Virtualized Calls a Top Threat for ATO Attacks

Security

According to the 2019 State of the Call Center Authentication report from TRUSTID, a Neustar company, one of the most exploited areas in a company’s security chain is the call center.

Companies may be investing more in their cybersecurity defenses, but fraudsters are evolving in their tactics. As such, they’ve discovered that by targeting call centers, they can easily obtain personally identifying information (PII), which is likely one reason the report found that call center professionals are increasingly the target of fraudsters employing social engineering in an attempt to takeover (ATO) customer accounts.

In fact, 51% of respondents that work in the financial services industry identified the phone channel as the top threat for ATOs. At 32%, spoofed calls lagged behind criminal activity reportedly coming through virtualized calls, which 40% of respondents said they saw more of this year.

“Virtualization (e.g., web-based calling services (Skype), Google Project Fi (routed through T-Mobile or U.S. Cellular), or a business PBX) is the biggest threat vector to call centers today. The calls are authentic, unique and legitimate. Their signaling data and call certificates are correct and will pass by technology designed to detect spoofing attempts,” the report said.

“Virtualization frees criminals from the need to imitate specific callers’ numbers. They just have to reach an agent from a number that is legitimate but unrelated to a customer’s record.”

An overwhelming majority (72%) of call center representatives believe that if calls were authenticated before answered, the number of ATO attacks could be diminished without impacting the customer’s experience.

“Our data also suggest that they are eager for change. 46% of call center leaders were ‘very’ or ‘somewhat’ dissatisfied with their current caller authentication method(s), a 50% increase since 2018.”

When comparing survey results year-over-year, the number of companies planning to implement multifactor authentication has doubled. “As more breached personal information enables more account takeover through the phone channel in the year ahead, we expect more call center leaders to advocate for a completely new multi-factor authentication strategy.”

Products You May Like

Articles You May Like

What you missed in cybersecurity this week
Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
A new Tesla Model S can now drive from Los Angeles to San Francisco on a single charge
Singapore Responds to Recent Cybersecurity Attacks
Source Code for CARBANAK Banking Malware Found On VirusTotal

Leave a Reply

Your email address will not be published. Required fields are marked *