New Threats Mandate Better Protection
March 11, 2020
Not surprisingly, fraud is constantly on the rise. Seems like fraudsters are like weeds: they’ll find the easiest way to latch into something that can help them grow. Up until now the most common scams were email scams, also known as Phishing. As email security methods become more sophisticated, they allow automatic and effective identification of fraudsters. Therefore, we see that fraudsters are choosing the path of least resistance, which is targeting contact center agents to reveal confidential account information and credentials, in what can be referred to as voice phishing, or Vishing.It may seem somewhat harmless. But when you consider that for most of us, our phone numbers are linked to the bank, email, and social media accounts, you quickly begin to see how easy it can be for a fraudster with access to your phone number to take control of your credentials and private information and compromise your entire identity.Take SIM swapping fraud for example. SIM swap occurs when a fraudster contacts a wireless carrier and is able to convince the contact center agent that he is, in fact, you, and have him switch the SIM card linked to your phone number with a SIM card in his possession. Once your phone number is assigned to the new SIM card all data will be routed to the new SIM card owned by the fraudster. This includes two factor authentication codes and other confidential data. This allows hackers to log in to your bank account and access other confidential information.Statistically, 1 out of 1000 calls is a fraud attempt. Fraudsters obtain private information (or PII – Personal Identifiable Information) through data breaches, social media and hacks, or buy it in the dark web. Once they have the private information, they call the contact center and use social engineering techniques to manipulate agents into changing passwords/email accounts or SIM card numbers as mentioned above. In fact, As much as 60% of account takeovers go are through contact centers.This is because the authentication methods used by contact centers are not secure enough. Methods like security questions or passwords are knowledge based. And knowledge based authentication is extremely vulnerable.