Yesterday I received a phone call on my smart phone that said it was coming from me.

So I answered the call and it turns out that it's from a legit business. After I explained to the caller what happened she said it occurred all the time with her calls and that she doesn't know why. I told her that her system must have been hacked and that she should get someone to look into it.

As someone who has worked in the telco space in the past and knows a thing or two about telecommunications, this is the first time I have seen this and can think of many ways of how spoofing the caller id could cause a serious incident. If the telcos and phone companies cannot prevent this exploit from occurring then it should be banned outright.

If anyone knows how spoofing the caller id works and what equipment is required I would appreciate some insight.

That's insane! I can't give a definite answer but thinking aloud, I suspect they have a software-based phone switch (Asterisk, 3CX, FreeSwitch etc.) that's wrongly configured to present the called number as its CLIP, and the SIP gateway service they use doesn't check for valid CLIP in the SIP headers. I doubt that it's the result of a hack but yes, they need someone competent to give it a once-over.

I can't speak for anywhere else but crazily in the UK CLIP is done on an honour and best-effort basis - the network is only obliged to request that the subscriber sends correct information, they don't have to enforce it.

Cattletruck - Welcome to the world of Caller ID spoofing .. :)

Caller ID spoofing - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Caller_ID_spoofing)

Caller ID spoofing is often used by sales companies to get around situations where calls from callers who withhold their identities are blocked by the recipient's 'phone. Also to disguise the caller's real identity of course.
Very underhand!

I've had three of these "own number" calls over the last couple of weeks.
On pickup it plays music for a few seconds then an Indian voice says" am I speaking to Mr .......!!!!" I can't repeat my reply!

in the UK CLIP is done on an honour and best-effort basis

I would guess that is the case for most other places, all that is required is a poor implemention or unscrupulous person to abuse the CLIP part of an exchange system. Downstream exchanges have little choice but to assume the calling number is correct - must make a mess of the telco's billing systems.

I got a feeling we are at the thin edge of the wedge with this sort of hack and will probably see more of it.