Endpoint

4/26/2017
08:00 AM
50%
50%

Call Center Fraud Spiked 113% in 2016

Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location, according to a report released today by Pindrop Labs.

Call center fraud is rising at an astronomical rate, as technical weakness becomes one of the three key contributors to its rapid rise, according to the 2017 Call Center Fraud Report released today by Pindrop Labs. 

Based on a review of more than 500 million calls last year, Pindrop found fraud rates soared 113% over the previous year. That has resulted in a fraud rate of 1 in 937 calls in 2016, compared to 1 in 2,000 calls in the previous year. And this problem has morphed from being a responsibility of the call center operations to one of IT security.

"When we first started the company [Pindrop]..., it was a call center operations headache. As the attacks have increased, losses continue to increase, and the phone is being used as part of a multichannel attack, the CISO is becoming more and more involved," says David Dewey, director of Pindrop Labs.

One of the catalysts for this growth comes from attackers' enhanced skill in social engineering to coax information, or inadvertent nefarious action, out of call center employees, as well as the discovery of new spoofing and voice distortion technologies to give criminals more options when using the phone, according to the report.

Additionally, as digital methods for pilfering information becomes harder to crack, fraudsters are moving onto the path of least resistance rather than get smarter in figuring out workarounds for these digital challenges, Dewey says.

"Reaching a call center and speaking with an agent provides the fraudster with an upper hand. A call center agent’s job is to provide quality customer service and not stop fraud," he added.

The report identifies three key areas where call centers are particularly weak, one of which is technical.

"Caller ID Spoofing coincided with the advent and popularity of VoIP in the mid-2000s. We are seeing more and more fraudsters discover how easy this is to do and we expect this to continue to grow. Heck, there's even an Android app out there that will spoof calls for you," Dewey says.

With the advent of VoIP, users have access to the caller ID field and can set it to whatever they want, Dewey noted. This allows fraudsters, some with minimal technical skills, to be able to spoof their calls. In the case of Skype or Google Voice, the same Caller ID is applied to tens or hundreds of thousands of subscribers with the recipient having no idea who they are speaking too, Dewey explained.

When it comes to fraudsters who are developing software to reset pins, access accounts, etc., most interactive voice recognition (IVR) systems are available to the public and most go unprotected and unmonitored.

Going forward, Dewey noted new techniques and technologies are being tested by attackers.

"We are starting to see attacks where fraudsters are calling victims to record their voices and then using those recorded voices to pass as the real person," he said. "On top of that, we are seeing technology that allows fraudsters to generate speech based on a minimal recording and use that to make statements that the person never originally said. Getting the audio of the victims is no longer a problem because so much exists on all of us in our social channels like Facebook Live, on Youtube, etc."

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
joye121
50%
50%
joye121,
User Rank: Apprentice
5/17/2017 | 2:34:25 AM
thanks
good information :)
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVE-2018-17432
PUBLISHED: 2018-09-24
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVE-2018-17433
PUBLISHED: 2018-09-24
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.