Archive for the ‘Consumer fraud’ Category

Phone Security Issues


TWIPF2 This week in phone fraud, Pindrop’s CEO discusses voice authentication and Chinese and Taiwanese fraudsters arrested in Turkey.

This week, Financial Times met with Pindrop CEO, Vijay Balasubramaniyan, to discuss the future of voice authentication. Voice is an “extremely rich” and quick way of authenticating someone’s identity.

GB Times reported after an over 70 Chinese wire fraud suspects were deported from Kenya to China in April, a gang of Chinese and Taiwanese fraudsters were arrested in Turkey on suspicion of phone fraud. The gang reportedly stole information from over 3,000 Chinese tourists.




Forbes: Scam Alert: Why the IRS won’t call you – Fraudsters frequently use psychological attempts to scare people into give up personal information used for identity theft. Once the fraudsters have possession of that sensitive information, they can open credit accounts and start stealing away. Generally anyone who asks for money immediately over the phone is a fraudster.

Tech Dirt: AT&T Falsely Blames the FCC for Company’s Failure to Block Annoying Robocalls – AT&T is pointing fingers at the FCC as the cause of the company’s lack of robocall-blocking technology. Recently, the FCC gave permission to the carriers who wanted to offer consumers robocall-blocking services. AT&T is one of the only companies that did not implement such technology.

South China Morning Post: Phone scam targets Hongkongers, exploits rocky relations between China and Philippines – Crime bosses behind an Asia-wide phone scam operation that has fleeced hundreds of Hongkongers out of HK$350 million in less than a year has shifted their sights to the Philippines as law enforcement tightens.

The Morning Call: Arrests Made in IRS Phone Scam – Five more people were arrested in Miami due to their involvement in an IRS phone scamming ring. Accused of stealing over $2 million from 1,500 people, the perpetrators targeted people all over the US. Progress is being made in combatting IRS scams, and the number of successful calls is dropping drastically.

The Journal News: Harrison cops go to Maine to bust phone scammer – Harrison Police traveled to Maine to arrest known fraudster, Donovan Wallace after cheating a woman out of over $23,000. Wallace is also linked to similar scams along the East Coast and a ringleader in Jamaica, where authorities are helping with the investigation.

KRON4- Bay City News: Elderly man falls victim to IRS phone scam in Santa Clara – An elderly Santa Clara man made 3 deposits totaling over $5000 when a fraudster posing as an IRS agent informed him that he was being audited for $5,900. The victim made 3 deposits while on the phone with the fraudster, and 2 were claimed before the police got involved. No arrests have yet been made.


TWIPF2 This week in phone fraud, Hong Kong banks to implement voice recognition in their call centers, and prank calls could land you in jail.

This week Find Biometrics stated Citi and HSBC banks, two of the largest in Hong Kong, are preparing to launch biometric identification systems for their call centers. This transition will improve both customer service as well as efficiency in the call centers, according to the banks.
The Washington Post reported that the potentially lethal form of prank-calling known as swatting might soon come with 20 years of jail time. The bill that just passed out of the House Energy and Commerce Committee and will soon be in a floor vote in the House.




BBC: The prank call crimewave – After a string of prank calls that led to several fast food restaurants smashing their windows, BBC Trending looked at similar events from 2009. Using a now defunct website, pranksters have been organizing themselves to initiate these calls.

BBC: Gang jailed over pensioner phone scam – Eight men from London have been jailed for a phone scam that defrauded UK pensioners out of more than ₤1m. One accomplice to the crime was X Factor contestant Nathan Fagan-Gayle who received a 20-month jail sentence for money laundering.

Huffpost Crime: Military Phone Scams: Phone Fraud and Identity Theft a Growing Issue for Military Personnel – Recently, fraudsters have moved towards military personnel who are currently serving to steal identities from. These con artist will use social reconnaissance to obtain profile pictures and social media posts to convince victims to send money overseas.

Consumerist: FCC Trying To Minimize Annoyances From New Robocall Debt Collection Loopholes – After a bill passed last fall that included a loophole to allow debt collectors to use robocalls to chase down consumers, the FCC is fighting for a way to lessen the frustration by limiting the amount of robocalls made.

