14 DAY TRIAL // By analyzing different aspects of each call made to a contact center, Vijay Balasubramaniyan says that there is the possibility to identify an account takeover attempt, 16 days before the cybercriminals decide to take action.
Balasubramaniyan, CEO and CTO at Pindrop Security, a company offering services against phone fraud, says that before hijacking the account, cybercriminals engage in reconnaissance activities, which can be detected.
Apart from collecting publicly available information about the victim, generally posted on social networking websites, cybercriminals resort to contacting call centers in order to find something that would help in their nefarious activities.
“They try to get information on an account, change personal information on the account like an email address, physical address or telephone number,” Balasubramaniyan told ThreatPost.
By modifying contact information, the organization holding the victim’s account would contact the fraudster instead of the true owner, which could lead to complete account takeover.
Researchers at Pindrop Security analyzed a sample of 105 million calls and determined that one call in 2,900 was made by a fraudster in an attempt to get access to an account and make money transfers or buy various products.
Crooks hide their identity by obfuscating the phone numbers or by spoofing the account owner’s number. Researchers also observed that, in some cases, voice-distorting devices were used, to change gender or tone.
“By monitoring reconnaissance activity, we can predict which accounts are at risk 16 days before attacks happen,” the CEO told ThreatPost. “It’s kind of like a zero-day, except this is well before the zero-day attack,” he added.
According to Balasubramaniyan, the awareness of phone fraud is low among organizations, which often do not connect the root of an account takeover to cybercriminal reconnaissance activity carried out through their call centers.
Moreover, there are plenty of organizations that keep their fraud departments isolated from other parts of the business. Since crooks do not care where they steal from and can access multiple departments until they find a way in, a holistic view of the phone calls and the ability to connect the dots would greatly reduce the fraud risk.
Balasubramaniyan will present its findings at the Black Hat security conference in Las Vegas this week, showing that account takeover calls can be detected using acoustical anomalies and that identifying them can be made through graph analysis.
The abstract of the presentation says that more than 80% of fraudulent attempts could be identified, with a false positive rate lower than 2%.