ghost calling what is

What is a “ghost call” and how to avoid it

Summary of contents

☎ Have you ever received a call, but no one answered from the other end? ❌ In today’s article, we explain why they occur and how to avoid these ghost calls. ✍ Keep reading!

According to Wikipedia: “A ghost call is a telephone call for which, when the called party answers, there is no one on the other end of the call.”

Well, first of all we must differentiate the different reasons why this can happen to us:

Why do they call me and no one answers?

We receive a call from a landline or mobile number, but when we pick it up, we don’t hear anyone: in this case, it is most likely a telemarketing campaign using a “predictive dialer”.

These types of campaigns are automated with systems that run more calls than there are operators available to answer them.

The advocates of this system, among which NOT is GESDITEL , think that this way the number of calls is raised, and the waiting time of the operators is minimized.

If the phone number calling us is national, this is the most frequent cause of the “ghost call” effect.

The solution is simple: GESDITEL customers can block the calling number from our online panel, or request it from the web or by phone.

Users of other operators can contact their customer services. In case we receive the call on a mobile line, we can also do it from our smartphone, blocking the number and reporting it as spam.

Why do I receive calls with strange characters?

IP phones are network elements, i.e. they communicate with the rest of the world via the Internet.

Sometimes, some IP phones, regardless of the operator that manages the phone line, receive calls with strange characters that do not comply with the regulations (numbers that do not have 9 digits, and that do not start with 6-7-8-9). These calls are repeated without any time pattern, day and night.

When we pick up, we hear nothing…. What is going on?

The explanation of what happened, and its solutions, are very simple. When our IP phone communicates with the outside (issues or receives a call), it does so through a port, port 5060.

According to various sources, including ABC , “Half of the world’s traffic is generated by “bots”.” Many of these “bots” scan network traffic looking for “movement” on port 5060.

Once they have detected movements on this port, they “attack” the IP address of our phone terminal, managing to send calls to our phone while trying to take over our credentials. Getting hold of them would allow the attacker to make calls at the expense of the line’s owner.

GESDITEL customers are in luck. Our telephone services include these security settings, and, therefore, this will never have happened to you, and for the time being it will not happen to you either.

How to troubleshoot security issues on IP phones?

For customers of any other telephone operator who have this problem, we provide the following solutions:

• Hide your IP traffic: By changing the port through which we manage IP traffic, we “fool” more than 90% of the existing bots, minimizing the chances of suffering attacks from the Internet.
• Configure your telephone terminal to disable the IP calling feature . This feature allows the SIP phone to make and receive calls over IP address (without SIP account). Many telephone handsets have this option enabled by default. We must disable it.
• Configure the phone terminal to accept only trusted servers . This option forces the phone to accept requests only from the trusted server.

The instructions for making these settings depend on the make and model of the handsets. To find out how to make these settings on your handset, search Google for “ghost call solution +handset model”.

For Yealink users, I leave you the following LINK: .

Applying these simple instructions will prevent these attacks that generate our “ghost calls”, as well as prevent future attacks.

It is advisable to contact your operator to establish limitations on telephone consumption, and review your call list for the next few days. Because it is possible that the attacker has obtained our credentials and can generate telephone consumption to our balance, or even commit scams and crimes with our phone number.

GESDITEL customers already have limitations configured in the daily consumption and other specific per user that allow us to control and eliminate this uncertainty in the hypothetical case of a computer attack.

• Solution home

1. What is Ghost Call?

Ghost Call is a feature where you can schedule a call simulation on your phone to get out of an awkward situations or boring meetings.

2. Is this a premium feature?

Yes, Ghost call is a premium feature.

3. If someone uses my number to schedule a Ghost call will I be affected in any way?

No, since this doesn't trigger any real communication with the contact selected.

4. Do Ghost calls cost money or cellular data to place?

No,  since this doesn't trigger any real communication with the contact selected. 

5. Are Ghost calls saved in call log?

No. Ghost call just fakes an incoming call, there will be no trace of it in call logs or else where.

6. Do Ghost calls trigger caller id, call alerts, after call screens?

No.  Ghost call just fakes an incoming call, and doesn't show caller id, call alerts, call recording , after call screen like a real call.

7. When a ghost call is ringing or ongoing, can I continue to receive real calls on my phone?

Yes. Ghost call won't interfere with the receiving of regular calls or blocking of spam calls.

The only interference Ghost call has is that it puts the device in silent mode when a Ghost call is triggered or ongoing. This is a feature of the product, we don't want the user pretending to be on a call to be caught when the phone rings on getting a real call. After the Ghost call finishes we revert the ringer settings to what they were before.

8. Is this feature available for all versions of Android?

The feature is available on Android version 7 and above.

