Phone scammers who disguised their caller ID to mimic banks and police departments stole more than $215 million from Americans last year, according to the FBI’s latest annual Internet Crime Report released on April 9, 2026. The scheme works because victims see a familiar number on their screen and assume the call is legitimate, a vulnerability that federal agencies have now flagged in multiple public warnings. Total internet crime losses hit $16 billion in 2024 alone, and the spoofing subcategory has grown fast enough to draw coordinated alerts from the FBI, the Federal Trade Commission, and the U.S. Marshals Service.
How caller-ID spoofing drains bank accounts in minutes
The mechanics of these scams are disturbingly simple. A caller posing as a bank fraud department tells the victim that a suspicious transaction has appeared on their account. The victim, reassured by a number that matches their bank’s published line, follows instructions that sound protective but are designed to hand over access. In one widespread variant described in an IC3 public alert, the scammer tells the target to cut their debit card in half while leaving the chip intact, then sends a courier to collect the chip along with any cash the victim has withdrawn for “safekeeping.” By the time the real bank is contacted, the money is gone.
A parallel track targets victims through government impersonation. Callers claim to be local police officers, federal marshals, or agents from agencies like the IRS, then pressure targets into wiring funds or feeding cash into cryptocurrency ATMs. The FTC has reported sharp growth in cash payments to these impostors, with losses climbing as criminals refine their scripts and spoofing tools. In Erie, Pennsylvania, the U.S. Marshals Service and FBI issued a joint warning after a wave of calls used real employee names and office numbers to demand bitcoin payments for fabricated warrants, illustrating how easily official identities can be copied over the phone.
What makes these calls so effective is the trust people place in caller ID. The FBI’s Internet Crime Complaint Center (IC3) stated plainly in a January 2024 advisory on Chinese police impersonators that contact from a seemingly official phone number is not proof of official action. That warning described cases in which scammers spoofed numbers belonging to overseas law enforcement agencies to extort members of the U.S.-based Chinese community. The same spoofing technology is available to any criminal willing to pay a few dollars for a voice-over-IP service that lets them choose whatever number appears on the recipient’s screen, turning caller ID from a safety tool into a weapon.
$16 billion in losses and a caller-ID fix still half-deployed
The FBI’s annual report covering calendar year 2025, released on April 9, places the $215 million spoofing figure within a broader picture of online fraud that has ballooned year after year. The bureau’s prior report on 2024 showed that reported internet crime losses reached $16 billion, with phishing and related schemes among the costliest complaint categories. That trajectory suggests the problem is growing faster than enforcement and consumer education can contain it.
One technical countermeasure already exists. The STIR/SHAKEN protocol, mandated by the Federal Communications Commission for major carriers, authenticates caller ID so that spoofed numbers can be flagged or blocked before they reach a consumer’s phone. Large carriers have deployed the system on their IP-based networks, but smaller providers and those still running older infrastructure have received extensions or exemptions. The result is a patchwork: calls that pass through a fully authenticated path can be verified, while calls routed through even one non-compliant carrier lose that protection and may arrive without any warning label.
That inconsistency creates a moving target. As authentication improves on some networks, scammers can simply route calls through providers that have not fully implemented STIR/SHAKEN or that still rely heavily on legacy systems. A reasonable expectation is that providers with full deployment will see a measurable drop in successful impersonation complaints compared with carriers that remain partially compliant, but no published federal dataset yet isolates complaint rates by carrier authentication status. For now, regulators and researchers are left to infer effectiveness from overall complaint trends rather than from direct before-and-after comparisons.
This data gap matters. Without carrier-level breakdowns, regulators cannot confirm whether the technical fix is actually reducing harm or simply pushing scammers toward the weakest links in the phone network. The FBI’s IC3 reports aggregate complaints by crime type and loss amount, not by the telecom infrastructure the call traveled through. Until that changes, the connection between STIR/SHAKEN rollout and real-world fraud reduction remains logical but unproven at scale, leaving policymakers to rely on engineering theory and limited pilot studies instead of robust national evidence.
What victims and regulators still cannot answer
Several questions remain open. The $215 million figure from the FBI’s 2025 report captures only losses that victims reported to IC3, which means the true financial damage from spoofed phone calls is almost certainly higher. Many people never file a complaint, either because they are embarrassed, unsure which agency handles their case, or unaware that a reporting system exists. Others may have their losses reimbursed by banks and assume there is no need to alert law enforcement. As a result, the official numbers function more as a floor than a full accounting.
Another unknown is how spoofing intersects with other forms of fraud. A single incident might involve a spoofed call that leads to a phishing website, a fake technical support session, or a cryptocurrency transfer. When victims describe these experiences, they may emphasize the part that felt most salient-such as the fake website-rather than the caller ID that made them pick up in the first place. That can push some spoofing-enabled crimes into other categories, further obscuring how central phone impersonation has become to modern fraud.
Regulators also lack clarity on which consumer warnings actually change behavior. Federal agencies have published advisories urging people not to trust caller ID, to hang up and call back using a verified number, and to treat any demand for immediate payment as a red flag. Yet scammers continue to find victims who either never saw those messages or felt too pressured to follow them. Without systematic testing-such as comparing complaint rates in regions with intensive outreach campaigns against those with minimal messaging-it is difficult to know which strategies deserve expansion.
For victims, the unanswered questions are more personal. Many want to know why their bank or phone company could not stop a call that clearly came from a spoofed number, or why law enforcement cannot simply “trace” the scammer the way television shows suggest. The reality is that calls often hop across multiple jurisdictions and providers, some of them overseas, before reaching a target. Even when investigators can identify the origin, the perpetrators may operate in countries where cooperation is limited or where enforcement resources are thin.
In the meantime, the most reliable defenses remain basic but demanding: assume caller ID can be faked, refuse to provide sensitive information or payments during an unsolicited call, and independently verify any urgent request by using a trusted phone number or website. For regulators and carriers, the challenge is to pair those individual precautions with infrastructure that makes spoofing harder and less profitable. Until reporting systems capture more detail and technical safeguards are consistently deployed, the gap between the scale of the problem and the tools to measure and reduce it will persist-leaving millions of Americans to navigate a phone system where the number on the screen can never be taken at face value.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
