Archive for the ‘Consumer fraud’ Category

Phone Security Issues


1. What are the key challenges of authenticating callers into the call center and IVR channels?

Traditional contact center anti-fraud and authentication methods no longer stand up to the advanced tactics leveraged by today’s criminals. Most contact centers rely on caller ID, a facility that identifies and displays the telephone numbers of incoming calls made to a particular line, but these telephone numbers can be easily spoofed. Contact centers also rely on knowledge-based authentication (KBA), asking questions that only the legitimate consumer can supposedly answer, to identify a caller. KBA has an average failure rate of 10-15%, and this rate can sometimes go as high as 30%. Most of these failures comes from legitimate customers, not criminals. Meanwhile, over 60% of these criminals can successfully answer these questions because of data they’ve already stolen.

2. What are the most effective methods for securing the phone channel?

“We need to reduce our reliance on static data,” says Avivah Litan, VP Distinguished Analyst at Gartner. All of the data compromises from the last few years have resulted in hoards of data being stolen by criminals and put into databases that are being resold to other criminals. Enabling accurate identity assessment in the contact center relies on endpoint-centric measures, which look at the originating call and the originating phone that is making that call in order to assess the legitimacy of the user that’s calling. Litan describes phoneprinting technology combined with voice biometrics as “the strongest method for detecting fraudsters who call into enterprises.”

3. What are call centers most concerned about and how are their needs satisfied?

Contact center and fraud teams have a mutual interest in protecting customers, their data, and the overall security and reputation of an organization. Call center agents aim to provide high levels of productivity and consistent customer satisfaction. Security teams aim to eliminate weak call center authentication processes and reduce dependence on call center agents for screening out fraudsters. Phoneprinting combined with voice biometrics provides user authentication and fraud detection, enabling both contact center and security teams.

Learn More



blackhat2016Fraudsters live and die today by executing on what some may call — prank calls. Only the punchline hits businesses in their pockets, leaving law enforcement and companies to ask, “How do we know stop them?” They are robocalls, voice phishers and caller ID spoofers using cybercrime techniques to launch scam campaigns through the telephony channel that many people have long trusted.

Black Hat, one of the premier, highly technical security conferences of the year, welcomes Pindrop Labs Research Scientist Aude Marzuoli to host a session at Black Hat USA 2016.

I am excited for Marzuoli to discuss her latest research findings on the most menacing trends of the telephony channel and describe the calling patterns she tracked via a telephony honeypot. She will share with you her original thesis and how she used Pindrop’s honeypot to gather and analyze accurate and timely information on unwanted phone calls across the United States. By determining how these bad call sources can be quickly and accurately identified using features extracted from honeypot call audio, Pindrop Labs stands to aid law enforcement and businesses across the globe that are combatting rising telephony fraud.

Using machine learning and semantic information collected from honeypot call audio, Marzuoli and her team collected over 500,000 calls over five months from 90,000+ unique source phone numbers. Leveraging this data, Pindrop Labs developed a method to “fingerprint” high-risk call sources, attempting to hide behind phone numbers, and detect them in the first few seconds of a call.

In total, Marzuoli’s research included 1,072,840 calls placed to a honeypot by 209,755 sources and to 57,818 destinations. Out of these calls, she sampled over 100,000 for recording and analysis. The eye opening results were shared with Federal Communications Commission and the Federal Trade Commision. We look forward sharing to these results and what can be done to protect consumers and stop robocall scams.

I will be in the audience as she takes the stage and we will both be available after the session. I hope you will join us at Black Hat on August 4, 2016 at 5 pm PST in the South Seas CDF room. More details on her session are available here.


TWIPF2 This week in phone fraud, cheap technology makes phone fraud easy and Pindrop analyzes 10 million calls for latest research.

This week, Wall Street Journal reported that telephone scammers posing as tech support, lottery reps or even government officials are inundating U.S. homes as cheap technology and the rapid rise in Internet access globally makes it easier to set up an unlawful phone operation.

Bankless Times reported that Pindrop’s analysis of more than 10 million calls to UK and US-based enterprise call centers looks at vertical impact, attacker device type and location along with trends and vectors used by organized crime groups.



