Bogus phone calls linked to online fraud, warns Trusteer

Fraudulent phone calls are increasing in popularity among the criminal community to commit ID theft, warns security firm Trusteer.

Fraudulent phone calls are increasing in popularity among the criminal community to commit ID theft, warns security firm Trusteer.

"Everyone needs to be on their guard to avoid falling victim - on or offline," said Amit Klein, chief technology officer at Trusteer.

One possible use for these bogus "bank" calls is to utilise personal identification information stolen using malware to give fraudsters credibility as they collect the missing information required to pull off their scam, he said.

"Defending against the new wave of hybrid attacks requires both technology to detect Man-in-the-Browser (MitB) malware and vigilance from the users of online services," said Klein.

Where criminals are thwarted by security measures such as one-time password authentication credentials which expire, they are turning to professional phone calling services to obtain the missing data required to complete a successful online fraud.

A forum advertisement, discovered by Trusteer, offers a phone service with professional callers, fluent in English and European languages, who can impersonate male and female, as well as old and young voices, at just $10 a call to collect missing data.

"While everyone's attention is focused on protecting themselves in the 'virtual' world, they're still very much at risk back here in the 'real' world. Fraudsters are turning to phone call services in an endeavour to trick people into disclosing their confidential information, sourcing professional callers to impersonate representatives from financial organisations. The sad truth is that it is far easier to perpetrate social engineering over the phone than many realise," said Klein.

Trusteer recommends using up-to-date anti-malware solutions, especially any recommended by banks, to prevent data theft in the first instance, but also to treat all unsolicited phone calls with caution, and to use contact numbers provided by the bank, not the caller, to verify the authenticity of the contact.


Read more on IT for financial services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...