In case you didn’t know, CallerID can be spoofed (too)

It’s no secret for anyone reading carefully most of today’s PBXs documentation (having owned one before) that CallerID information can be faked.

Update: also picked up by Slashdot

This article at Security Focus explains one of the many ways, although there are much simpler methods.

I used to rely on CallerID for identification purposes when customers called for passwords and other detailed information on their services.

I ultimately ended up combining a series of elements to determine the level of trust I deemed necessary to obtain such information – at the risk of being considered too paranoid.

Isn’t paranoia good for business ? 😉