* The victim's phone number
* Your real phone number
* The fake one you want to appear to be coming from
Then you click Submit and it puts you through. That's it. Any idiot could do it.
The tech and telecommunications industries are WAY overdue to do at least one of the following:
1. Stop considering Caller ID a secure authentication method
2. Make Caller ID a secure authentication method
Sadly, it's as bad as the banking industry. Still today, they base a lot of their security on IP addresses. Sad really.