Reverse Phone Lookup: Complete Guide & Free Tools (2026)

Your phone buzzes. An unfamiliar number. Before you call back - or ignore it forever - run through this 7-step checklist. According to the Federal Trade Commission (FTC), Americans reported losing over a billion dollars to phone scams in recent years, and the vast majority of victims called back first. Most unknown callers can be identified for free in under 60 seconds if you follow the right sequence.

This is not a survey of every lookup service that exists. It is a concrete, ordered checklist you can execute right now, while holding that number in your hand. Free tools first. Paid tools only when the situation demands it. Legal guardrails included throughout.

Whether the call came from a mobile, a landline, or a Voice over IP (VoIP) line matters enormously - because carrier type determines which lookup method actually works. Start here.

The 7-Step Reverse Phone Lookup Checklist

Work through these steps in order. Stop as soon as you have a confident identification. Most lookups resolve at Step 2 or Step 3.

1. Step 1 - Identify the Number Type Before You Do Anything Else

   Carrier type is the single biggest factor in choosing your first tool. A method that reliably identifies landlines may return nothing useful for a VoIP number, and vice versa. Here is how to branch:

   • Mobile number (US): Numbers with modern three-digit area codes from major carriers (AT&T, T-Mobile, Verizon) respond well to community-sourced databases like Truecaller and to carrier spam-label APIs.
   • Landline: Traditional wireline numbers often appear in public directories and are the most reliably indexed by Google. Start with a plain Google search for landlines.
   • VoIP or internet-based number: These are the trickiest. Numbers provisioned through services like Google Voice, Twilio, or similar providers often have thin registration data. Free tools may return no owner information - which itself is a red flag (see Step 5).

   Check the number's likely type using a free carrier lookup tool, or run it through a reverse lookup site's free preview. Most display "Mobile," "Landline," or "VoIP" as the first result field before any subscription is required.

   According to CTIA – The Wireless Association - the industry body whose carrier data feeds many reverse lookup databases - the distinction between mobile and VoIP traffic has grown more important for fraud detection as scammers migrate away from traceable landlines.

2. Step 2 - Run the Three Free Sources (In This Order)

   Before you open your wallet, apply the "three free sources before you pay" rule. In practice, these three methods - used in sequence - catch the majority of unknown callers at zero cost.

   Free Source A: Google Reverse Search

   Type the full phone number in quotation marks into Google: "555-867-5309". Also try without dashes. This surfaces business listings, forum complaints, scam reporting sites, and any page where the number appears publicly. Landlines from businesses and individuals who have listed their numbers publicly are the most likely to resolve here. If Google returns nothing in the top five results, move on - do not spend more than 90 seconds here.

   Free Source B: Truecaller Community Database

   The Truecaller community spam database is one of the most valuable free tools available in 2026. It is built on crowdsourced caller ID data from hundreds of millions of users worldwide who have voluntarily shared their contact lists and spam reports. If a number has been flagged as spam or identified by name by any Truecaller user, that data is aggregated and searchable.

   Truecaller is particularly effective for mobile numbers. Enter the number on the Truecaller website or app and review both the name result and any spam score assigned by the community.

   Free Source C: Carrier Spam-Label APIs and Built-In Phone Features

   Most modern smartphones now surface real-time spam scoring powered by carrier partnerships. On iOS, look for "Spam Risk" or "Scam Likely" labels. On Android, Google Phone's Call Screen feature uses similar data. These labels are generated by carrier spam-label APIs - data pipelines that aggregate reported numbers across millions of call events. This data may already be visible on your screen before you open a single lookup tool - worth a glance before proceeding.

   Together, these three free sources - Google, Truecaller, and carrier spam labels - cover a substantial proportion of unknown callers. If all three return nothing, proceed to Step 3.