9. What happens when I schedule a call after 30 mins and lose premium before the Ghost call is triggered? The call will be triggered as we check for the premium status only while scheduling the Ghost call.

10. What are the debugging steps when the feature doesn't work?

a) Make sure "Draw over other apps" permission in granted to Truecaller. 

b) The App needs to be running in the background 

Related Articles

• Call Recorder - FAQ
• How Truecaller leverages social graphs to improve your Caller ID
• Backup & Restore
• Permissions required at the time of registering your number on Truecaller
• What is 'Who viewed my profile?'
• What is 'Who searched for me?
• What is Truecaller Gold?
• How to make Truecaller your default dialer
• How can I buy Premium?
• How does a contact request work?
• Unable to turn off the Truecaller notifications on my native device.
• How do I cancel my Premium subscription? (Android)
• Premium and free version, what's the difference?
• How do I edit or remove the tags on my number?
• How do I sort my contacts by "Last name - First name"?
• How can I buy Premium with a 'Gift card, Gift code, or Promotional code'?
• I can't install Truecaller / rebooting phone takes a long time
• How to add a 'Truecaller Contact' widget to the phone's Home Screen?
• Important (OTP) messages are not found in my inbox? (grant permission)
• How do I change Themes?
• How can South African users access the PAIA Manual?
• One Time Annual Purchase or Premium
• How can I move my Premium subscription?
• What is spam?
• Family plan FAQ
• Upgrade - FAQ
• Fraud Warnings

Phantom or Ghost VoIP Calls

What are ghost calls and what can you do to prevent them..

Ghost or Phantom Call- a phone call that when a person answers finds there is no one on the other end of the call. These calls contrast with silent calls where call centers place a call with no readily available agents.

most likely is that a test call is made to your number for reasons of building a contact database. However, some scans do take place to discover network weaknesses. These represent the ways to identify the type of ghost call.

Calls with a caller ID number, but no one there. Phantom call traffic.

Similarities that point to what is most likely taking place:.

• Circumstances: Local number as caller ID. The caller never leaves a voicemail. The caller ID number is spoofed so that caller ID details make it very hard to trace back to the originating carrier and caller. Calling the number may result in "The number has been disconnected." Or "You have reached a non-working number." Many of the phone numbers displayed as caller ID are selected because they are local to the number called. This increases the likelihood of that the call will be answered and verified. And on the list your number remains.
• Calls that do show up in your CDR records. Checking your Call Records does show a call with the caller's (possibly spoofed) number. In this case you can block that number; however the most likely result will be that the next test will be from a completely different number. Many legitimate outbound call centers call and disconnect if a live person does not pick up the phone. These legitimate companies usually abide by FCC rules.
• Calls that do not show up in CDR records. These types of calls are specific and are frequently the result of SIP scanners probing a phone system. (Note: See below.)

A call is received from a local caller ID. When answered The Call is Connected to a Call Center:

• Circumstances: A local number shows in Caller ID that when answered then goes to a call center. These types of calls frequently use spoofed numbers as a caller ID so there is no way to easily locate the caller. However, when answered the call will then be connected to a call center agent generally after a noticeable minor delay , who then attempts to sell you something. Some of these call centers offer legitimate products and some are scam operations. The company that generates the outbound calls may or may not be associated with any one particular call center. Some regularly generate millions of outbound calls for numerous call centers many of which are located in a foreign country. The FCC has made efforts to stop the most abusive companies and enacted new requirements for carriers to enact that should ultimately eliminate calls that circumvent FCC rules.

Phantom Rings or Ghost Calls that are most likely SIP Scans:

• Circumstances: Calls that do not show up in the Call Detail Records or call logs. Many times there are rings or calls that actually derive from SIP scanners. These SIP scans are probing networks, IP phones and VoIP ATAs for potential weaknesses. Many result as rings on phones that look as calls that originate from three or four digit extensions, like 100, 1000 or 1000 numbers. Or on an in-house PBX CDR often as "Received call xxxxxxxxxx from unknown host." The phone may ring constantly, many times at night when these scans occur more frequently. The display might even show "SIPVicious" which represents the name of the scanner. If answered there is no one at the other end.
• What to do if you experience rings from a SIP scan. First, ghost calls rarely come from a service provider rather they are usually the result of a scanner probing SIP ports, primarily 5060. Scans are made sending SIP invites to random IP addresses looking for a reply. For an in-house PBX you should always ensure "best security practices" which should include setting a default incoming call rule to block unknown calls. Many hosted VoIP and SIP trunk providers offer instructions, depending on the phone or endpoint, to configure settings that will prevent these occurrences. Settings regularly include disabling "Allow IP Call" and enabling "Accept SIP Trust Server Only." Some devices can be configured to restrict the source IP and to only allow specific IPs. The IPs that you then will accept calls from should comprise of the addresses given to you by your provider.

