Romanians are facing an alarming growth of spoofing telephone scams, a method by which criminals falsify the appellant’s identity to deceive victims to provide sensitive information, authentication or money codes.
Alarming growth of Photo Telephone Scams: Shuterstock
In view of these cases, the Directorate of Criminal Investigations within the General Inspectorate of the Romanian Police, in collaboration with the National Authority for Administration and Regulation in Communications (ANCOM), started and implemented a set of measures meant to limit the magnitude of the phenomenon, including the blocking of international calls that erroneously or fraudulently displays.
In June 2025, ANCOM issued decisions for electronic communications service providers that provide interconnection links with networks outside the national territory, imposing the obligation to block, starting July 7, 2025, international calls to the national numbers presenting as an identifier of the appellant (CLI) or numbers from the national plan other than 06 Numbers that use the country code +40, but do not respect the official structure of numbering resources. This measure aims to prevent the falsification of the appellant’s identity and to protect citizens against telephone scams.
Spoofing cases involve calls and messages in which the criminals falsify the number displayed or the name of the caller, so that the victim believes that they interact with a representative of an official institution, such as the police, banks, ANAF or other public entities.
Sample display: When the number on the screen is not real
A frequently encountered scheme is the one in which criminals are given as “police” and convince people to provide SMS, passwords, bank data or to make transfers and acquisitions under the pretext. “Blocking the samples” in a fictional file.
The purpose of these practices is to evade money or personal data for committing crimes, such as fraud, identity theft or opening credits on behalf of victims.
Calls with spoofing numbers are usually made by Voice Over IP (VOIP) technology, which allows the display of a different number from the real one. This method creates the impression of trust or emergency and facilitates the committee, including the theft of personal and financial data.
Although technology can be used for legitimate purposes, criminals use it to mislead victims and cause them to disclose sensitive information, often presenting as employees of official institutions.
The operation mode begins, in most cases, by collecting seemingly trivial information, such as name, address, age, public visible transactions or data obtained from social networks. This information serves as verification elements that increase the credibility of the conversation.
How spoofing works
Subsequently, the criminals initiate calls in which they display an official identity, such as “Romanian Police”, “X Inspectorate X” or the name of a banking institution. Although the display can be technically forged, the impact on the victim is real: the apparent authority creates tension and decreases the critical attention of the contacted person.
The voice at the other end of the thread is calm, safe on it and uses a convincing bureaucratic language, with references to “file”, “investigation” or “procedure”. The conversation is built as a small theater of the authority: the appellant presents himself as an officer or inspector, offers a plausible name, sometimes even a false card number, and immediately gives gravity to the situation. In order to gain control over the victim, the criminals use elements that seem technical: they mention a suspicious transaction, an account involved in a correct fraud or personal details, which enhance the sensation of authenticity of the appeal.
The temporal pressure is constant. The appellant states that the investigation must be completed urgently and that the samples must be protected immediately, requesting the victim’s cooperation. Under these conditions, many people make pressure decisions, to avoid imaginary consequences, such as blocking accounts, issuing mandates or detention. Offenders exploit the fear of legal repercussions and loss of economies, presenting cooperation as an act of good faith.
Specifically, the criminals request technical or material support to implement the scam. In some cases they demand SMS codes, presented straight “Verification codes“Which would demonstrate the victim’s good faith or allow “Blocking a transaction”.
In other situations, I ask the installation of a distance access application under the pretext “verification of samples ”.
Once installed, the application allows total phone or computer control, exposing accounts and passwords. Other times, they request transfers of money in intermediate accounts, explaining that the amounts are “in custody” in a fictional investigation, thus masking the final destination of money and preventing the rapid intervention of the bank.
These applications are supported by additional technical maneuvers: spoofing for masking the origin of the call, SIM SWAP to take over the victim’s number, to create false accounts and to use third parties to take over the money and to introduce in the circuit of virtual currencies.
The communication is often carried out in the team, an apparently official call being followed by another confirming the instructions, increasing the feeling of legitimacy. In parallel, the criminals build a “non-leisure” architecture, using email accounts, prepaid phones or payment services from other countries to complicate the pursuit.
Impact on victims
Once the victim gives up, the process accelerates: the codes allow for authentication in accounts, the applications give complete control over the devices, and the transferred money is removed quickly, dispersed by intermediate accounts or converted into cryptocurrencies.
After the first success, the criminals can return with new pretexts or use the data collected to try fraud on other people. The phenomenon has a cross -border character, the calls often coming from outside Romania, which complicates the action of the authorities.
Recommended protective measures
For the protection of citizens, the authorities recommend extreme caution. SMS, passwords, PINs or data from the card on the phone should not be provided, and in the case of a suspicious call, the conversation must be concluded immediately, and the institution contacted by official channels. Applications should not be installed at the request of unknown persons, nor made transfers or acquisitions at their indication.
It is essential to activate two steps authentication in bank applications and important accounts, use strong and different passwords for each account, do not publish personal information online, to periodically check the installed applications and permissions, to avoid opening suspicious links and to use trusted antivirus programs.
It is also recommended to set transaction limits in bank applications, regularly check the balance and history of accounts and contact the bank immediately in the case of suspicious transactions or if data sensitive to unknown persons have been provided.
If someone becomes a victim of a deception in the online environment, the rapid notification of the authorized institutions can significantly support the conduct of the investigations and prevent the extension of fraud.
