The digital age has brought an unprecedented level of convenience to communication, but it has also equipped criminals with sophisticated tools to weaponize trust. One of the most alarming developments in modern fraud is the rise of police phone spoofing scams, where attackers manipulate caller identification systems to make their phone numbers appear as official law enforcement agencies on a victim’s screen.
For most people, seeing a local police department’s official number on their mobile device provides an immediate sense of legitimacy. However, cybersecurity experts and law enforcement agencies are now warning the public that the “Caller ID” can no longer be trusted as a verification tool. This tactic, known as “spoofing,” allows scammers to bypass the natural skepticism of their targets by masquerading as authority figures.
A recent and disturbing example of this technique emerged in the Canton of Bern, Switzerland, where residents have been targeted by a coordinated effort to steal funds through a multi-stage psychological trap. In one instance, a resident of Thörishaus reported a sophisticated attempt where the scammers utilized a two-pronged approach: first posing as bank employees and then as police officers, with the latter call appearing to originate from the official central number of the Bern Cantonal Police.
This evolution in social engineering represents a significant shift in how fraudulent calls are conducted. While traditional “vishing” (voice phishing) often relies on urgency and fear, the integration of spoofing adds a layer of perceived authenticity that can deceive even the most cautious individuals. By the time the victim realizes they are speaking to a criminal, the attackers have often already established a rapport or created a crisis that demands immediate financial action.
The Anatomy of a Spoofing Attack
The “Bank-Police” loop is a classic example of high-pressure social engineering. The scam typically begins with an initial call from an individual claiming to be a bank employee. This first caller informs the victim that there is “suspicious activity” on their account or that their funds are at risk. This creates a state of anxiety and places the victim in a vulnerable mental state.
Shortly after, a second call arrives. This caller presents themselves as a police officer, claiming to be investigating the very fraud mentioned by the “banker.” To solidify the deception, the scammer uses spoofing technology to ensure the official police station’s phone number is displayed on the victim’s screen. This visual confirmation often silences the victim’s internal alarms, as they believe they are speaking with a verified government official.
Once trust is established, the “officer” instructs the victim to “secure” their money. Common demands include withdrawing cash and handing it over to a “courier,” transferring funds to a “safe government account,” or providing sensitive banking passwords and credit card details. The psychological pressure is intense. the scammers often tell the victim to keep the call a secret to avoid “compromising the investigation.”
According to the National Cybersecurity Centre (NCSC) of Switzerland, these types of impersonation attacks are designed to exploit the natural human tendency to obey authority, making them particularly effective against those who may be less familiar with the technical capabilities of VoIP (Voice over Internet Protocol) systems.
How Caller ID Spoofing Works
To understand why this is possible, one must understand the shift from traditional landlines to digital telephony. In the past, phone numbers were tied to physical wires, making it nearly impossible to fake a source. Today, much of the world’s voice traffic travels via VoIP, which treats voice data as packets of information similar to an email.
Spoofing occurs when a caller uses a VoIP service or a specialized app to modify the “From” field in the call’s metadata. The telephony network simply transmits the number provided by the sender to the receiver’s device. Because the network does not always verify that the sender actually owns the number they are claiming, the victim’s phone displays whatever number the scammer has chosen—whether it be a local police precinct, a government tax office, or a trusted family member’s number.
This technology is not inherently malicious; it is used legitimately by businesses to show a consistent main office number even when calls are made from various extensions. However, in the hands of criminals, it becomes a powerful tool for deception. The danger is amplified when scammers combine spoofing with “social engineering,” the art of manipulating people into divulging confidential information.
Who Is Most at Risk?
While anyone can be a victim of a sophisticated spoofing attack, criminals frequently target the elderly. This demographic is often viewed as more trusting of authority figures and may be less aware of the technical ease with which a phone number can be faked.
Scammers often spend time researching their targets, using leaked data from previous breaches to find names, addresses, and bank affiliations. This “spear-phishing” approach makes the initial call from the fake bank employee feel personal and legitimate, increasing the likelihood that the victim will believe the subsequent call from the “police.”
Beyond age, the primary vulnerability is the “urgency gap.” By creating a simulated emergency, scammers force victims to make quick decisions, bypassing the critical thinking process that would normally lead a person to question why a police officer is asking for bank passwords over the phone.
Critical Defense Strategies: How to Protect Yourself
The most important lesson in the era of spoofing is a simple but difficult one: Never trust the number displayed on your caller ID. Whether the call looks like it is coming from the police, your bank, or a government agency, the visual evidence is no longer a guarantee of identity.
To protect yourself and your loved ones, follow these rigorous verification steps:
- Hang up and call back: If you receive an unexpected call from a government agency or bank, terminate the call immediately. Do not use a “redial” function. Instead, find the official phone number from a trusted source—such as the back of your bank card, an official government website, or a physical directory—and call them back directly.
- Verify through a separate device: If you suspect a call is a scam, use a different phone to make the verification call. Some advanced scams can “trap” your line, meaning when you hang up and dial a number, the scammer remains on the line and simulates the sound of a ringing phone before answering as the “official” agency.
- Never share sensitive data: Legitimate law enforcement agencies and banks will never ask you for your passwords, PINs, or credit card security codes over the phone. They will also never ask you to withdraw cash and hand it to a stranger or transfer money to a “safe account.”
- Be wary of secrecy: If a caller insists that you keep the conversation secret from your family or bank staff, this is a definitive red flag. Genuine police investigations do not require you to hide the fact that you are speaking with the police from your own family.
- Educate vulnerable family members: Ensure that elderly parents or relatives are aware that police numbers can be faked. Encourage them to always consult a trusted family member before taking any financial action requested over the phone.
For those who believe they have been targeted, reporting the incident is crucial. Even if no money was lost, reporting the spoofed number helps authorities track the patterns of the attackers. In Switzerland, citizens are encouraged to report such incidents to their local police and the Federal Office of Police (fedpol) to help build a broader picture of the threat landscape.
The Future of Phone Fraud
As spoofing becomes more common, the next frontier for scammers is “deepfake” audio. Using artificial intelligence, criminals can now clone the voice of a specific person—such as a known police chief or a family member—using only a few seconds of audio recorded from social media or public speeches. When combined with caller ID spoofing, this creates a nearly perfect illusion of identity.
The battle against these scams is not one that can be won by technology alone. While telecommunications companies are working on protocols like STIR/SHAKEN (Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENS) to authenticate caller IDs, these systems are not yet universally implemented across all global networks.
Until a global standard for caller verification is established, the strongest defense remains human skepticism. By treating every unsolicited call with a degree of caution and adhering to a strict “verify-then-trust” policy, the public can neutralize the effectiveness of these high-tech frauds.
The next major update on telecommunications security standards is expected as international regulators continue to pressure VoIP providers to implement stricter authentication measures. We will continue to monitor these developments and provide updates as new safeguards are rolled out.
Have you or a family member encountered a spoofing attempt? Share your experience in the comments below to help warn others, and share this guide with your network to increase awareness.