A growing wave of caller ID spoofing attacks, in which criminals falsify the number displayed on a phone to appear legitimate, has prompted Europol to call for urgent, coordinated action across Europe.
The agency’s new Position Paper on Caller ID Spoofing highlights that the practice underpins a wide range of online fraud schemes and social engineering scams, costing an estimated €850m ($990m) globally each year.
Growing Exploitation by Organized Networks
Caller ID spoofing now accounts for roughly 64% of reported fraud cases involving phone calls and text messages.
Criminals use this technique to impersonate trusted institutions such as banks, government agencies or even relatives, tricking victims into revealing personal data or transferring money.
Europol warned that organized networks have turned this into a borderless business model, offering “spoofing-as-a-service” to other offenders.
Some attacks have escalated into swatting incidents, where fake emergency calls made using spoofed numbers trigger large-scale responses from authorities. These crimes often originate abroad, making it difficult for investigators to identify and prosecute those responsible.
Read more on cyber-enabled fraud across Europe: Europol Warns of “Shadow Alliance” Between States and Criminals
Technical and Legal Gaps
A Europol survey across 23 EU countries found that approximately 400 million people remain at risk due to fragmented regulations and limited cooperation between law enforcement and telecom providers.
Investigators cited poor information sharing, unclear police mandates and the absence of harmonized anti-spoofing tools as major barriers.
According to Europol, “the current situation where spoofing is easy to perpetrate but hard to investigate is untenable.”
The agency argues that stronger frameworks are needed to make spoofing costlier and more complex for criminals, while enabling faster cross-border investigations.
Europol’s Proposed Measures
The report identifies three top priorities for EU action:
-
Harmonized technical standards to trace fraudulent calls and authenticate legitimate caller IDs
-
Enhanced cross-border collaboration among law enforcement, regulators and industry stakeholders
-
Regulatory convergence to clarify rules around caller ID use and facilitate lawful traceback requests
Finland’s 2021 initiative, which blocked unverified international calls using Finnish numbers, is cited as an example of effective prevention through multi-stakeholder cooperation.
Europol warned that as countermeasures evolve, criminals are likely to adapt. Emerging threats, such as SIM-based scams, anonymous prepaid services and smishing, will require continued vigilance.
The proposed response supports the EU’s ProtectEU strategy, aimed at strengthening Europe’s collective ability to combat organized crime and safeguard citizens from both online and offline threats.
