Pindrop Security today warned financial institutions and their customers about a telephone scam they've dubbed the "misdial trap."
Fraudsters buy phone numbers similar to legitimate businesses, and pose as that business's customer service line when customers misdial -- not unlike how some fraudsters buy domain names similar to legitimate online businesses and create sites that mimic them, according to Pindrop.
The numbers fraudsters typically choose will have the same first six digits as the legitimate business, with only the final digit changed, or they will have the same seven-digit number but a different area code -- a toll-free number area code, for example.
When they hook a customer, they pretend they are customer service for the company in question and request sensitive data from customers -- sometimes offering a free gift card in exchange.
Some 103 of the 600 financial institutions examined by Pindrop Security were affected by the misdial trap.
"Phone fraud costs banks and financial institutions nearly $2 billion every year and fraudsters continue to develop new attacks to steal from consumers and financial institutions," said Vijay Balasubramaniyan, co-founder and CEO of Pindrop Security. "The misdial trap scam is just the most recent example of how sophisticated fraud rings are exploiting inherent vulnerabilities in the phone channel to collect consumer information and defraud financial institutions."Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio