With three times more phone fraud in 2021, businesses need to go on the offensive to eliminate fraud. A State of Call Center AuthenticationOpens a new window report found contact center fraud was up 40 percent from 2020. Douglas Tait, Director, Product Marketing For Enterprise Communications And Cloud Services, Oracle, shares his take on effective strategies for battling fraudsters and building a shielded environment for enterprises to grow.
Businesses that handle voice calls are prime targets for fraud and cybercrime, but authenticating customers and employees while combatting identity spoofing requires extra attention to flush out criminals, especially with the increasingly remote nature of their workforces. However, with a widening skills gap, existing security teams are stretched thin in devoting extra attention and managing fraud attempts across voice calls.Â
A report from the FBIOpens a new window found 2020 losses from “tech support†exceeded $146 million – which was a 171 percent increase over 2019, and most of the victims were over the age of 60. Every breach affects consumers, impairs business productivity, damages a company’s reputation, and puts the corporation at risk. This kind of fraud can bankrupt small businesses and seriously damage medium-sized companies. Organizations need to rely less on strapped security professionals and instead take a more proactive approach that prioritizes contact center agent education and the adoption of security technology that helps identify and reduce attack attempts.Â
See More: The Aging VPN Is Ready for an SDN Reboot
Securing the Workforce Through Greater EducationÂ
Securing voice and real-time communications among the workforce is one of the first steps in preventing cyber-attacks. A Dark Reading research paperOpens a new window  found 37% of organizations say at least one in ten calls to their contact centers is potentially fraudulent. With such a large number of attacks on enterprises, the losses can be staggering. This is especially true for banking, insurance, and utility industries, where a large volume of voice calls for payments and other account administration is part of the typical day.Â
Organizations must first understand how bad actors use voice and collaboration applications to fly under the radar and infiltrate an enterprise network. Only then can a company start to protect its business through agent education. Traditional voice fraud comes in the form of traffic pumping, call redirection, malware or compromised equipment. However, there has been a shift to newer forms of identity fraud such as imposter calling, call spoofing, social engineering, account takeover, ransomware, and basic stolen goods and services. All companies need to develop a comprehensive, proactive security plan that educates, identifies and contains attacks by first identifying the fraud and utilizing the right tools and processes to isolate and eradicate the practice.
For hackers to successfully plant ransomware into a computer network, they require a compromised security perimeter caused by identity spoofing, frequently accessed via forms of communications. Identity spoofing may occur from any number of sources, such as:
- Phishing – spoofed messages, usually through email
- Vishing – spoofed caller ID or the caller posing as a legitimate authority
- Spear phishing or spear vishing a person or a small, targeted group
Many hacks start with a simple phone call where the caller deceptively convinces the receiving party to provide confidential information that may harm the company.Â
Always-on Communications Security
A recent Forrester reportOpens a new window commissioned by Pindrop revealed that 83% of businesses rely on contact center agents as their first line of defense in identifying suspicious behavior. For this reason, companies must educate their employees about the latest cyberthreats and social engineering tactics. However, organizations must also aid their contact center agents by implementing always-on communications security capabilities that can help protect them from cyberattacks.
To counter telephony fraud, a security services solution must be able to deliver:
- Visibility: A real-time, comprehensive view is required for all communications traffic traversing in and out of your business. Capturing all the traffic data that travels the enterprise network allows for modeling and risk analysis. No portion of the network should be left in the dark, and a 360° view of communications traffic is required to provide a thorough, intelligent analysis.
- Analytics:Â Telephony fraud is built on calls and sessions. Unless the call is recorded, network devices do not know what is spoken in the call. However, vital information may be captured and scored. This includes information such as the source of the call, the destination of the call, the caller’s identity and the callee, the call duration, and the frequency of calls. Based on characteristics of the call, a score may be assigned to the calls that assess risk or threats, such as suspicious phone numbers, robocalling, denial of service, anomaly or non-normative traffic.Â
- Policy: Additional policies may be applied to the call in real-time. Policies may be applied based on the called number, the calling number, the source, the destination, and any other attributes to the call. A simple example of this would be a mobile call magically showing up in different time zones almost at the same time or calls being made from countries or regions suspected to be a source of cyberthreats. Â
Utilizing a security service that can identify what makes your enterprise network vulnerable, you can better defend against attacks, scams and fraudulent activity. Identifying risk attributes early on via technology means you are better positioned to protect against further high-risk calls and fraud losses. Visibility, analytics and policy expose fraud loss related to voice calls and provide data to further model risk and combat fraud before it can take hold. When telephony fraud is detected, real-time action may be taken. The calls can be blocked during the setup, fraudulent calls can be redirected to a specific destination for investigation, they can be terminated, the rate of the calls on a per-second basis can be limited, and the security officials at the company can be notified. Â
A current snapshot of the network exposes fraudulent and high-risk calls that your business is subjected to daily. Without complete visibility, you may not realize how much risk and corresponding potential savings await. Â
Say Hello to Better Security
With greater employee education and empowerment combined with complete visibility, real-time analytics and applied policy, organizations can detect and mitigate threats as part of their comprehensive enterprise-wide security strategy. Stronger knowledge of identity spoofing tactics enables contact center agents to be a critical part of a proactive security strategy rather than the only line of defense. An always-on communications security system for both inbound and outbound calls exposes and can prevent potential scams, fraud, nuisance calls, harassment, and a host of other undiagnosed and potentially costly risks if adequately analyzed and inspected. A comprehensive approach to voice and real-time communications security can protect your communications infrastructure, increase your productivity, reduce operational risks and time wasted by your security staff, as well as protect your bottom line and reputation. Â
Is phone fraud something that concerns your organization? What protective measures would you suggest? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We always love learning from you!