On the Wire: Phone Fraud Scam Targets College Students For ‘Federal Student Tax’ – The FTC is warning about a new variant on phone fraud scams that attempts to bully college students into paying a non-existent student tax. The scam is similar to many of the IRS phone scams that have been ongoing for several years, but with the novelty of pressuring students who likely are much more vulnerable.

Beta News: 5 popular tactics scammers and hackers use to steal your identity – Beta News reported that fraudsters are using reconnaissance, social engineering, and vishing among other tactics to steal identities. These tactics, although sneaky can be enacted through a simple Google search or phone call.

The Lincoln Journal Star: ‘Barrage’ of political robocalls before primary election leaves regulators looking for fixes – Nebraskans are receiving a barrage of calls. Leading up to the primary election, a new salvo of political robocalls hit Nebraska phones essentially every day for 60 days straight.

Edmonton Journal: ‘Digital swatting’ may be behind worldwide school bomb threats, including one in Edmonton – Two schools in Alberta and two in Saskatchewan were among those that received phone threats of explosives being present in school buildings, and police forces in Alberta are exploring the possibility of a link between the threats.

CBS6: Worried grandma loses $40,000 in phone scam – A Virginia woman was a victim in a Grandparents Scam attack when a fraudster posing as her grandson asked for bail money following his arrest. After a 12-day period and several wire transfers, she realized the caller was not her grandson, but in fact a fraudster.


TWIPF2 This week in phone fraud, call center fraud grows 45% since 2013.

On Tuesday, Pindrop released its annual Call Center Fraud Report. SC Magazine spoke to Pindrop’s research director, David Dewey about the drivers behind this year’s increase in phone fraud. According to Dewey, new US chip cards make it harder for fraudsters to reproduce phony cards, so the bad guys are crafting social engineering attacks that target call centers in order to make malicious transactions.

Dark Reading spoke to both Pindrop’s David Dewey and Chris Hadnagy, CEO of Social Engineer LLC. Hadnagy confirmed the Pindrop report findings, pointing out that voice represents the next big attack vector. Organizations should expect to see an increase in call center fraud and multi-vectored attacks.




Fox5: ID thief: here’s how to stop me – He would research his victims’ birthday and other personal info already online. Then he’d call merchants who use overseas customer service reps. When he would get the security answers wrong, they’d be more likely to cut him some slack.

Finextra: The Transatlantic State of Phone Fraud – Pindrop’s VP and GM of EMEA, Matt Peachey sat down with Fintextra to discuss the 2016 Call Center Fraud Report released by Pindrop Labs. The report has uncovered a loss at £0.51 to fraud in call centers in 2015.

Pindrop: Pindrop’s 2016 Call Center Fraud Report Reveals 45% Increase in Phone Fraud Attacks – Pindrop today announced research indicating increases in phone fraud incidents and costs in multiple areas in its 2016 Call Center Fraud Report. Researchers at Pindrop Labs analyzed over 10 million calls to major enterprise call centers in the US and UK.

Forbes: The Day I Was Almost Defrauded By ‘The IRS’ – I thought I would know the signs. I have spent years teaching graduate students about fraud schemes, developed fraud training seminars for corporations around the world, and have even conducted prison interviews with convicted white-collar felons.

Security Magazine: Call Center Fraud Attacks Have Increased 45% Since 2013 – Strong online and mobile security, coupled with the rollout of EMV chip cards in the US means cybercriminals are changing tactics, exploiting the weakest link in the organization: the call center. The rate of call center fraud attacks has grown 45 percent since 2013.

FindBiometrics: Call Center Fraud on the Rise: Pindrop – Pindrop, the developer of call analytics security solutions, has released a new report indicating alarming trends in call center fraud. Composed by Pindrop Labs researchers using Pindrop’s Phoneprinting technology to analyze more than 10 million call center calls in the US and UK


TWIPF2 This week in phone fraud, Hong Kong banks to implement voice recognition in their call centers, and prank calls could land you in jail.

