PINDROP BLOG

May 15 – The Week In Phone Fraud

TWIPF2This week in phone fraud, criminals hack call forwarding to exploit Apple Pay authentication and Pindrop’s CEO discusses how to make security more useable.

On Tuesday, Tracy Kitten, of Bank Info Security, released a story detailing a new variation on Apple Pay authentication fraud. When a user sets up an Apple Pay account, he or she can choose to be authenticated with a verification code that is sent via text to the phone. But criminals are now exploiting this out-of-band authentication method by “porting” over or transferring landline numbers from unsuspecting victims to mobile phones the criminals possess.

On Wednesday, Andreessen Horowitz posted a podcast featuring Pindrop’s CEO and co-founder, Vijay Balasubramaniyan. In the segment, Balasubramaniyan discusses how he approaches the problem of making security something that is both powerful and easy to use.

newsletter-banner

Full Breakdown of This Week’s Phone Fraud News

Calgary Herald: Canadian Cancer Society warns of phone scam – The Canadian Cancer Society is warning Calgarians about a recent phone scam in which the recipient is offered a prize purportedly from the organization that can be claimed in exchange for an upfront purchase.

Payments Source: CNP Fraud Could Get Really Bad Post-EMV – The bad news is that EMV is so effective at preventing fraud at the POS that it has historically been shown in other countries to actively push fraud attacks to other channels, namely card-not-present (CNP). In some cases, there have been dramatic triple digital spikes.

The Hill: 911 call centers vulnerable to cyberattack – “While [call centers] don’t hold valued information like credit card numbers or Social Security numbers, they do often house names and addresses and sometimes medical records. This information can be combined and can be used to help a hacker.”.

8 News Now: 8 On Your Side uncovers ‘kidnapping’ phone scam – The scam victim will receive a phone call. When he or she answers, the receiver will hear screaming on the other end of the line followed by a voice claiming the screaming belongs to a family member of the scam victim.

7 San Diego: DMV Warns California Drivers of Phone Scam – The scam involves people calling from a blocked phone number, pretending to be staffers offering to reschedule a DMV appointment. The individuals then ask drivers for personal information, such as a social security number, date of birth, and driver’s license number.

Sand Hill: Intel, Google, VCs Pour Billions into Cybersecurity Startups – Billions of dollars in venture capital is fueling the cybersecurity boom. According to New York City-based CB Insights, in the last five years, $7.3 billion has been invested into 1,208 private cybersecurity startups. Funding in 2014 broke the $2 billion barrier.

Atlanta Tech Edge: Award-Winning Innovator Dr. Paul Judge – Serial entrepreneur, innovator and overall tech guru Dr. Paul Judge sits down with Dana Barrett of Atlanta Tech Edge to discuss the growth of Atlanta’s tech community and the three “E’s” that make Atlanta special.

Bank Info Security: How Apple Pay Is Exploited for Fraud – Criminals are now exploiting out-of-band authentication by transferring landline numbers from unsuspecting victims to mobile phones the criminals possess. Because so many people have landline numbers they rarely use, it’s proven to be an easy scam.

JD Supra Business Advisor: FCC Cites Three Companies For Its Unwanted Robocalls – All three companies made robocalls to consumers’ cell phones using both autodialers and prerecorded messages without first obtaining prior express consent from the consumers as is required by the TCPA.

American Banker: Authentication Advances May Finally Kill Passwords and PINs – Voice biometrics and device ID are graduating from the pilot phase to wider deployment at a handful of financial institutions If successful, these technologies could deliver the combination of security and convenience that has eluded banks.

Bank Info Security: How Apple Pay Is Exploited for Fraud – Criminals are now exploiting out-of-band authentication by transferring landline numbers from unsuspecting victims to mobile phones the criminals possess. Because so many people have landline numbers they rarely use, it’s proven to be an easy scam.

KGNS.tv: Identity thieves are ‘vishing’ for your information – Vishing happens when you receive a call on your home phone or mobile device, from someone pretending to be from a trusted source, like your bank. But is the voice on the other end really from your bank, or is it just another identity thief fishing for information?

Express & Echo: Exeter school victim of £300,000 phone scam – An Exeter school has admitted it has been the victim of a £300,000 phone scam. Clyst Vale Community College in Broadclyst said it was duped by someone pretending to be a contractor changing bank details.

Boston Globe: For hackers, people are an IT system’s weak link – As big businesses spend millions of dollars to plug holes in their technology and block cyber criminals from databases of private consumer information, hackers are increasingly targeting a different weakness: employees.

a16z Podcast: Making Security More Useable – The days of cramming security down employees’ throats or sending out best-practices advice emails are over. “You have to make security more useable,” says Pindrop CEO and co-founder Vijay Balasubramaniyan.

The Hindu: Beware of Nigerian fraud – A resident of Parawada, 25-year-old V. Ramana, was a victim to the infamous Nigerian lottery scam. Ramana received a call a few months ago, stating that he had won a lottery of Rs. 9 crore from the Coca Cola Lottery, an international lottery agency.

My Kawartha: Peterborough paint business out more than $7,000 due to fraud – A man had called Ashburnham Paint and Wallpaper needing paint for his warehouse. The price tag was more than $7,000. Unknown to her, the customer had used a stolen credit card to make the transaction. “I am out the money and the paint,” she says.

Philipstown.info: A Nasty Hoax: School lockouts and police mobilization – “A false report like this one goes way beyond a prank—it is the product of a sick, twisted and criminal mind,” said Smith. “Falsely reporting an emergency causes serious disruptions in our community and puts many innocent persons at risk.”

Arizona Daily Sun: Another ‘swatting’ call prompts three-school lockdown – This is the third time Marchall Elementary has received a threatening phone call from a computer-generated voice in the past month. Similar calls have prompted lockdowns at Thomas Elementary School, Knoles Elementary School and Mount Elden Middle School.

Miami New Times: Key residents victimized by scammer demanding cash to avoid bogus warrants – A woman had just returned from a trip abroad when she got a disturbing call. It was a man telling her that there was a warrant out for her arrest because she had missed jury duty. It seemed plausible enough. She’d been gone — maybe she missed a bunch of mail.