In the first such case against a U.S. cable company, federal regulators are slapping Cox Communications with a $595,000 fine this week after Cox allowed phone fraudsters from Lizard Squad to socially engineer call center agents and steal private customer information.
This week, US police charged a Canadian man for fraud and money laundering in connection with a multimillion-dollar phone scam targeting American grandmothers. The man ran call centers in Canada with operators posing as relatives of the targeted grandmothers and asking for money.
Payments Source: Banks Have a Harder Time Blending Among Fraudsters – Security experts say the banks’ strategy of buying their stolen data is an effective and inexpensive way to determine the source of a breach and suppress criminal activity. But the most sophisticated black-market “card shops” are getting less welcoming to outsiders.
Krebs on Security: FCC Fines Cox $595K Over Lizard Squad Hack – The intrusion began after LizardSquad member phoned up Cox support pretending to be from the company’s IT department, and convinced a Cox customer service representative and Cox contractor to enter their account IDs and passwords into a fake website.
CSO: Banking on security innovation to beat the hackers – “The most advanced banks take a pro-active approach to cyber-security. They think like hackers. They do not rely on major product vendors alone, but experiment with leading-edge technologies from start-ups to evolve their defenses.”
RSA Abu Dhabi: Understanding Cyber Attacks That Leverage the Telephony Channel – Cybercriminals launch new attacks that use the traditionally trusted telephony channel to compromise online accounts. This session covers the development of a telephony honeypot to understand attacks that leverage the telephony channel.
Krebs on Security: TalkTalk, Script Kids & The Quest for ‘OG’ – The attacker, apparently another person with a British accent, called Blake’s ISP pretending to be Blake and said he was locked out of his inbox. Could the ISP please change the domain name system (DNS) settings on his domain and associated mail account?
The Washington Post: In a first, the FCC is fining a major cable company for getting hacked – In the first such case against a U.S. cable company, federal regulators are slapping Cox Communications with a $595,000 fine after Cox allowed hackers from Lizard Squad to penetrate its systems and steal private customer information.
Digital Trends: Is that really you? More companies are turning to voice biometrics for security purposes – Despite advances made with physical credit cards, like the Chip and PIN system, one step forward in the security realm sometimes means two steps back, as resourceful criminal masterminds find new vulnerabilities to attack.
Mirror: BT declares war on phone scammers with vow to tackle ‘vishing’ con callers – BT confirmed it has completed a series of upgrades, which mean that when a customer hangs up, an incoming call to a BT line should disconnect within two seconds. Any fraudster trying to keep a line open would be cut off.
Consumer Reports: How to Identify a Phone Scam – Scammers try to terrify you with startling news and threats. And legitimate companies and government agencies will never call you. Official communications are delivered by U.S. mail or, in certain circumstances, by certified mail.
CNN Money: How your voice can protect you from credit card fraud – [Banks] closed and locked the door online, but they left the window open with the call centers, said Vijay Balasubramaniyan, CEO of fraud detection company Pindrop Security. He added that $10 billion was lost due to call-in center fraud last year.
The Fresno Bee: How to check out what sounds like a scam – My question is, if the phone number is known, why doesn’t someone try to contact these people and stop this type of activity? Is there a law enforcement unit that tries to track down this type of scammer? Where do consumers report calls such as this?
NBC News: ID Thieves Use Switch to ‘Chip’ Credit Cards as Fresh Scam Bait – They use legitimate credit card information to make their call or text seem very real. What they want to do is get you to authenticate yourself by giving them your PIN to the account or the security code on the back of your card, so they can use it for online shopping.”
No Jitter: Genesys Builds App Marketplace – AppFoundry allows access to an integration for authentication and fraud detection solutions. Genesys’ strong customer base in the financial and telco sector, where fraud is common, could particularly benefit for easy access to the Pindrop integration.
Miami Herald: Canadian charged in ‘grandmother scam’ in Miami – Fooled by their fictional stories about legal troubles or auto accidents, the grandmothers purchased virtual money orders to help — unaware of being victims of a complex international scheme extending from Canada to South Florida to the Caribbean.
BBC: Phone scam gang con Lancing woman out of £7,400 – They used a phone scam to make her believe she was talking first to a Visa fraud investigator and then detectives. ‘The 75-year-old from Lancing ended up drawing out the maximum amount of cash she could and handing it over.