ITProPortal: When vishing and phishing attack – Because of the success of phishing attacks, social engineers have turned to voice phishing, or “vishing” to extract sensitive information from victims over the phone. ConsumerProtect.com has created an infographic on the subject.

Los Angeles Times: Getting phone calls seeking divine assistance? You may be a victim of ‘spoofing’ – A Long Beach resident says he’s received dozens of calls from seekers of divine assistance from a televangelist known as Prophet Manasseh Jordan. Callers claim that the resident’s number appeared on their Caller ID screen during Jordan’s robocalls.


TWIPF2 This week in phone fraud, sophisticated account takeover scams in the UK and a new report on who is most vulnerable to scams.

This week the Guardian shared the story of account takeover fraud at Nationwide bank in the UK. In this multi-part attack, fraudsters took over the target’s mobile account, registered for mobile banking, and increased overdraft protections all by contacting call centers. Fraudsters monetized the attack using Apple Pay.

Consumer Reports published the results of a new study on Monday that found millennials are the most likely to lose money to a phone scam. 38 percent of millennial men report having lost money to a phone scam, compared to 11 percent of average Americans.




Schneier on Security: Bypassing Phone Security through Social Engineering – Undercover police officers in the UK used social engineering techniques to bypass iPhone security when investigating a terrorist suspect. Police impersonated the suspect’s work manager, asking for proof that he was in the office on a particular day.

The Sidney Morning Herald: Fraudsters rip off $5m from elderly victims using telephone scam – In one case, the scammers netted $600,000. The scam started with a phone call from someone purporting to be the manager of a Rolex store, who said that a youth posing as their nephew had been detained trying to use Albert’s credit card.

No Jitter: Hacking as a Service Part Two: Help is Here – At this point, a caller has been deemed safe enough to be allowed into the system and potentially into the ear of a real human being. Even still, security measures can be applied by listening in on the call to programmatically find anomalies.

The Atlantic: The Long Life (and Slow Death?) of the Prank Phone Call – Advances in technology apparently bring with them new possibilities for playfulness at someone else’s expense. There’s still something to be said for the visceral thrill of trying to fool someone voice to voice, it seems—even if you don’t quite pull it off.

South China Morning Post: Phone scammers pretend to be Hong Kong immigration officers – Bogus immigration officers have duped Hongkongers out of about HK$1 million in the latest round of phone scams as con artists have come up with a new ruse, the Post has learned. About 20 victims fell for the new tactic.

Gizmodo: Do Not Call the Number in This Instagram Ad – Yesterday on my Instagram feed was a sponsored post claiming “Millions of Americans are applying for Obama’s New Student Debt Forgiveness Program” and promising I could qualify in less than five minutes if I tagged a friend and called a toll-free number.


TWIPF2 This week in phone fraud, NPR accidently hijacks listeners’ Amazon Echoes and IRS warns of new phone scam.

This week, Mashable reported that NPR accidently hacked listener’s Echoes with a radio broadcast, proving the devices can be ‘hijacked’ by a speaker outside the home. NPR listeners reported the news story prompted Alexa to reset thermostats, play news summaries, and more. As the Echo begins to offer more features like paying for music and pizza, larger security concerns are beginning to arise.

According to Forbes, the IRS is warning consumers about a new variation on the IRS phone scam. Consumers are reporting that scammers are calling, saying they need to verify some information to process your return. Those details generally lead to identity theft.


FTC Blog: Avoiding imposter scams – Maria got a phone call one day. The caller, who claimed to be an attorney, told Maria there was a court order against her and that she had to pay hundreds of dollars to settle an old debt. If she didn’t pay, there would be dire consequences.

New York Post: ‘Prophet’ harassing NYers with robocalls demanding cash: suit – Self-proclaimed “prophet” Yakim Manasseh Jordan, 25 — who lives a “lavish lifestyle” with multi-million dollar homes and luxury cars — bombards personal phone lines across the country with up to six automated calls a day, according to the class action lawsuit.

Atlanta Business Chronicle: Georgia Department of Revenue gets ‘spoofed’ – The Georgia Department of Revenue (DOR) reported its phone lines have been subject to Caller ID spoofing. Spoofing occurs when the Caller ID of the caller appears to be coming from a valid number. DOR was first made aware of the scam on March 10.

