Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

#BHUSA: How to Use Linguistic Forensics to Detect Phone Scammers

There is a non-technological solution to defending against phone scammers, said Dr Judith Tabron at Black Hat USA 2016, and it’s at the human level…

Linguistic forensics can be used to secure the human, “the weakest link” in security, said Dr Judith Tabron of Hobstra University.

While there are technologies on the market that profess to defend against phone fraud - including Pindrop Security, Uptivity, TrustID, HP Autonomy and Verint - Tabron has been researching a cheaper solution that has no privacy issues, a problem that she claims many technical solutions have.

Forensic linguistics is used to study language evidence to perform threat analysis, author attribution, legal language disputes and conviction exoneration. It can also be used to detect a phone scam, according to Tabron. “We can teach people to recognize when they are being hacked by identifying features of social engineering scam calls.”

The specific linguistic features that are suggestive of a phone scam are as follows:

  1. Unnatural pauses in conversation where the scammer waits for their target to fill the silences
  2. Interruptions that aren’t friendly latches
  3. Polar tag questions: Ending every sentence with a question, with the implication that “yes” is the only answer
  4. Topic control
  5. Question deferrals: Refusing to answer questions and instead deferring to the scammers own unrelated questions
  6. Violations of narrative structure: The scammer won’t create a story, instead they’ll try to pull you into a sense of current emergency, and it will be apparent that the structure of the conversation isn’t really correct

“It’s really hard to disguise the way you use language, and even when you try, it’s rarely successful as it’s very difficult to give up language preconceptions,” explained Tabron, “that’s why linguistic forensics work.”

Tabron admitted that violations of narrative structure can be tough to recognize in the moment, and focussed on detection of polar tag questions and question deferral as the best ways to detect a phone scam.

“You can’t expect people to constantly be suspicious,” said Tabron. “But you can tell them what to look for. Once a target has detected the use of polar tags, they can then use question deferral as a test: ask them a question and see if they answer.”

Language learners - those who are neither native or fluent in a language - can sometimes use polar tags innocently. If you are unsure whether someone is a language learner or a scammer, test for question deferral, Tabron advises, in order to determine whether the caller is sinister or innocent.

“A lot of phone scams are cohesive, and a lot of bullying goes on. Pay attention to the polar tags and question referral – do you feel backed into a corner when you feel your only option is to comply? If so, it’s likely a scam,” she concluded.

What’s Hot on Infosecurity Magazine?