It’s not that it’s easy to spoof. It’s that your phone number is self-reported. There’s literally no technological way the phone system is built to verify a caller actually has the number they say they have.
We really ought to just drop legacy support and go with a verified subscriber system where your phone company transmits callerID based on your subscriber identity.
