Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/17/2015
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Pindrop Security Reveals Financial and Retail Institution Call Centers See 30 Percent Rise in Phone Fraud

Consumers receiving more than 86.2 million phone scam calls per month in U.S.

ATLANTA – June 17, 2015 – Pindrop Security, the leading provider of call center anti-fraud and authentication solutions for enterprise call centers, today announced the findings of its annual Phone Fraud Report. For the report, Pindrop analyzed several million calls for threats using the company’s patented Phoneprinting™ technology and Phoneypot™ monitoring technology. The research found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers.

Phone fraud continues to threaten enterprises across industries and borders, with large financial institutions’ call centers exposed to an average of more than $9 million in potential fraud each year. Financial and retail institutions have seen an increase in phone fraud of more than 30 percent since 2013, with one in every 2,200 calls being fraudulent. This rate increases for retailers that sell popular, expensive products with a high resell rate. The report also indicates that credit card issuers receive the highest rate of fraud attempts, with one in every 900 calls being fraudulent.

“These attackers are sophisticated, using a variety of tactics, including automation, working in criminal rings and using both the phone and cyber channel to make tracking their actions more difficult,” said Matt Garland, vice president of research and head of Pindrop Security’s newly formed Pindrop Labs team, which analyzed the data behind the report. “As major data breaches such as Anthem and Target have occurred, attackers have found the phone channel to be the vulnerable underbelly for corporations and consumers, allowing them to monetize the breaches through social engineering and account takeovers.”

As part of their ongoing monitoring of phone threats, Pindrop Labs tracks common scams targeting consumers, such as the IRS or Technical Support scams. These attacks have successfully defrauded millions, particularly consumers in vulnerable populations, such as the elderly, immigrants and young college students. Robocalling services, which provide a cheap method to make thousands of calls per day, have increased in frequency to one in every six phone numbers calling the average consumer, with 2.5 percent of U.S. phones (8.1 million in total) receiving at least one robocall per week.

Key report findings include:

·         On average, large financial institutions exposed more than $9m in funds to attackers last year. Exposure measures the value of accounts in which an attacker was able to authenticate to the account.

·         Banks experience a fraud call rate of one in every 2,650 calls. Brokerages report slightly less, with only one in 3,000 calls being fraud.

·         More than 86.2 million calls per month in the U.S. are phone scams, and 36 million of those calls can be traced to one of the 25 most common phone scams.

·         Attackers use VoIP lines for 53 percent of their calls, compared to 7.8 percent of the general public using VoIP as a means for phone communication.

Pindrop Labs is focused on threats and vulnerabilities in the audio and telecommunications realms. This area is traditionally neglected from a security perspective, but is increasingly favored by attackers for reconnaissance, exploitation, account takeover and other attacks. Pindrop Labs' research falls into two main areas: phone fraud prevention and securing the increasingly ubiquitous voice interface. Phone fraud prevention includes security for call centers, telecommunications infrastructure and phone-reliant systems, organizations and consumers. Securing voice interfaces includes providing authentication, threat detection and fraud prevention for voice-enabled infrastructure.

 

Additional Resources:

 

###

 

About Pindrop Security:

Pindrop Security, headquartered in Atlanta, Ga., is a privately-held company that provides enterprise solutions to secure phone and voice communications. Pindrop solutions reduce fraud losses and authentication expense for some of the largest banks, brokerages and retailers in the world. Pindrop’s patented Phoneprinting technology can identify, locate and authenticate phone devices uniquely just from the call audio thereby detecting fraudulent calls as well as verifying legitimate callers. Named SC Magazine 2013 Rookie Security Company of the Year, a Gartner “Cool Vendor” in Enterprise Unified Communications and Network Services for 2012 and one of the 10 Most Innovative Companies at the 2012 RSA conference, Pindrop Security’s solutions restore enterprises’ confidence in the security of phone-based transactions.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting