Recent attacks on the IRS and Apple Pay prove that cybercriminals know too much about us. This story from CSO Online examines why Knowledge Based Authentication is failing, and available alternatives including device-printing and biometrics.
In the days of copper-wire, auto-dialing calls and covering up caller ID was expensive and complicated – meaning those calls were the work of large companies, rather than individual scammers. McClatchy DC ‘s latest report digs into how the FCC is making changes to combat these modern scammers.
Full Breakdown of This Week’s Phone Fraud News
Fortune: Wells Fargo plans to scan your face and voice for mobile security – Wells Fargo executives claimed that as far as they know the San Francisco bank is the only bank merging both face and voice biometrics together. It’s sort of like a two-factor authentication process for the human body.
Fedscoop: Dozens of agencies open up data for National Day of Civic Hacking – Announced earlier this year, Atlanta-based anti-fraud company Pindrop Security will release data for people to build a honeypot — an algorithm that could trap robocalls before they are picked up by a consumer.
Breitbart: Bank of Terror’: Pair Accused of Conning Pensioners to Fund Jihad – “These people before you, they are the bank of terror. They are not small fry, they are deadly and dangerous.” The suspects allegedly scammed their victims by cold-call elderly pensioners while posing as policemen, telling them they were victims of fraud.
First Post: Businesses can detect security breaches early by analysing behaviour – Criminal hackers have devised many ways around traditional perimeter-focused security measures. Where they once attacked a system head on, they now stay under the radar of their victims with automated attacks that decentralise incursions.
ABC News: 5 Ways the IRS Scammers Could Have Stolen All Those Tax Returns – Whether you call it social engineering, wetware or the human element, we are often the cause of our own demise. Phishing, spearphishing, vishing (phone-based phishing), smishing (text-based phishing) are different tactics to get consumers to part with their PII.
The Hill: Pollsters fret looming robocall restrictions – “And the FCC probably ought to go back to policing ‘wardrobe malfunctions’ and not making pollsters’ jobs any harder. Without accurate polling, government may end up losing its most powerful tool to know what the people who elect it really think.”
EJ Insight: How call centers are becoming fronts for fake drugs – An army of phone operators at a busy call-center hub north of Manila pitch all sorts of goods and services to potential customers at the other end of the line. Among the offerings, authorities allege, are counterfeit drugs, The Wall Street Journal reported.
MobileID World: Talking To Your Things – How do users interface with the Internet of things securely? The answer many are coming to is a combination of voice biometrics and speech recognition. The answer is obvious if you think of some of the initial IoT solutions currently available on store shelves.
Biometric Update: Banks around the world deploy biometric authentication technologies – Several major banks around the world have recently announced they are deploying various biometric technologies to improve the authorization security of their mobile banking apps.
NJ.com: Swatting in N.J.: Easy to do, harder to investigate – With simple spoofing technology, a caller can easily mask their phone number that appears on a dispatching computer screen. There’s even a way to access emergency dispatchers using TTD/TTY systems used by the deaf, which most 911 call taking centers have.
Find Biometrics: Pindrop Wins Patent for “Phoneprinting” System – These are bold claims, but the company’s technology was generating investor excitement even before it attained patent approval; earlier this year the company raised $35 million in a Series B round of financing. It’s also entering the market at the right time.
Security Sales & Integration: Home Security Telemarketing Calls Among Top Scams in 2014 – A study conducted by Pindrop Security, which provides anti-fraud authentication technology solutions to help companies prevent phone-based fraud, reveals that home security telemarketing calls were the second most common telephone scam in 2014.
Pindrop Security: Pindrop Security Granted Patent for Phone Antifraud and Authentication Technology – “Despite the fact that phone fraudsters are deploying new voice-altering technology and phone scam tactics, there has been little to no progress made for security on the phone channel over the last 40 years,” said Balasubramaniyan.
Ottawa Citizen: Police warn of police fundraising scam — then take it back – Kind officers, little children. What could be lovelier? Don’t reach for your credit card, police warned. Another scam. Except that it isn’t. The fundraising project by the Police Association of Ontario that Ottawa police initially deemed false is a real fundraiser.
Mirror: Survivors’ guide to cold call plague: How to deal with unwanted nuisance calls and texts – Consumer group Which? believes only 2% of people affected bother to lodge a complaint, so it’s likely that around three million of us have received irritating calls since the Government set up a new task force in December last year.
McClatchy DC: As robocalls evolve, regulations try to catch up – Robocalls today look different from their counterparts 20 years ago. In the days of copper-wire, auto-dialing calls and covering up caller ID was expensive and complicated – meaning those callswere the work of large companies, rather than individual scammers.
Pindrop Blog: Pindrop Wins Phoneprinting Patent – Pindrop co-founder and CEO, Vijay Balasubramaniyan invented phoneprinting in 2010, while he was working on his PhD at Georgia Tech. Vijay noticed that there were subtle differences in audio characteristics of phone calls coming from different countries.
St. Louis Public Radio: McCaskill to reintroduce bill penalizing phone scams and robocalls – We have to stay on top of this issue because spammers, spoofers and robocallers will continue to use whatever tools area available to defraud American consumers. We must give law enforcement more tools and more flexibility to fight these fraudsters, she said.
The Hill: Senators pile on the robocall criticism – The FCC is slated to crack down on robocalls next week, and senators are getting into the mix. During a Wednesday hearing, Senate Aging Committee Chairwoman Susan Collins argued current regulations have been “rendered ineffective by advances in technology.”
Destination CRM: In Data Security, It’s a Numbers Game – Multifactor authentication is a security system that requires more than one method to verify a customer’s identity before allowing him to log in to an account, access information, or perform some other transaction.
LA Times: San Diego teen arrested in bomb threats, is linked to ‘swatting’ ring – A San Diego teenager was arrested on suspicion of making hoax bomb threats. He has been linked to a group responsible for such “swatting” incidents in Georgia, Michigan, Massachusetts, Texas, Illinois and Ontario, Canada, said Lt. James Keck.
Hull Daily Mail: Elderly woman has £7,500 stolen in phone scam – My nanna’s confidence has been completely knocked, she’s so scared to be living alone now. The elderly woman is one of scores of victims to have been targeted in the scam over the past month. Just yesterday, police received 30 calls reporting similar scams.
CSO Online: Time to stop relying on PII for authentication – There’s plenty of other evidence that cybercriminals know way too much about us. For example, when onboarding new Apple Pay users, some bank call centers use personal questions for authentication, allowing criminals to make purchases with stolen credit cards.