On the Wire: On the Wire Podcast: David Dewey – In this episode of the podcast, Dennis Fisher talks with Dewey about the research, how the card issuers have addressed the problems he found, and what can be done to further secure mobile payment systems.

On the Wire: IRS Phone Scammers Shift Tactics – The variety of IRS tax scams is continuing to increase, and the agency is now telling consumers to be wary of a recent shift in scammers’ tactics. The latest version involves scammers calling to “verify” details of tax returns and harvesting valuable personal information.

BBC: Pensioner loses £20,000 in phone scam – The woman was contacted by someone claiming to be from the Visa Fraud Unit over suspicious account activity. She was asked to transfer funds to another account to “protect” them but when she did so the money was taken and the scam completed.


TWIPF2 This week in phone fraud, the BBC hacks NatWest and the FBI targets Jamaican lottery scams.

On Tuesday, BBC Radio investigators demonstrated two ways to take over a NatWest bank account using the phone. Using social engineering, a fraudster could simply report a victim’s phone lost or stolen, then ask to have their phone number switched to a new SIM card, owned by the criminal. Alternately, the fraudster can simply steal the victim’s phone.

The FBI recently announced a Jamaican lottery scammer has been sentenced to 10 years in prison. According to Special Agent John Gardner, “The Jamaican lottery scammers are like an organized cyber crime group. They are closely knit, highly structured, and have U.S. associates—money mules—who help launder their money.”


Wired: Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid – TDoS attacks are similar to DDoS attacks that send a flood of data to web servers. In this case, the center’s phone systems were flooded with thousands of bogus calls that appeared to come from Moscow, in order to prevent legitimate callers from getting through.

PYMNTS: Apple Pay’s Low-Tech Security Problem – “Fraudsters and hackers are like water: They’re going to take the easiest path to get what they want. Right now, this is that easiest path … There’s no point of even trying to find a vulnerability in EMV because this works so well,” said Pindrop’s David Dewey.

The Telegraph: Thousands of immigrants targeted for cash in phone scam – Immigrants are being targeted by fraudsters posing as Home Office staff who demand money in exchange for allowing them to remain in the UK, it has been claimed. Visa holders have been pressured into handing over thousands of pounds.

eSecurity Planet: 3 Ways to Defeat ‘Microsoft’ and ‘Dell’ Phone Scams – Technological solutions can also make a significant difference. Knieff suggests looking into voice solutions from companies like Pindrop, which can watch out for recognized criminals. Advanced data loss prevention solutions are also worth looking at, Knieff said.

Consumerist: Lawmakers Renew Push To Curb Unwanted Robocalls – Sen. Ed Markey (MA) introduced the HANGUP Act, which would close the robocall loophole. Even though robocalls is one of the few issues that is not currently a partisan issue, the bill has been sitting idle in committee since being introduced.

On The Wire: Bypassing Phone Fingerprint Sensors With an Inkjet Printer – Researchers at Michigan State University have developed a clever hack that allows them to scan and then print a target user’s fingerprint and then use it to unlock a mobile phone via the fingerprint sensor.


TWIPF2 This week in phone fraud, how criminals are using the IVR and mobile wallets.

This week, Forbes reported on Pindrop’s 2016 RSA session, “The Art of Avoiding Authentication.” Pindrop’s Director of Research, David Dewey, tested how Apple Pay’s call center authentication option could be compromised at major financial institutions.

On Tuesday, American Banker‘s Penny Crosman interviewed Pindrop’s CEO, Vijay Balasubramaniyan, on how fraudsters are using the phone channel. Balasubramaniyan pointed out, “If you’re able to detect suspicious IVR activity, you can forewarn banks on average 30 days before account takeover even starts happening. It’s almost like ‘Minority Report.”


Krebs on Security: Credit Unions Feeling Pinch in Wendy’s Breach – Even if thieves don’t know the PIN assigned to a given debit card, very often banks and credit unions will let customers call in and change their PIN using automated systems that ask the caller to verify the cardholder’s identity by keying in static identifiers.