3. Step 3 - Check the FTC Do Not Call Registry and Scam Reporting Database

   The Federal Trade Commission (FTC) operates the National Do Not Call Registry and maintains a searchable database of reported scam numbers at ReportFraud.ftc.gov. If a number has been widely reported for telemarketing violations or fraud, it often appears in aggregated scam-reporting databases that pull from FTC complaint data.

   This step takes less than 30 seconds. Search the number on any of the major scam-reporting aggregators - 800notes, WhoCallsMe, or similar sites - which compile FTC complaint data alongside user reports. A cluster of recent negative reports is a strong signal to avoid calling back entirely.

   If you have been the target of an unwanted call, you can also file a complaint directly with the FTC. This contributes to the aggregate data that protects other consumers.

4. Step 4 - Read the Red Flags in the Lookup Result Itself

   Even when a lookup returns limited owner information, the metadata in the result can tell you a great deal. Train yourself to read these signals before deciding whether to call back:

   • Recently ported number: A number that was recently transferred from one carrier to another is a common characteristic of scam operations. Fraudsters port numbers quickly to evade blacklists. Most paid reverse lookup previews and some free tools display the port date. A port within the last 30 to 90 days on an unfamiliar number warrants caution.
   • Disconnected or reassigned status: If a lookup returns "disconnected" or flags a number as recently reassigned to a new subscriber, you may be dealing with a recycled number. Recycled numbers can generate mistaken calls, but they can also be exploited to impersonate a previously legitimate contact. The FTC has issued guidance on the risks of reassigned numbers.
   • VoIP masking: If Step 1 identified the number as VoIP and none of the free sources returned owner data, this combination is itself a meaningful signal. Legitimate businesses and individuals occasionally use VoIP services, but the combination of VoIP origin plus zero community identification plus a recent call you did not expect is a strong scam indicator. The Federal Communications Commission (FCC)'s STIR/SHAKEN call authentication framework was specifically designed to address this problem - but its protections are imperfect (see FAQ).
   • Attestation level in STIR/SHAKEN: Calls labeled with "A" attestation (full) have been verified by the originating carrier. "B" or "C" attestation - or no attestation at all - means the call could not be fully authenticated. Apps like Hiya or First Orion surface this attestation level and flag unauthenticated calls for users.

5. Step 5 - Decide Whether the Free Tier Is Enough

   By this point, you have either identified the caller or you have not. If you have a name, a business listing, or a clear spam flag, you are done. If you have nothing - or partial information that raises more questions than it answers - you face a decision: is the situation serious enough to justify a paid lookup?

   The free tier is almost always sufficient for:

   • Deciding whether to call back an unknown missed call
   • Confirming whether a number is flagged as spam before answering
   • Satisfying basic curiosity about a number from a legitimate business

   A paid reverse lookup service may be worth the cost when:

   • You are receiving repeated harassing or threatening calls and need documentation
   • You believe you have been targeted by a scam and need the full picture to report it
   • You are a business owner verifying a customer or vendor contact (within legal limits - see Step 7)
   • A family member has received communications from an unknown number and safety is a concern

6. Step 6 - What a Paid Lookup Actually Buys You

   When free tools come up empty, a paid reverse lookup service digs into a deeper layer of aggregated public records. The specific data fields that often justify the cost in harassment or scam cases include:

   • Address history: A chronological record of addresses associated with the subscriber or registrant, which can help confirm identity or trace a location pattern.
   • Relatives and associated names: Other individuals linked to the same address or shared household records, which can help establish identity when a direct name match is unavailable.
   • Court records: Public civil and criminal court filings associated with an individual, which can reveal prior fraud convictions, restraining orders, or civil judgments - highly relevant in harassment cases.
   • Social media profiles: Aggregated public social media accounts associated with the name and contact details, useful for confirming identity.
   • Email addresses: Other contact information tied to the same identity, which may help in filing a complaint or escalating to law enforcement.

   Services like BeenVerified, Intelius, Spokeo, and similar platforms provide this level of detail for a subscription fee. Most offer a free preview that confirms whether a record exists before you pay - which is a useful checkpoint before committing to a purchase.

