Social engineering has been around for quite a while and it’s a tactic that fraudsters use to manipulate people to get information to be able to take over different accounts. They manipulate you or manipulate your own bank to get information about you.
Voice phishing is one of the social engineering tactics that fraudsters will use. They will call a bank and say something like, “Hi, I think you may have the wrong phone number on my account. Oh. Nope, you’re right. That’s the phone number that I have as well. You’re right.” And they will make sure that they have different bits of information from different spots from your bank, from some of your other accounts and compile all of that to then go to a different company and use it to take over an account.
Reconnaissance is a tactic where a fraudster will call a bank or a credit card company and try to get information on their identification and verification process and try to see what it would take to authenticate into that account.
Made in the middle is a tactic where a fraudster will call a customer. They will pretend to be that customer’s bank and say, “Hey, I need you to verify your address, verify your social security number,” and sort of pull that information out of the customer. And then they’ll turn around and call that same bank and pretend to be the customer. They’ll use this information that they just got acting as the customer to then make whatever changes they were going to make.
Another thing that a fraudster will do is call a bank and notify them they’re going to be traveling. It’s something that we’ve all done. When we travel, we say, “We’re going to be out of the country or across the country.” Just give our banks the heads up so that they don’t flag the account or shut it down. They will also call the bank and say, “Oh, it seems that a flag’s been placed on my account.” If they’ve already tried to use the account and it’s been flagged or shut down, they will call and ask to have these flags removed and say, “I’m sorry I forgot to notify you I was traveling.”
The other thing a fraudster will do is call the bank and make small changes. This could be changing their address, their email address, or even going as far as to adding themselves as an authorized user. These small changes are harder to detect as they’re not usually involving moving money or major changes and are more common like, I’ve moved or I’ve just gotten married and want to add my spouse.
It’s impossible to detect social engineering without technology. Humans are just too trusting and our technology can help detect this. We do that by analyzing three main factors. We look at voice, device and behavior for any call to see if these calls match the customer they’re supposed to be or if they are risky. We compile these into one risk score to then present back to the banks so that they can make more informed decisions.