Money: IRS System Meant to Protect ID Theft Victims Seems to Have Been Hacked – Knowledge-based authentication (sometimes called KBA), asks taxpayers four multiple-choice questions about their credit history — such as “On which of the following streets have you lived?” And these questions can be easily answered with random guessing.

Speech Technology Magazine: Pindrop Launches IVR Anti-Fraud Solution – Pindrop recently launched IVR Anti-Fraud, which the company says is the first comprehensive call center fraud detection capable of monitoring all customer voice channel interactions. Fraudsters can use IVR systems as their gateway into more extensive fraud.

The Wall Street Journal: Cybersecurity Startups Describe New Fundraising Hurdles – “VCs were much more discerning and they wanted proof that you have a real product that is delivering a strong return on investment to customers,” said Vijay Balasubramaniyan, CEO and co-founder of Pindrop.

On The Wire: Sidestepping Apple Pay Enrollment Authentication – “Authentication through an app is very secure, because if they’re doing it properly they know specifically it’s your device they’re sending the authorization to,” Dewey said. “A phone call is the weakest of these possible options.”

Network World: New products of the week 2.29.2016 – Our roundup of intriguing new products: Pindrop’s ‘IVR Anti-Fraud analyzes multiple layers of information to help identify suspicious callers for live agent calls in contact centers in the financial services, retail, insurance, and government industries.


TWIPF2 This week in phone fraud, white hat social engineering and believable tech support scams.

On Wednesday, reporter Kevin Roose published a story of his experience after asking to be hacked. The most surprising attack was also the most simple. The attacker simply called Roose’s cell phone company, impersonating his wife, and quickly gained access to the account, changing the password and adding a new phone line.

On Friday, Brian Krebs exposed an apparent data breach at Dell. Fraudsters have obtained Dell customer support and purchase histories as well as contact information and are using the information as tools in consumer phone scams. The cases illustrate the way fraudsters work across phone and online channels.


CBC: Canada Revenue Agency scam calls and emails have many red flags – When the phone call begins, the man identifies himself as an investigative officer with Revenue Canada and he even gives his supposed identification number. The problem is the man doesn’t work for Revenue Canada.

The New York Times: A Robot That Has Fun at Telemarketers’ Expense – While the simple robot does not possess anything near artificial intelligence, it does understand speech patterns and inflections, so it can monitor what the telemarketer is saying, and then do its best to try to keep the person on the end of the line engaged.

Bankless Times: Pindrop touts new voice-fraud detection technology – “Most companies do not have sufficient insights into customer IVR activity, much less the amount of fraud and unnecessary costs hiding there,” Vijay Balasubramaniyan explained. “Alarmingly, our beta test showed that IVR fraud rates are on par with live agent phone fraud.”

Pindrop: Pindrop Launches First IVR Fraud Protection Solution – Pindrop, the pioneer in voice-fraud prevention and authentication, today launched IVR Anti-Fraud, making Pindrop the first and only company to offer comprehensive call center fraud detection to all customer voice channel interactions.

Telegraph: Bank security: annoying AND useless – Fraudsters managed to get past NatWest’s telephone security and make a transfer from our reader’s Isa to another of her accounts. They then convinced their victim that the high balance in the latter account was a mistake and to send the money to the criminals’ bank.

Pindrop Blog: Phone Scam Breakdown: Google Listings Scam – You’re a small business owner running a website through a popular hosting site. Then, from a local number, you get a phone call from a Google specialist claiming they have a front page position for your business with unlimited clicks, 24 hours a day.


TWIPF2 This week in phone fraud: teenage phone hackers around the world

On Friday, British authorities announced that they have arrested a 16-year-old suspected of being involved with a group that used social engineering phone calls to hack into the Department of Justice web portal, the FBI network, and the private email accounts of high-ranking U.S. intelligence officials.

This week, French authorities arrested yet another teenager using social engineering on the phone channel to commit crimes. Police have arrested Vincent L., 18, from Paris, for failing to cooperate with authorities in an investigation related to a series of fake bomb threats that took place in France, Australia, the UK, and the US.


Popular Science: Hacker Calls FBI’s I.T. Department, Gaines Access to Network – On Sunday, a hacker threatened to dump the contact information of thousands of FBI and Department of Homeland Security employees online. So how did a person break into the systems of two of America’s most high-profile agencies? A phone call, it appears.