This week Find Biometrics stated Citi and HSBC banks, two of the largest in Hong Kong, are preparing to launch biometric identification systems for their call centers. This transition will improve both customer service as well as efficiency in the call centers, according to the banks.
The Washington Post reported that the potentially lethal form of prank-calling known as swatting might soon come with 20 years of jail time. The bill that just passed out of the House Energy and Commerce Committee and will soon be in a floor vote in the House.




BBC: The prank call crimewave – After a string of prank calls that led to several fast food restaurants smashing their windows, BBC Trending looked at similar events from 2009. Using a now defunct website, pranksters have been organizing themselves to initiate these calls.

BBC: Gang jailed over pensioner phone scam – Eight men from London have been jailed for a phone scam that defrauded UK pensioners out of more than ₤1m. One accomplice to the crime was X Factor contestant Nathan Fagan-Gayle who received a 20-month jail sentence for money laundering.

Huffpost Crime: Military Phone Scams: Phone Fraud and Identity Theft a Growing Issue for Military Personnel – Recently, fraudsters have moved towards military personnel who are currently serving to steal identities from. These con artist will use social reconnaissance to obtain profile pictures and social media posts to convince victims to send money overseas.

Consumerist: FCC Trying To Minimize Annoyances From New Robocall Debt Collection Loopholes – After a bill passed last fall that included a loophole to allow debt collectors to use robocalls to chase down consumers, the FCC is fighting for a way to lessen the frustration by limiting the amount of robocalls made.

ITProPortal: When vishing and phishing attack – Because of the success of phishing attacks, social engineers have turned to voice phishing, or “vishing” to extract sensitive information from victims over the phone. ConsumerProtect.com has created an infographic on the subject.

Los Angeles Times: Getting phone calls seeking divine assistance? You may be a victim of ‘spoofing’ – A Long Beach resident says he’s received dozens of calls from seekers of divine assistance from a televangelist known as Prophet Manasseh Jordan. Callers claim that the resident’s number appeared on their Caller ID screen during Jordan’s robocalls.


TWIPF2 This week in phone fraud, Pindrop CEO is the featured cover story of HUB Magazine, and Atlanta is #1 in robocalls.

This month HUB Magazine featured Pindrop CEO, Vijay Balasubramaniyan, as the cover story. In the article, Balasubramaniyan explains Pindrop’s beginnings as well as how he sees the future of voice authentication and security.
Market Wired reported every second, 963 robocalls are made somewhere in America. Research indicated that 2.5 billion robocalls were made to US phones in March, which is a 13% increase to February numbers. For the 4th straight month, Atlanta has been the top city for robocalls.




On the Wire: Hear a Real Bank Phone Fraud Call from a Fake Cop – Fraudsters are expanding upon a common phone scam that targets senior citizens. These phone scammers are now showing up at victims’ homes to take their debit cards in person, stating that their new one will be coming in the mail.

The Telegraph: New phone scam leaves victims with ₤300 bills for calls they never made – Ofcom has launched an investigation into mobile customers being targeted for a new scam which can leave them with a bill for hundreds of pounds for phone calls customers never made. Some victims have been hit with bills of more than ₤300.

Los Angeles Times: China is dialing 911 over Taiwanese phone scammers – Over a decade ago, Taiwan’s central police agency set out to crush telephone fraud. Although they were successful on the island, Taiwanese fraudsters have moved overseas to swindle victims from at least 2 dozen countries.

Gulf News Crime: 21 phone scam suspects arrested in Sharjah – 21 men have been arrested for running a phone scam in which they convince victims to transfer money in exchange for prizes. The fraudsters were using multiple mobile phones and SIM cards to remain under the radar.

The Daytona Beach News Journal: FBI investigates Palm Coast ‘swatting’ incidents that led to standoff – After a stand off between a Florida county SWAT team and an innocent man, the FBI has teamed up with local forces to find the caller of this swatting incident. The FBI considers swatting to be a public safety issue.

Venture Beat: Watch me control my Tesla with Amazon Echo – Over the weekend, Jason Goecke of Tropo hacked his Tesla using a drone, Goland, an Amazon Echo, and AWS Lambda. The result was the ability to ask Alexa to ask “KITT” to pull in or out of Goecke’s garage.


