Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/26/2017
08:00 AM
50%
50%

Call Center Fraud Spiked 113% in 2016

Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location, according to a report released today by Pindrop Labs.

Call center fraud is rising at an astronomical rate, as technical weakness becomes one of the three key contributors to its rapid rise, according to the 2017 Call Center Fraud Report released today by Pindrop Labs. 

Based on a review of more than 500 million calls last year, Pindrop found fraud rates soared 113% over the previous year. That has resulted in a fraud rate of 1 in 937 calls in 2016, compared to 1 in 2,000 calls in the previous year. And this problem has morphed from being a responsibility of the call center operations to one of IT security.

"When we first started the company [Pindrop]..., it was a call center operations headache. As the attacks have increased, losses continue to increase, and the phone is being used as part of a multichannel attack, the CISO is becoming more and more involved," says David Dewey, director of Pindrop Labs.

One of the catalysts for this growth comes from attackers' enhanced skill in social engineering to coax information, or inadvertent nefarious action, out of call center employees, as well as the discovery of new spoofing and voice distortion technologies to give criminals more options when using the phone, according to the report.

Additionally, as digital methods for pilfering information becomes harder to crack, fraudsters are moving onto the path of least resistance rather than get smarter in figuring out workarounds for these digital challenges, Dewey says.

"Reaching a call center and speaking with an agent provides the fraudster with an upper hand. A call center agent’s job is to provide quality customer service and not stop fraud," he added.

The report identifies three key areas where call centers are particularly weak, one of which is technical.

"Caller ID Spoofing coincided with the advent and popularity of VoIP in the mid-2000s. We are seeing more and more fraudsters discover how easy this is to do and we expect this to continue to grow. Heck, there's even an Android app out there that will spoof calls for you," Dewey says.

With the advent of VoIP, users have access to the caller ID field and can set it to whatever they want, Dewey noted. This allows fraudsters, some with minimal technical skills, to be able to spoof their calls. In the case of Skype or Google Voice, the same Caller ID is applied to tens or hundreds of thousands of subscribers with the recipient having no idea who they are speaking too, Dewey explained.

When it comes to fraudsters who are developing software to reset pins, access accounts, etc., most interactive voice recognition (IVR) systems are available to the public and most go unprotected and unmonitored.

Going forward, Dewey noted new techniques and technologies are being tested by attackers.

"We are starting to see attacks where fraudsters are calling victims to record their voices and then using those recorded voices to pass as the real person," he said. "On top of that, we are seeing technology that allows fraudsters to generate speech based on a minimal recording and use that to make statements that the person never originally said. Getting the audio of the victims is no longer a problem because so much exists on all of us in our social channels like Facebook Live, on Youtube, etc."

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
joye121
50%
50%
joye121,
User Rank: Apprentice
5/17/2017 | 2:34:25 AM
thanks
good information :)
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17789
PUBLISHED: 2019-09-20
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2019-11280
PUBLISHED: 2019-09-20
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain ...
CVE-2019-11326
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same pro...
CVE-2019-11327
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
CVE-2019-14814
PUBLISHED: 2019-09-20
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.