> if they convinced (paid) some (more-)legitimate companies to have their outgoing calls show up as the same number as the scammers use
In the US the STIR/SHAKEN[1] protocol adds source-verification. If/when this finally gets fully rolled out, spoofing caller ID without it being blocked is going to get much harder.
But, I'm sure the next step for them is to just go after the millions of small-medium business IP telephony systems that are either poorly configured with default/guessable passwords, or have wide-open security holes.
In the US the STIR/SHAKEN[1] protocol adds source-verification. If/when this finally gets fully rolled out, spoofing caller ID without it being blocked is going to get much harder.
But, I'm sure the next step for them is to just go after the millions of small-medium business IP telephony systems that are either poorly configured with default/guessable passwords, or have wide-open security holes.
[1] https://en.wikipedia.org/wiki/STIR/SHAKEN