Phone Fraud Is on the Rise, Pindrop Security Reveals

Pindrop reports that there are approximately 86.2 million phone scam calls per month in the U.S., and organizations can't trust Caller ID to prevent phone fraud.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

phone fraud

Phone scams are almost as old as the telephone itself, but in the age of near-pervasive digital connectivity, they are growing faster than ever, according to a new report from Pindrop Security.

According to Pindrop's analysis, there are approximately 86.2 million phone scam attacks in the United States every month. That means that one in every 2,200 calls coming into a financial or retail organization is some form of fraudulent activity.

Pindrop Security is in the business of helping organizations prevent phone fraud. The company announced a $35 million Series B round of financing on Feb. 19, bringing total funding to date for the company to $47 million.

Pindrop has analyzed multiple types of phone fraud, one being chargeback fraud.

"In chargeback fraud, an attacker will use a compromised credit card number to make a purchase," David Dewey, director of research at Pindrop Security, told eWEEK. "When the genuine owner of the credit card notices the charge, they will generally dispute the charge and then when the credit card company goes back to retailer, the retailer is on the hook for the cost."

Looking at what types of products chargeback fraud impacts, Dewey said that as many as one in 300 calls to retailers for Apple products are potential fraud attacks.

One thing that has surprised Dewey is the level of creativity that phone fraud attackers employ.

"With online attacks, the attackers are just trying to compromise a user's machine and credentials," he said. "In phone fraud, it's a lot more personal. The attacker isn't just trying to impersonate a user's laptop—the attacker is actually trying to impersonate the real user."

One particular type of attack Pindrop monitored demonstrates the lengths to which attackers will go. In the scam, the attackers call into the retailer pretending to be an elementary school and then proceed to buy a number of items that a school would normally buy, according to Dewey. The charge goes through, the products are shipped, and the attackers then call the school pretending to be the retailer. They tell the school that they accidentally shipped some items to the school and will come pick them up.

"The fraudster sends a courier out and picks up the order from the school and then turns around and sells all the items on eBay," he said.

While some forms of phone fraud take advantage of modern digital technologies, in the case of the school shipment scam, the bulk of the activity is done by fast-talking scam artists.

"The only role that technology plays in that type of phone fraud and the only thing the retailer has to look at is Caller ID to try to see who it is that they are talking to," Dewey said. "Caller ID is so easily spoofed that it really can't be trusted at all."

That's where Pindrop Security's product comes into play, analyzing the audio signal of the call to attribute the call to a specific device, person and location, Dewey said. The goal is that when a call comes in, the user has more information than just the Caller ID to go on.

"Organizations need to understand that you can't trust Caller ID," he said. "You have to treat every phone call that comes into an environment as potentially malicious, regardless of what the Caller ID says."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.