reason to doubt it.

Contact:  | 
usagovhelp.com
How to Contact the IRS — Tax Help 2026
Find phone numbers, addresses and hours for all IRS offices...
SCAMMER'S INSIGHT

The number you're about to use — — is printed on the official government website. When Margaret's phone displays this number, her brain registers "this is the real government." She has been trained to trust caller ID her entire life. That trust is now your weapon.

Step 3 — Launch the Call

Your forged caller ID is configured. Hit Place Call to watch it travel through 7 network hops — not one will verify the number.

SpoofCall Pro
v3.1.4 — Caller ID Spoofing Service
Connected
Caller ID to Display Configured
Target Number
Margaret Olsen
432-555-0147
Midland, TX · Home phone
Voice Changer
Male
Record Call
On
SpoofCall Pro Free Tier · $0.00 · No verification required · Logs deleted after 48h
FORGED PACKET IN TRANSIT — WATCH THE CPN FIELD
Calling Party Number (CPN)
← SET BY ATTACKER · NEVER VERIFIED
Called Party
432-555-0147
Margaret Olsen, Midland TX
Key insight: The CPN field is set by the caller and propagated unchanged through every network hop. No node below has a mechanism to verify whether the CPN matches the true origin.
YOUR MACHINE — ASTERISK PBX
VPS + Asterisk CPN ORIGIN — ATTACKER CONTROLS
CPN injected: · origin unverified by network
SIP TRUNK PROVIDER — GUJARAT, IN
VoIP Carrier NO ATTESTATION CHECK
From: <@spoofcall.pro>
→ forwarded as-is · $15/mo account, no ID required
SIP → SS7 GATEWAY (RFC 3398)
PSTN Gateway SIP CPN → SS7 IAM, NO CHECK
→ SIP CPN copied verbatim to SS7 IAM field
ANTI-SPOOFING FRAMEWORK — CLOSEST DEFENSE
STIR/SHAKEN Check LEVEL C — CALL PASSES THROUGH
⚠ WHY STIR/SHAKEN FAILS HERE:
1. International VoIP trunks receive Attestation Level C (gateway can't verify origin)
2. Level C = flagged but NOT blocked — call continues
3. Only ~42% of US calls covered by STIR/SHAKEN in 2026
PUBLIC SWITCHED TELEPHONE NETWORK
SS7 Transit Network 1975 PROTOCOL — TRUST BY DESIGN
SS7 IAM — CPN field =
SS7 was built for closed networks where all carriers were trusted. CPN = passes untouched
TERMINATING CARRIER
Verizon Wireless DELIVERS WHAT IT RECEIVES
→ packaged as caller ID · delivered to Margaret's handset
📱
VICTIM DEVICE — MIDLAND, TX
Margaret's Phone
CALLER ID: ""  · 
DISPLAYED AS TRUSTED — PHONE HAS NO WAY TO DETECT THE FORGERY
THE COMPLETE PICTURE — WHY THIS WORKS
1.
Attacker's only action: Set in the SIP header. This is a field any VoIP account can set to any value.
2.
SS7 was built in 1975 for closed networks where every carrier was trusted. CPN propagates hop-to-hop with no origin verification — the network was never designed to distrust insiders.
3.
STIR/SHAKEN (2021) was meant to fix this — but only covers ~42% of calls. International trunks receive Level C attestation, which is flagged but not blocked.
Your defense: Caller ID tells you nothing about who is actually calling. Hang up and dial the agency's number from their official .gov website.

Phase 2 — Defender Reveal

Now you know how it's done. Here's how to stop it.

9:41
Incoming Call
🏛️
iPhone
Decline
Accept
CALLER ID IS UNVERIFIED

Anyone with a $15/month VoIP account can display any number. Your phone cannot verify the actual source. The network was designed in 1968 — trust was assumed.

IRS SENDS LETTERS, NOT CALLS

The IRS initiates contact by US mail. Always. If a "tax agent" calls without a prior letter, it is a scam. No exceptions.

GIFT CARDS = ALWAYS A SCAM

No government agency, court, utility, or IRS division will ever accept Google Play cards, Apple gift cards, or any gift card as payment. Zero exceptions. Ever.

HANG UP. FIND THE NUMBER YOURSELF.

End the call. Go to irs.gov directly in your browser. Find their number there. Call that number yourself. If it was real, they'll have a record.

Defense Protocol — Government Impostor

REPORT THIS SCAM
FTC Report
reportfraud.ftc.gov — takes 2 minutes
SSA OIG Hotline
1-800-269-0271 or oig.ssa.gov/report
BY THE NUMBERS — 2024
$577M
Lost to gov. impostor scams (FTC)
26%
of gov. scams use gift cards (FTC)
3%
recovery rate for wire fraud losses
LAB 105 COMPLETE

Mission Accomplished, Recruit.

You've seen caller ID spoofing from the inside out. The number Margaret trusted was real. The call was not. Now you know exactly what to tell the next person who gets that call.

Return to Course & Continue Return to Course 105

Change Alias

Choose your villain name, or roll the dice.

Share Feedback

Help us improve ScamAI University

Feedback received!

Thank you for helping us improve.