7. Step 7 - Apply the Legal Guardrails Before You Use What You Find

   This step is not optional, and it is especially critical for business owners, landlords, and parents. The Fair Credit Reporting Act (FCRA) governs when background-level data - including the type of information returned by paid reverse lookup services - can legally be used.

   The FCRA establishes "permissible purpose" rules. These rules specify the narrow set of circumstances in which a consumer report (or data that functions like one) can legally be pulled and used. Consumer-facing reverse lookup sites explicitly prohibit their use for:

   • Employment screening or hiring decisions
   • Tenant or rental applicant screening
   • Credit determinations
   • Any other purpose defined as a consumer report under the FCRA

   Using a consumer reverse lookup site for employment or tenant screening is a violation of the FCRA, regardless of whether the information you found is accurate. If you are a business owner or landlord who needs to screen applicants, you must use an FCRA-compliant background check provider - such as Checkr or similar services - that operates within the legal framework and provides the required disclosures and consent processes.

   For parents concerned about a number contacting a minor, personal use for safety purposes falls outside the employment/tenant prohibition, but you should still use results for awareness and reporting - not as a basis for legal action without proper channels.

   The FTC provides clear guidance on FCRA permissible purposes on its website. If you are uncertain whether your intended use is permissible, consult legal counsel before acting on the data.

Next Steps After Your Lookup

Depending on what your checklist run revealed, here is what to do next:

Quick Reference: Which Tool for Which Number Type

Understanding STIR/SHAKEN: What It Means for Your Lookup

The Federal Communications Commission (FCC) mandated the STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) call authentication framework across major US carriers. This standard assigns a digital signature to calls at the point of origination. That signature travels with the call, allowing downstream carriers and consumer devices to assess whether the caller ID has been spoofed.

According to the FCC, STIR/SHAKEN is intended to give consumers more confidence that a call is coming from the number displayed - but it is not a complete solution. Attestation levels matter:

• Full (A) Attestation: The originating carrier has verified both the subscriber identity and that they are authorized to use the calling number. This is the strongest signal of legitimacy.
• Partial (B) Attestation: The carrier verified the subscriber's identity but could not fully confirm authorization for the specific number.
• Gateway (C) Attestation: The call entered the US network at a gateway with no full verification. Common with international calls. Treat with caution.
• No Attestation: The call could not be authenticated at any level. This is the highest-risk category and the most common profile for spoofed scam calls.

Apps like Hiya and First Orion surface this attestation data in real time. (Source: FCC STIR/SHAKEN implementation documentation.) Combined with a Truecaller community check, STIR/SHAKEN attestation level gives you a meaningful two-factor signal on any suspicious incoming call.

The FCRA at a Glance: What You Can and Cannot Do

The Fair Credit Reporting Act (FCRA) is federal law. It is not a technicality buried in terms of service - it carries real civil and criminal penalties for violations. Here is a plain-language summary of what it means for reverse phone lookup users:

• Personal safety and curiosity: Generally permissible. Running a lookup on a number that called you, for your own awareness, is not a regulated use under the FCRA.
• Verifying a business contact: Generally permissible for routine business due diligence, with caveats depending on context.
• Employment screening: Not permissible using consumer reverse lookup sites. Requires an FCRA-compliant Consumer Reporting Agency (CRA) and candidate consent.
• Tenant screening: Not permissible using consumer reverse lookup sites. Same FCRA requirements apply.
• Credit determinations: Not permissible using reverse lookup data. Requires a full credit report from an FCRA-compliant bureau.

Consumer reverse lookup sites explicitly prohibit employment and tenant screening in their terms of service - because violating those terms can expose both the site and the user to FCRA liability. If you need to screen a job applicant or prospective tenant, use a service specifically built for FCRA-compliant screening. (Source: Federal Trade Commission guidance on FCRA permissible purposes.)

Frequently Asked Questions

Browse All Pages