Croatia Caller ID Spoofing

TL;DR

Caller hijacking (spoofing) is happening in Croatia. This guide explains how to identify it, report it, and steps you can take to protect yourself. There’s limited direct technical prevention for individuals, so focus on awareness and reporting.

Understanding the Problem

Criminals are making phone calls that appear to come from legitimate Croatian numbers (businesses, government agencies, even your own number). This is done using Voice over Internet Protocol (VoIP) technology. They use this to trick people into giving away money or personal information.

Identifying Caller Hijacking

1. Unexpected Calls: Be wary of calls from numbers you don’t recognise, especially if they claim urgent action is needed.
2. Inconsistent Information: If the caller asks for details that a legitimate organisation should already have (e.g., your bank account number), it’s a red flag.
3. Request for Remote Access: Never give anyone remote access to your computer or phone based on an unsolicited call.
4. Unusual Behaviour: Listen for background noise, poor connection quality, or robotic voices.

Reporting Caller Hijacking

1. Croatian Regulatory Authority (HAKOM): Report the incident to HAKOM (Hrvatska regulatorna agencija za telekomunikacije). You can find their contact details and reporting forms on their website: https://www.hakom.hr/en
2. Police: File a police report, especially if you have suffered financial loss or suspect fraud.
3. Your Phone Provider: Contact your phone company (e.g., Hrvatski Telekom, A1 Croatia, Telemach) to inform them of the suspicious call. They may be able to investigate and block similar numbers.

Protecting Yourself

1. Don’t Answer Unknown Numbers: If you don’t recognise a number, let it go to voicemail.
2. Verify Caller Identity: If you answer and are suspicious, ask for the caller’s name, organisation, and contact details. Independently verify this information through official channels (e.g., by calling the company directly using a known phone number from their website).
3. Never Share Personal Information: Do not give out sensitive information like bank account numbers, passwords, or PIN codes over the phone to unsolicited callers.
4. Be Skeptical of Urgent Requests: Criminals often create a sense of urgency to pressure you into acting quickly without thinking.
5. Install Call Blocking Apps (with caution): Some apps can help block spam calls, but be careful about granting them permissions and ensure they are reputable.

Technical Considerations (Limited Individual Control)

Unfortunately, there’s limited technical control for individuals to prevent caller ID spoofing directly. The problem originates with VoIP providers and international call routing.

1. STIR/SHAKING Implementation: HAKOM is working on implementing STIR/SHAKING protocols (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKens) to help verify caller identity. This will improve the situation over time, but it’s not a complete solution and requires cooperation from all telecommunications providers.
2. Number Blocking: You can block specific numbers on your phone, but spoofers often use different numbers.

   (Example for Android - settings may vary) Settings > Phone > Blocked Numbers > Add Number

cyber security Awareness

Stay informed about the latest scams and fraud techniques. Educate your family and friends, especially those who are less tech-savvy.