Many people believe orange boxing is still used to spoof Caller ID. We have not heard of anyone using this method since 2003 or 2004, before VoIP became popular and easily accessible. The same thing is true about op-diverting to Telus and social engineering an operating into setting your CPN for you. Traditionally, in 2007, Caller ID spoofing is either done with a PRI line and a PBX or with Asterisk, the open source software PBX, and a SIP or an IAX2 compatible VoIP provider, such as VoIPJet. There are many other providers offering the ability to use Asterisk's "Set(CALLERID())" function to spoof your Caller ID on outgoing calls. The "Set(CALLERID())" function is the simplest way that Caller ID spoofing can be acheived from Asterisk, however most people choose to write custom PERL or PHP scripts for more advanced features. Here's an example PERL script for basic Caller ID spoofing with Asterisk from Rootsecure.net. The script should work with Asterisk v1.2 and possibly Asterisk v1.4, but we haven't tested it on v1.4 ourselves.
Spoofing with Asterisk is easy because it gives you a large amount of flexibilty with your calls and a direct connection with a VoIP provider/reseller who's typically connected to a Tier 1 provider's softswitch.
More information on Asterisk and VoIP can be found at the VoIP-Info.org Wiki.