Dark Reading: Man Admits To Laundering $19.6 Million in Hacking, Telecom Fraud Scam – Hackers compromised businesses’ PBX systems. They would then identify unused extensions, reprogram them so they could be used to make long distance phone calls charged back to the victim business.

CNN: FBI, British police nab alleged ‘crackas’ hacker – British police have arrested a teenager who allegedly was behind a series of audacious — and, for senior U.S. national security officials, embarrassing — hacks targeting personal accounts or top brass at the CIA, FBI, and Homeland Security Department.

Washington Post: British teen arrested in hacking of top U.S. intelligence officials – British authorities have arrested a 16-year-old suspected of being involved with a group that hacked into the private email accounts of high-ranking U.S. intelligence officials, according to U.S. officials and British police.

Business 2 Community: Death, Taxes, And Data Theft: You Can Only Protect Yourself From One – Cybersecurity startup Pindrop is one company that is benefitting from an increased interest in combating identity threats. Their unique software fights fraud by using a voice technology system called phone printing.

Forbes: Watch Out For These Top Tax Scams – Aggressive and threatening phone calls by criminals impersonating IRS agents remains an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams as scam artists threaten police arrest, deportation, license revocation and other things.

Softpedia: Phone Hacking Group Is Selling Fake Bomb Threats for Bitcoin – According to French law enforcement, the service has been used by Evacuation Squad, a group that has terrorized cities across the globe by calling in fake bomb threats and sending SWAT teams to various celebrities and high-profile public figures.

On the Wire: UK Launches Task Force to Address Fraud – Phone fraud, vishing, and other forms of financial fraud have emerged as serious threats to many financial institutions and their customers. Banks and government agencies have begun forming alliances to help address the issue.

Credit Union Times: 5 Biggest Phone Scams in Circulation – The Atlanta-based Pindrop detected a number of emerging phone scams, some of which involve Google listings, health insurance and the MasterCard settlement. The voice fraud prevention and authentication firm also gathered data on fraudsters’ frequency.

Dark Reading: 20 Cybersecurity Startups To Watch In 2016 – President Barack Obama outlined a Cybersecurity National Action Plan this week, featuring an expanded cybersecurity budget, a new federal chief information security officer, and an emphasis on promoting multi-factor authentication.

FTC Blog: Phony calls about health insurance – President Barack Obama outlined a Cybersecurity National Action Plan this week, featuring an expanded cybersecurity budget, a new federal chief information security officer, and an emphasis on promoting multi-factor authentication.

On The Wire: Owning VOIP Phones With Zero Clicks – President Barack Obama outlined a Cybersecurity National Action Plan this week, featuring an expanded cybersecurity budget, a new federal chief information security officer, and an emphasis on promoting multi-factor authentication.


TWIPF2 This week in phone fraud, experts predict the future of fraud detection and fraudsters re-target victims.

Americans lose an estimated $50 billion a year to con artists around the world. The Atlantic interviewed leading fraud researchers to get ideas about how technology can be put to work to fight fraud wherever it occurs—in person, online, or over the phone.

Today, the New York Times issued a report on a new trend in phone scams. “Asset recovery firms” are targeting consumers who have already lost money in a phone scam, promising to help the victim recover the lost money in return for a hefty fee.


International Business Times: US burglars allegedly used caller ID spoofing app to impersonate police and lure couple from their home – Two men in Missouri, US are facing multiple felony charges for allegedly using a caller ID-spoofing app to impersonate police officers in order to trick homeowners into leaving their property so they could burgle it.

Market Watch: Is this robocall illegal? The line blurs for people with student debt – That means a student loan borrower could be receiving a legal robocall from a company that is actually handling their loans and could help them better manage their debts for free and an illegal call from a debt-relief firm trying to lure them to pay for help.

Pindrop Blog: Phone Scam Breakdown: The Healthcare Scam – Oh no! Open enrollment has ended and you haven’t signed up for health insurance. You don’t want to be penalized on your taxes so you quickly press one for more information. Soon after you have paid and avoided all penalties… or so you thought.

