Forget computers, phone crime is worrying banks

Criminals are using call-spoofing to game financial fraud detection

Computer fraud may be a big problem for banks today, but the telephone is becoming a critical tool for fraudsters, bank executives say.

In addition to calling customers about suspicious transactions, banks use SMS (Short Message Service) to request that customers contact them. So, fraudsters have begun using a variety of techniques to try to trick the banks into thinking they're communicating with legitimate customers via the telephone. "Call-center authentication is, to me, the biggest pain point right now," said Stan Szwalbenest, remote channel risk director with JP Morgan Chase, speaking at the RSA conference in San Francisco this week.

Malware, phishing and cyberattacks may get talked about, but "we should never fool ourselves into thinking that's the only place [crime is happening]," he said. "The biggest risks I see are social engineering, and that's exactly how the crooks are getting in."

Social-engineering attacks occur when fraudsters trick bank customers or employees into divulging sensitive information, usually by pretending to be someone they are not.

Sometimes fraudsters will hack into a bank account and change the customer's contact phone number. Then, when a suspicious transaction posts to the account, the bank will call the fraudster instead of the customer.

In cybercrime forums there's even a job title for people who do this: confirmer. "There are companies that specialize in it," said David Shroyer, senior vice president for online security and enrollment with Bank of America. Fraudsters will sell the services of people who have the language skills to mimic legitimate customers, offering, for example, four males and six females who speak English, one with a Spanish accent. "They say, 'We can match the phone number where your real customer is calling from,' " he said.

In another scam, criminals activate automatic call-forwarding features to essentially take over their victim's telephone lines for a period of time.

"They're adapting to our adoption of different technology and different authentication methods," Shroyer said.

Large banks like JP Morgan have been working with telecommunication companies to be able to identify spoofed calls, and with a recent rash of so-called swatting attacks, where hackers call 911 from spoofed numbers to trick police into sending out emergency response teams, the U.S. Federal Communicaions Commission has recently taken a greater interest in call spoofing, Szwalbenest said.

Criminals are also using low-cost, corporate-grade telephone systems to run their automated call centers. They will call, e-mail and send SMSes to victims telling them to call phoney numbers in hopes that victims will think they're calling a real bank and provide account numbers and passwords.

This technique has lately been labeled "vishing." But in reality it has been used by con artists for decades, Szwalbenest said. "It's social engineering. That's all it is," he said. "It's been around for a long time." Consumers should be suspicious of "every call," he said.

Tags securityphishingbanksfraud

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?