How to prevent SIPVicious ghost calls.

A "one-ring" phone scam that is different, but one you need to be aware of.

"one-ring" cell phone scam..

• There is a scam that has been on-going for several years now and periodically resurfaces that is distinct from than other types of "phantom" calls. Scammers, many from west Africa, use auto-dialers to call primarily cell phones in the USA with only one ring. They then hope that the person that received the "missed call" will instantly call back. The number is an international toll number and will appear as a charge on your phone bill. The scammers then receive a large portion from the cost of the call. The FCC has issued alerts on this scam going back to 2014 and regularly issue updated warnings when the activity escalates.

Neighbor Spoofing

The term Neighbor Spoofing refers to calls made showing a caller ID with the first six digits, namely the area code and local exchange of your locality. The tactic is built upon the reasoning that you might be more likely to answer the call believing it may be someone close by. These calls appear to look like they are coming from a local business or even a neighbor. Despite present laws preventing these strategies, government authorities caution that neighbor spoofing and robocall scams are currently on the rise.

Best Practices to prevent unwanted access to your PBX.

Network best practices include ensuring your phone system's security vulnerabilities are closed. Most breaches occur to easy targets. Those that are looking to gain access scan millions of IP addresses looking for the most vulnerable targets. Ten Tips for Better PBX Security .

Ghost Calls = You Should be Worried!

Are you getting random, or perhaps even persistent calls from a caller ID of 100, 1000, or some random number; but when you pick them up nobody is there? Calls which are  unexplained in nature are never a good thing. These specific type of calls are often a sign that someone has found your PBX and is probing it; which is the source of the ghost calls . This article will help you understand why you need to be concerned about them, and possible avenues for stopping them.

Many attackers in the world specifically look for phone systems to exploit. I set up an unprotected Cisco CME device one time, and left port 5060 exposed on a public IP, just to see how long it would take to get attacked. It took exactly 48 minutes for somebody to discover it and start attacking. It took them another 10 minutes to break the weak password I placed on an extension, and then another 2 minutes to figure out how to dial out. That’s right, in 60 minutes with my machine exposed, attackers had figured out how to make outbound calls through my equipment.

If an attacker figures out how to exploit your equipment they can cause a lot of damage. First, and most likely, they will try to make international calls, which you will be held liable for, and can cost you tons of money. Second, they can disrupt legitimate calls you are trying to make and/or receive on your system, thus hurting your ability to do business. Third, they can try to commit toll-fraud and let you get blamed for it. Finally, they have a vector from which to attack other devices on your network. There are other risks, but I hope these points have driven home why you should be concerned.

To mitigate your risk to these kinds of threats you need to do the following (at a minimum). First, use strong passwords on your extensions, as well as all accounts that allow you to login to the PBX. Second, you should lock your signaling port (typically 5060 for SIP), to only accept traffic from the IP addresses of your provider. Third, you should disable routes which allow international calling on your PBX if you don’t use them, or consider route passwords and/or authorized country code routing if you do need international calling. Fourth, try and limit all connections to your system to a LAN address, or authorized IP’s if possible. Finally, do not leave any ports which lead to system configuration access, open to the internet (if you need access to configure your PBX from anywhere and you cannot set-up a VPN on your firewall, buy a different firewall or at least get a VPN from a hosted provider (but seriously, buy a different firewall)).

Lastly, there are ways to “block” calls from scanners (a common tool used by attackers which generate ghost calls ) by modifying your dial-plan on your PBX. I will not point you to those articles because most people who do this neglect all of the mitigation I outline above. I equate this to hearing a tornado siren, and then putting in ear-plugs because the siren annoys you. If this is your provider’s first solution to “ghost calls” and they have not asked you a litany of questions, and are not willing to at least run a network scan for you, fire your provider. There may be a specific use-case for “blocking” ghost calls through dial-plan routing, but it should NEVER be the first solution.

Free SIP Trunk in 60 Seconds

Related Posts

Redefining Communication for Small Businesses: The Impact of VoIP Telephony on Efficiency and Cost-Savings   

Telephony has undergone a dramatic transformation over the last few decades. Around the turn of…

Say Goodbye to Expensive Phone Bills: Unlock the World of Cheap International Calls!

Introduction: The Power of SIP Trunking for International Calls Are you tired of the steep…

Streamline Your Business Communication with Cost-Effective SIP Trunk Solutions

Streamline Your Business Communication with Cost-Effective SIP Trunk Solutions In the ever-evolving world of business…