Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/17/2015
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Pindrop Security Reveals Financial and Retail Institution Call Centers See 30 Percent Rise in Phone Fraud

Consumers receiving more than 86.2 million phone scam calls per month in U.S.

ATLANTA – June 17, 2015 – Pindrop Security, the leading provider of call center anti-fraud and authentication solutions for enterprise call centers, today announced the findings of its annual Phone Fraud Report. For the report, Pindrop analyzed several million calls for threats using the company’s patented Phoneprinting™ technology and Phoneypot™ monitoring technology. The research found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers.

Phone fraud continues to threaten enterprises across industries and borders, with large financial institutions’ call centers exposed to an average of more than $9 million in potential fraud each year. Financial and retail institutions have seen an increase in phone fraud of more than 30 percent since 2013, with one in every 2,200 calls being fraudulent. This rate increases for retailers that sell popular, expensive products with a high resell rate. The report also indicates that credit card issuers receive the highest rate of fraud attempts, with one in every 900 calls being fraudulent.

“These attackers are sophisticated, using a variety of tactics, including automation, working in criminal rings and using both the phone and cyber channel to make tracking their actions more difficult,” said Matt Garland, vice president of research and head of Pindrop Security’s newly formed Pindrop Labs team, which analyzed the data behind the report. “As major data breaches such as Anthem and Target have occurred, attackers have found the phone channel to be the vulnerable underbelly for corporations and consumers, allowing them to monetize the breaches through social engineering and account takeovers.”

As part of their ongoing monitoring of phone threats, Pindrop Labs tracks common scams targeting consumers, such as the IRS or Technical Support scams. These attacks have successfully defrauded millions, particularly consumers in vulnerable populations, such as the elderly, immigrants and young college students. Robocalling services, which provide a cheap method to make thousands of calls per day, have increased in frequency to one in every six phone numbers calling the average consumer, with 2.5 percent of U.S. phones (8.1 million in total) receiving at least one robocall per week.

Key report findings include:

·         On average, large financial institutions exposed more than $9m in funds to attackers last year. Exposure measures the value of accounts in which an attacker was able to authenticate to the account.

·         Banks experience a fraud call rate of one in every 2,650 calls. Brokerages report slightly less, with only one in 3,000 calls being fraud.

·         More than 86.2 million calls per month in the U.S. are phone scams, and 36 million of those calls can be traced to one of the 25 most common phone scams.

·         Attackers use VoIP lines for 53 percent of their calls, compared to 7.8 percent of the general public using VoIP as a means for phone communication.

Pindrop Labs is focused on threats and vulnerabilities in the audio and telecommunications realms. This area is traditionally neglected from a security perspective, but is increasingly favored by attackers for reconnaissance, exploitation, account takeover and other attacks. Pindrop Labs' research falls into two main areas: phone fraud prevention and securing the increasingly ubiquitous voice interface. Phone fraud prevention includes security for call centers, telecommunications infrastructure and phone-reliant systems, organizations and consumers. Securing voice interfaces includes providing authentication, threat detection and fraud prevention for voice-enabled infrastructure.

 

Additional Resources:

 

###

 

About Pindrop Security:

Pindrop Security, headquartered in Atlanta, Ga., is a privately-held company that provides enterprise solutions to secure phone and voice communications. Pindrop solutions reduce fraud losses and authentication expense for some of the largest banks, brokerages and retailers in the world. Pindrop’s patented Phoneprinting technology can identify, locate and authenticate phone devices uniquely just from the call audio thereby detecting fraudulent calls as well as verifying legitimate callers. Named SC Magazine 2013 Rookie Security Company of the Year, a Gartner “Cool Vendor” in Enterprise Unified Communications and Network Services for 2012 and one of the 10 Most Innovative Companies at the 2012 RSA conference, Pindrop Security’s solutions restore enterprises’ confidence in the security of phone-based transactions.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.