Phone-based fraud increased by 30% over the past year among financial and retail firms, exposing the average call center to $9m in fraud, according to a new report from industry specialist Pindrop Security.
The vendor collected phone scam complaint data from online sites, as well as running its own large scale ‘telephony honeypot’, using fingerprinting technology to analyze the audio content of calls in order to compile its annual State of Phone Fraud report.
It found an alarming increase in phone fraud, to the point where one in every 2,200 calls in 2014-15 was a scam – with rates roughly the same in all major economically developed countries, irrespective of their security and privacy laws.
Unsurprisingly, two-thirds (64%) of such calls originate in a different country from the victim, with spoofing technology helping to hide the true number of the caller.
Cheap or free VoIP services continue to be the preferred calling method for scammers, with financial institutions, retailers and consumers all key targets, the report claimed.
Card issuers are hit particularly hard, experiencing fraud at nearly three times the rate of regular financial institutions – one fraud call for every 900.
Phone scammers typically like to work across sectors in multi-stage attacks.
This could involve calling a consumer to phish them for bank account details and/or card numbers; then using those details to call their financial institution to pass identity checks and thus effect a complete account takeover.
These details can then be used to fraudulently buy goods over the phone with a retailer.
Financial data could also come from darknet sites, where they have been uploaded by hackers following a mass data breach of a retailer, the report claimed.
The average financial institution risks exposing $7-15m in phone fraud, the report said.
So-called ‘robodialers’ are making the fraudsters’ job easier too – often used to voice-spam consumers with free money and prize draw offers, or else threaten them with messages claiming they owe tax.
A staggering one in six calls to the average consumer is automated, the report found.
What’s more, there could be worse to come for US consumers, the report explained:
“Over the next year, as the US moves to chip-and-signature card protocols, card-present fraud will become more difficult. As such, Pindrop expects attackers to shift more attention to the phone channel, which is traditionally the least protected of the card-not-present (CNP) channels. Call centers should begin preparing now for the increasing rate of attacks."