TWIPF2 This week in phone fraud, ’90’s phone scams are making a comeback and Chauffeurs jailed for car-hailing phone scam.

This week Consumerist shared that the phone scam tactic of slamming (switching someone’s long-distance carrier without their knowledge or permission) is back in the fraudster’s arsenal.

Shanghai Daily reported this week that 4 drivers who defrauded a car-hailing service out of 100,000 yuan (US $15,462) have been jailed for 8 months to 1 year, fined 1,000 yuan, and ordered to return the money to the company.




BBC: The massive phone scam problem vexing China and Taiwan – A recent diplomatic row between Taiwan and China has cast light on a massive international telecoms fraud problem. It is said to involve thousands of scammers, some of them pretending to be government officials to extract money from victims.The scam has reportedly cost mainland Chinese victims billions of dollars.

The News Courier: Officials talk safeguards at Fraud Summit – A number of officials gathered to discuss popular scams and what citizens should do if they suspect their identity has been stolen. Though most officials said there’s a high probability that someone will encounter identity theft at least once in their life, there are a number of ways information can be safeguarded.

NJ.com: Bamboozled: Could ROBOCOP finally stop unwanted robocalls? – And advocacy group Consumers Union estimates that overseas scammers have been fined more than $1.2 billion from Do Not Call registry violations, but it said the FTC has only been able to collect less than 9% of the fines.

Bob’s Guide: Integrating AI into the Financial Services Customer Experience – Optimists see AI to be the savior of customer experience in the financial services industry. Schwab Intelligent Portfolio is one of the most talked about AI financial products, using their voice, consumers can have and maintain an investment portfolio without human interaction.

Polygon: PlayStation Network getting two-factor authentication, Sony confirms – Sony is making a long-awaited effort to shore up security on the PlayStation Network — the company is planning to add two-factor authentication to the service. With this new authentication method, Sony users will have to use their username and password as well as a code sent to a phone via text message or phone call to sign in to their account.

Toronto Sun: Ontario man’s prank sick-day phone call goes viral – A 23-year-old from St. Thomas, Ont. uploaded a prank phone call video to YouTube on Saturday entitled “Calling in sick to places you don’t work!” The video has had more than 1 million views so far.


TWIPF2 This week in phone fraud, Pindrop researcher goes undercover to expose IRS scam, and monitoring behavior can unmask fraudsters.

This week the NPR shared a Pindrop researcher’s undercover IRS phone scam conversation with a real fraudster. More than 5,000 victims have been duped out $26.5 million since 2013.

BBC reported this week that last year in the UK, fraud losses totaled ₤755m. Pindrop’s Matt Peachey sat down with BBC to discuss the need for multi-layered security, including monitoring behavior.




The Guardian: The terror of swatting: how the law is tracking down high-tech prank callers – In 2014, a swatting attack was launched on an Atlanta suburb police station that led to a year-long investigation in the US and Canada. This hoax was implemented by a 16-year-old who initiated nearly 40 attacks on homes, schools, and businesses.

The Boston Globe: Why police are having a tough time finding culprits in school robocalls – Dozens of Massachusetts schools are being plagued with a series of hoax robocalls including threats of bombs and roaming shooters. Why can’t authorities trace the calls? Using VoIP, these callers are able to hide their identities.

Ars Technica: “This is the IRS regarding your tax filings” says trio of overseas robocallers – While the FTC searches for a technology to combat robocalling, scammers have now started posing as agents of the IRS using robocalls. Pindrop has found that the wave of IRS scammers can be traced back to 3 distinct groups operating outside the US.

CreditCards.com: Credit card companies may be analyzing your voice – While credit card companies often record phone calls from cardholders, it’s not always for the purpose of quality assurance. Many banks are now analyzing calls and using advanced voice biometrics to root out criminals in the fight against call center fraud.

This is Money: You’re on your own if a conman raids your bank account – This week, This is Money and Money Mail have reported that just 2 out of 1,000 cases in identity theft are investigated and that 70% of customers affected by scams never get a penny back.

