Spoofing an originating phone number isn't actually very difficult any longer. I won't go into the details, but there are third parties that provide leasable access to telephony systems for the purpose of running software applications that perform automated call handling. This aspect of their services is completely legitimate. But their programming interfaces often allow you to assign an originating phone number. And some of these parties don't bother to validate whether you actually own the number that you assign. This is how at least one of the Swatting incidents that I'm aware of was performed.