Call center fraud attacks increased 113% last year, with criminals using VoIP (Voice over Internet Protocol) apps, such as Skype and Google Voice, to hide their identity and location.
Technical weakness in call centers and the fraudsters’ social engineering skills are chief contributors to this rapid rise in fraud attacks, according to Pindrop Labs’ 2017 Call Center Fraud Report.
In 2015, only 1 in 2,000 calls came from fraudsters, but the figure rose to 1 in 937 calls last year, said Pindrop, claiming that it analyzed half-a-billion calls for the report.
“This is clear evidence that more fraudsters are turning to the phone channel and are getting better at what they do, while call center defenses have not kept up,” the report said.
Fraudsters contact call centers in an attempt to reset passwords, change mailing addresses, and make other modifications that enable them to carry out fraudulent transactions, sometimes even colluding with call center agents.
While the upper echelon of fraudsters are becoming increasingly sophisticated, there is a continuing influx of new, less sophisticated attackers, according to the report.
Caller ID and location data are now no better or reliable than an IP address for authentication. Fraudsters also abuse IVR (Interactive Voice Recognition) systems to reset victims’ PINs or find more information about a target.
Agents at call centers are not focusing on filtering out these attacks, worried that they may mistake a legitimate customer for a fraudster. Adding to the problem is call centers are designed to efficiently handle huge volumes of activity very quickly, and agents are measured on how quickly they can resolve each call.
In the United States 83% of fraudulent calls come from abroad. This shows that scammers are becoming more confident and competent enough to target organizations in other countries, the report added.