March 25 – The Week in Phone Fraud

TWIPF2 This week in phone fraud, Verizon suffers a data breach and the Economist explores the science of sound.

This week, Brian Krebs reported on a data breach at Verizon that exposed some 1.5 million customers’ contact information. The data is already being sold in online black markets, making Verizon customers targets for vishing fraud and other targeted attacks.

This month, the Economist ran a story about sonification, the process of turning data into sound. Audio has many characteristics that make it a much more discerning tool than visual data. The article notes many major scientific discoveries that were the result of studying sound recordings.


On The Wire: FTC Warns App Developers Over Use of Audio Tracking Code – The Federal Trade Commission is warning a dozen developers about some code they’ve included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching.

No Jitter: Hacking as a Service Part One: The Evolution of the Bad Guy – Here in the world of communications, these HaaS attacks can come in many different forms including, but not limited to Telephony Denial of Service, VLAN Hopping, API Hacking, Number Hijacking, Number Blocking, and Infrastructure Attacks.

SC Magazine: Biometrically challenged: three-factor authentication systems too weak for web banking – Fingerprint images can be scanned and copied, voice can be recorded and facial image recognition techniques can potentially be circumvented via the use of simple pictures. The third-factor is still said to be far from secure.

The Telegraph: ‘Fraudsters stole £8,083 from my account to buy booze’ – She received a phone call in early January from an “employee” at the Bank of Scotland, where she has been a customer for the last 40 years. The woman asked her if she had received her new card, which she hadn’t.

Federal Trade Commission: FTC Signs Memorandum of Understanding With Canadian Agency To Strengthen Cooperation on Do Not Call, Spam Enforcement – As we see more cross-border fraud, we must often rely on our enforcement partners around the world to help protect U.S. consumers. This agreement will enhance cooperation with the CRTC as we work together to combat illegal telemarketing and spam.

American Banker: The Case for Knowledge-Based Authentication – Cybercriminals don’t even have to game the call center. If they know that one of the knowledge-based questions is “What was your last transaction?” they’ll make a $5 deposit in the account right before calling so they know the answer.