Dark Reading: Cybercrime Gangs Blend Cyber Espionage And Old-School Hacks In Bank Heists – The Metel group—which is still alive and well and thus far has only been seen attacking financial institutions in Russia–commandeered user administrative accounts from banks’ call centers and other systems in order to manipulate transaction information.

Mirror: Company conned out of £18million by fraudsters posing as firm’s boss in huge phone scam – A company has been conned out of £18 million in a telephone scam. A senior executive at the firm, which has not been named, was tricked into transferring the cash into a foreign bank account after criminals posed as the Scottish firm’s boss.

Inside ARM: FCC to Issue Notice of Proposed Rulemaking for TCPA Amendment – Friday’s meeting agenda included the item, “Robocalls and Federal Debt Collection: New TCPA Amendment.” Kristi Thornton, at the Consumer and Government Affairs Bureau announced that a Notice of Proposed Rulemaking would soon be released.

On The Wire: On The Wire Podcast with Mike Mimoso – In a remote episode of the podcast, Dennis Fisher talks with Mike Mimoso of Threatpost about the sessions from the Security Analyst Summit in Tenerife, Spain. The discussion touches on IoT security, the security development lifecycle, and whether device security will improve anytime soon.

Biometric Update: Obama’s cybersecurity plan calls for adoption of strong multi-factor authentication methods – President Barack Obama outlined a Cybersecurity National Action Plan this week, featuring an expanded cybersecurity budget, a new federal chief information security officer, and an emphasis on promoting multi-factor authentication.


TWIPF2 This week in phone fraud, new chip cards lead to new fraud, and NPR breaks down the “work from home” phone scam.

This week NPR’s Planet Money featured a story on a popular phone scam that claims to help victims set up an online business and work from home. This scam illustrates the social engineering techniques used to get consumers to divulge personal information, including details on mortgages and other financial accounts.

On Tuesday, Javelin Strategy & Research released its annual Identity Fraud study. The report shows that even with the rollout of EMV in the US during 2016, incidents of identity theft have remained the same. The report shows that fraudsters are simply moving to new channel, including the phone, and using different types of fraud, like new account fraud.


Atlanta Business Chronicle: Pindrop Security plans Atlanta expansion, will add 150 jobs – In four years we’ve gone from three guys at lunch at the Georgia Tech hotel with a research paper to the largest company in Technology Square,” Judge said We are now focused on expanding globally with the headquarters right here in Atlanta.”

Eater: Burger King Employees Smash Windows After Prank Call – A practical joker called the fast food restaurant, posing as an official with the local fire department, and told employees the building had gas leak. The caller advised employees to break the restaurant’s windows for ventilation.

Bob Sullivan: New chip credit cards lead to …. worse fraud? – “With the much-anticipated U.S. shift to EMV well underway, fraudsters are transitioning along with consumers,” the Javelin report said. “This drove a 113% increase in incidents of new account fraud, which now accounts for 20% of all fraud losses.”

On The Wire: FDIC Releases Cybersecurity Framework for Banks – Attackers have had more than their fair share of successes against banks in recent years, both with direct attacks and with phone fraud schemes that convince consumers or businesses to transfer money directly to the criminals.

On The Wire: New Data Shows Google Listing Phone Scam On the Rise – The new data from Pindrop Labs shows that scammers are using this scam to prey on the desire of small business owners to raise the profile of their businesses. The scam is a simple one and involves a robocall that supposedly comes from “your local Google specialist.”

The Verge: Sponsor of federal anti-swatting bill targeted by swatting hoax – Rep. Katherine Clark (D-MA), who has pushed Congress to impose harsher penalties on “swatting,” has been targeted by a swatting call. Clark’s office reported that police in Melrose, MA had received an anonymous emergency call about a shooter at her address.

On The Wire: On the Wire Podcast: Bruce Schneier – Bruce Schneier, the well-known cryptographer, author, and security expert, is today’s guest on the On the Wire podcast. Dennis Fisher talks with Schneier about the emerging problem of IoT security, and what can be done to address the technical issues all of this entails.

NPR Planet Money: Anatomy Of A Scam – You’ve seen these ads before: “Work from home. Make thousands of dollars a week. Call this number!” Today on the show, we find out what happens when you respond. We have secret documents laying out how it all works. And recordings of actual phone calls.

Loading posts...