ITProPortal: Nationwide develops behavioral authentication prototype – Nationwide’s Innovation Lab, BehavioSec and Unisys are developing an authentication system that uses a customer’s behavior to allow access rather than requiring an additional password to access their banks account from their mobile device.


The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

You’re a small business owner running a website through a popular hosting site. You have purchased the unique URL that fits your company, and you set up your website. You muddle your way through figure out SEO, mphone-scam-breakdowneta tags, and keywords to get your website found upon a quick Internet search. Then, from a local number, you get a phone call from a Google specialist claiming they have a front page position for your business with unlimited clicks, 24 hours a day. Your business is struggling to gain traction on the Internet so you immediately press one at the behest of the specialist. You set your website up with the Google specialist. Quick and easy, you pay the local specialist for the front page spot and you hang up.

What Really Happened

You realize shortly after hanging up with the Google specialist that your website is not displayed on Google’s front search page. You also realize that several withdrawals have been made from your account that you have not authorized. Soon after, you catch on to what has happened. You’ve been scammed, and the fraudsters stole your credit card information. How did this happen?

  • Robocalling – Scammers use robocalls to attack a multitude of people quickly while also being able to conceal their identity and location through Caller ID spoofing
  • Vishing – Fraudsters use the phone channel to persuade victims to divulge sensitive information, like credit card numbers, to initiate account takeovers
  • Impersonation – by falsely implying that they are associated with Google, they are gaining your trust and/or intimidating you with their importance


Google Listing Scam Examples

Another day, another “Google Listing” call – A variation of the robocalls surrounding the Google Listing scam. According to Pindrop Labs research, there are 8 variations of robocalls connected to this scam.

Avoid and report Google scams – A list of scams tied to the Google name.

Pindrop Labs presents Emerging Consumer Scams of 2016 – Pindrop Labs has researched and discovered the 5 emerging phone scams effecting consumers in 2016, including the Google Listing Scam, and will be presenting a webinar on these findings on Wednesday, February 24th from 2:00-2:30pm ET.





The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

It’s a chilly January day. You’ve been busy hitting the ground running on your New Years resolutions, getting back into the daily grind at work, or stocking your pantry for impending snow storms. One day in the midsts of all the hustle and bustle, you receive this call:

“You may already know effective January 1st of this year, federal law mandates that all Americans have health insurance. If you missed open enrollment, you can still avoid tax penalties and get covered during the special enrollment period, often at little or no cost to you.”phone-scam-breakdown

Oh no! Open enrollment has ended and you haven’t signed up for health insurance. You don’t want to be penalized on your taxes so you quickly press one for more information. Soon after you have selected the healthcare plan right for you, paid with your credit card, and avoided all penalties… or so you thought.

What Really Happened

Scammers used a fake robocall to gain your personal information including social security number, your bank account, and your address. With this information, these fraudsters racked up purchases on your credit card and opened new accounts.  Because the insurance you thought they offered you was made up, you also are penalized for being uninsured come tax time. Attackers have successfully stolen your identity using the following tactics.

  • Robocalling – Scammers use robocalls to attack a multitude of people quickly while also being able to conceal their identity and location
  • Confusion – You’ve heard something about Obamacare and tax deadlines, but you haven’t paid much attention to the details. Fraudsters take advantage of your confusion.
  • Cross-channel Fraud – Fraudsters use many different channels to extort sensitive information. In the case of the Healthcare Scam, fraudsters use the phone channel to collect personal information, and use that information in other channels, like online or in the call center.

Healthcare Scam Examples

5 Obamacare Scams and How to Avoid Them – In addition to offering healthcare, scammers will also tell victims they can get lowered insurance rates, pretend to be government agents, or even offer nonexistent “Obamacare cards”.

Expert Warns about Healthcare Scammers – Brownsville, TX – fraudulent robocallers warn residents about $695 penalty for not enrolling in heathcare.

State Warns of Multiple Scams and Fraudulent Practices in Oregon – Phone scammers are preying upon the financial troubles of Moda Health, calling and intimidating those using Moda as their primary insurance carrier.


Loading posts...