A common, growing scam is when a retail employee is tricked into believing a law enforcement officer requires activation of a Visa card, all through a simple phone call. One group of retailers identified 170 successful scam attempts of more than $460,000 in losses. But that’s likely only a fraction of total losses.
For companies big and small, phone fraud and scams, including social engineering and robocalls, is a serious global issue. Call spoofing is just one of the latest. These types of scams include spoofing a CEO’s phone number and voice to ask for funds to be transferred to a fake subsidiary. In other scams, callers try to extract information by impersonating employees’ coworkers using a spoofed phone number and employee ID.
Across the U.S., phone scams in recent years have become a major problem as cyberattackers have become better resourced, launching more sophisticated and evolving attacks on companies’ real-time voice communications networks.
The Bottom-line Impact
Roughly 59.4% of Americans, or roughly one in four people, have lost money to phone scams over the past year, according to a new report from Truecaller. Global telecommunications fraud is estimated at $28.3 billion, according to a Fraud Loss Survey from the Communications Fraud Control Association.
The potential impact of these attacks is both serious and wide-reaching. Spoofing attacks increase a company’s operational risks, and the fallout from an attack can cost millions of dollars. The Communications Fraud Control Association (CFCA) cites estimated losses attributed to IP-PBX hacking at $1.8 billion.
Unfortunately, many companies are not sufficiently protected from these types of attacks. Since spoofing takes on many forms of deception, finding the right solution to block or prevent spoofing may be complicated. Recent research by Metrigy found that only 41% of organizations have a proactive security plan for their communications services and only 35% perform a security assessment of their communications providers.
Many companies are slow to implement caller ID validation, including Know Your Customer (KYC), which is a mandatory process of identifying and verifying the client’s identity when opening an account and periodically verifying the identity of the account-holder. KYC requires businesses to make sure that their clients are genuinely who they claim to be. Where companies have been fast to implement KYC, they may overstep and mis-label legitimate calls as a scam or spam, and then block the call, which is not good for business.
Some 83% of call centers, for their part, rely on agents to detect fraud, revealing a weak spot in many enterprises’ security procedures. Many agents receive little or no training on how to detect these types of threats. But there’s a solution.
Oracle’s Answer to Scammers
The Oracle Communication Security Shield Cloud provides businesses with the highest level of protection against these types of spoofing attacks. Based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Oracle Communications Security Shield detects phone fraud and scams earlier to mitigate losses and prevent cascading damages. It even has the capability to detect and prevent Telephony Denial of Service (TDoS), call flooding, and Toll Fraud.
Accessed from the Oracle secure public cloud — the Oracle Cloud Infrastructure (OCI) — the Oracle Communications Security Shield provides enhanced dashboard insights into phone traffic, fraud and scam attacks. The Oracle Communications Security Shield also improves productivity by reducing repetitive customer verifications, eradicating nuisance and scam calls, and making fraud investigations easier and faster. Companies’ brand and reputation are better protected, negative press is avoided, and the customer experience is improved.
The dashboard gives companies a modern user interface and visibility into its communications network, while enabling dynamic risk assessment and threat detection of every call. For companies that require a tighter integration to their existing security systems, the Oracle Communications Security Shield offers Secure Application Programming Interfaces (APIs) along with enhanced data protection.
The Oracle Communications Security Shield is compliant with the Telephone Consumer Protection Act (TCPA) and the Fair Debt Collection Practices Act (FDCPA). The Oracle Communications Security Shield Cloud utilizes artificial intelligence and machine learning to build an ideal model of the network so anomalous traffic and threats are readily detected.
As spoofing attacks continue to threaten companies, those with a sound security solution in place to detect and defuse threats will be better positioned to survive and thrive against cyber threats.