Actually, since digital switching began in the 60's and 70's, there have been three fields transmitted with every call (well, a lot more, but these are relevant)
BTN = Bill To Number -- this is the number that the call is billed to. This is actually validated by the connecting carrier, and still is today. In most cases it will be the circuit number, SPID, or an account number for really large customers.
CPN = Calling Party Number -- this is the number that the call is presenting itself as -- the Caller ID if you will. A long time ago, this was always validated by the phone company against the customer's record of DIDs. In the early 90's the LECs started charging companies to open up this field so that they could hide call center numbers, etc. and to make their phone number their brand. In the late 90's some LECs started offering this as a standard feature as a differentiation against other CLECs.
RTN = Route To Number -- this is the number the call is destine to.
This biggest problem is that we started getting a lot of smaller CLECs that didn't understand the technology well enough and started giving everybody closer access to the PSTN (for example, by not watching the CPN they were sending). The problem was exacerbated when VoIP became a thing and CLECs started allowing anybody access to the PSTN with no restrictions and no regard to their physical location.
These scams are hard to track down. I'd venture to say that 80% of them are running on stolen credit cards, on AWS (or other cloud provider) EC2 instances, connected to some VoIP provider that is billing another stolen credit card. They connect their SIP phones from anywhere to the PBX in the cloud and they start. Labor is cheap in other places in the world and with everything being in the cloud they can be pretty much anywhere. If they get shut down, they just use another stolen credit card and launch another EC2 instance and they are back in business a few minutes later.