At Pindrop, we’re always trying to stay one step ahead of the fraudsters. That means not just tracking what they’ve been doing, but also making some predictions for the year ahead. In the spirit of the New Year, we’ve gathered five trends for the phone fraud threat landscape in 2015.
- The Chip-and-PIN / EMV Rollout
With the deadline for retailers to make the switch to chip-and-pin coming up in October 2015, this is an easy trend to spot. As EMV becomes the standard for consumer transactions, we can expect to see a drastic reduction in the number of fraudulent in-person transactions. But what does this mean for phone fraud? With more secure cards, we expect fraudsters will make their own transition to card-not-present (CNP) fraud attacks. Banks, financial institutions, and retailers should guard their phone channel against a steady increase in fraud attempts.
- Aftershocks of 2014’s POS Data Breaches
Though there will be a big reduction in POS data breaches as the result of the EMV rollout, we’ll still be feeling the effects of the 2014 attacks on major retailers like Home Depot, Staples, Michaels, and PF Changs. All the stolen information from these breaches is now for sale on the black market. Banks are already seeing an increase in phone fraud attempts from criminals who have bought this information and are using it for account takeover attacks.
- Telephony as an Extortion Tool
The attack on Sony brought a lot of attention to the way cyber criminals are using technology as a tool for extortion. Increasingly, these criminals are turning to telephony as an instrument for blackmail. Public services are particularly vulnerable. Two examples in recent news are the practice of “swatting” (making fraudulent calls to law enforcement to elicit massive armed police response) and TDoS (Telephony Denial of Service) attacks on emergency services call centers.
- Social Engineers Exploiting BYOD
According to recent surveys, 73% of C-suite executives and IT pros say that BYOD (Bring Your Own Device) presents the greatest security risk to their enterprise. There’s good reason for that statistic. BYOD increases security risk for any business. As more employees begin to merge their personal and office phones, they make it easier for phone fraudsters to find their number and begin a social engineering attack. This merge also increases the odds that pictures from inside the office will end up on sites like Facebook and Instagram – all filled with the little details that phone fraudsters can use to trick your employees, as demonstrated at the DEF CON Social Engineer Capture the Flag competition last year.
- Healthcare Industry Feels the Heat
In 2014, the FBI warned the healthcare industry that it was not “resilient to cyber intrusions compared to the financial and retail sectors.” Fraudsters have learned the value of sensitive medical records. According to some experts, there is a 10x premium on medical records over personal and financial records. Those in the healthcare industry should brace for fraudsters impersonating patients or doctors over the phone in an attempt to get this valuable information.
While the fraudsters are always coming up with new attacks and techniques, don’t expect to see the end of 2014’s most popular scams anytime soon. According to Pindrop researchers, old favorites like the IRS phone scam, Microsoft Tech Support phone scam, and more continue to trend. Retail call centers, banks, and financial institutions will also continue to be major targets in 2015.