Given that we all need to be more security-savvy and learn the behaviors of good cyber hygiene, I try to stay on alert when it comes to email messages and phone calls.\u00a0One client told me I have been in the industry too long because I wouldn't open a link he shared until I confirmed he actually intended to send it.So, I know about email spoofing \u2014 that it is used for phishing campaigns \u2014 but I didn't realize spoofing also happens on cell phones.Maybe you, too, have answered the phone to hear a brief moment of pause before a woman explains she was just adjusting her headset. I've received it, a few times even. I've just hung up on her.In the past few weeks, though, I've gotten a collection of random calls and texts from people who say, "I just missed a call from this number." In fact, I've received three such calls today \u2014 all before noon \u2014 while I was on the phone with Sprint trying to report the issue.Mysteriously, the calls that remain in my call log all come from a number that has the same area code and first three numbers of my cell phone number, but the last four digits are all different each time.How to stop phone spoofingWhen I called Sprint, I was concerned that my account had been hacked, but they, "didn't see any suspicious activity," according to Elena in customer service.As I sat on hold, being transferred to three different people, I started Googling the issue. There have been chats on reddit, and AT&T reminds its customers to read their privacy guidelines.\u00a0I asked if the security practitioners were aware of this issue, but Elena told me she's only had calls from people reporting telemarketing concerns. Naturally, I asked what steps they take to communicate customer concerns about potential security breaches, and she said, "If you call again with this same matter, the next person will be able to see her notes in my account."But the concern that I'm reporting isn't ever shared among the customer service representatives. And while I was the first person to make Elena aware of these spoofing calls, she has no idea whether anyone else has reported it to other representatives.Then I was transferred to Sara, a manager, who said she was "unable to report this to the corporate security team because there is a process for security and incident reports."Oddly, Sara said, "The only time you can reach out to corporate security is if there has been a physical injury, as in an accident or assault, or something of that nature."Sprint's media relations department responds to spoofingThat rule apparently applies only to customer service representatives because I did reach out to Sprint's media relations department and received a swift response.A Sprint representative wrote:This appears to be spoofing and not a Sprint-specific issue. As the activity is prohibited by the FCC, they provide helpful\u00a0information\u00a0on their website which may be of interest to your readers, including how individuals can protect themselves and how to report suspicious calls.Additionally, Sprint provides a service called Premium Caller ID. In November 2016, we announced an enhancement to that service so that customers can protect themselves from unwanted robocalls and caller ID spoofers.\u00a0Here is a\u00a0blog\u00a0post outlining the details.The blog post does indeed discuss solutions to spoofing, one of which is that you can \u00a0"elect to block the number in order to prevent future calls, and may also choose to report the call, which is used to help refine data via crowd-sourcing."The latter part of this advice was never conveyed in my first three conversations with anyone (including supervisors) in the customer service department. The very word spoofing was never even uttered.\u00a0Yet, the blog goes on to claim,\u201cAt Sprint, we strive to provide top-notch customer service, and today, we\u2019re able to protect our customers from unwanted robocalls,\u201d said Mark Yarkosky, Sprint\u2019s director of product management. \u201cCequint has effectively created an important and needed solution to better providing mobile customers with better privacy and security.\u201dSo, my question remains: Is spoofing a security risk, or is it just annoying?