You’re not the only one getting phone calls from scammers.
Criminals are targeting corporate call centers for retailers and financial institutions across the U.S., trying to gain access to money, merchandise –- and your personal financial information. Phone scammers, most of them calling from outside the U.S., are trying to trick sales reps into handing over credit card numbers and other sensitive data that would give them access to customer accounts.
These phone fraud attacks have increased more than 30 percent since 2013, according to a new report from Pindrop Security released Wednesday.
The Phone Fraud Report found that on average, one in every 2,200 calls to a call center for a retailer, bank, brokerage firm or credit card company is fraudulent – up from one in 2,900 in 2013. Companies that issue and process credit card transactions face the highest rate of phone fraud, three times more than other financial institutions: one call per every 900.
Banks, brokerage firms and other financial institutions are among the most attractive targets because they deal directly with money. Based on its analysis of more than 20 million phone calls, Pindrop estimates that the average loss to a financial institution just from phone fraud is between $7 and $15 million a year. Each company is hit with 10 to 20 fraud attempts daily.
Why use phone fraud instead of the Internet?
David Dewey, Pindrop’s vice president of research, says criminals are dialing for dollars because it’s often easier to succeed this way than by going online, where security continues to increase.
“The phone channel is left almost totally unguarded, and basically the only gatekeeper is a customer support representative armed with a couple of knowledge-based authentication questions that attackers have found very easy to circumvent,” Dewey told NBC News. “It’s way easier to call up and try to fast-talk your way through them to get access to an account.”
These attacks are often sophisticated and done by criminal gangs who use a variety of tactics – including social engineering and account takeovers – to monetize the information stolen in recent data breaches, the report said.
Most of these fraud calls (64 percent) originate outside the United States. Internet telephone services (VoIP) makes this possible. The calls are cheap and U.S. phone numbers are easy to “spoof,” meaning it’s no problem making a fake U.S. number appear on caller ID. VoIP calls are also harder for law enforcement to trace.
Retailers are an easy target
Stores that sell popular and expensive items that are easy to resell, such as tech products, also experience a high rate of phone fraud. Pindrop noted that at one of its clients, a large consumer electronics retailer, one in 300 calls to order an Apple product was from a scammer.
That doesn’t surprise Victor Searcy, director of fraud operations at Identity Theft 911.
“It’s an easy way to monetize a stolen credit or debit card number; a lot easier than trying to take over someone’s account,” Searcy told NBC News. “You get merchandise that you can use yourself or convert to cash by selling it or fencing it.”
Remember: These losses get passed along to all of us in the form of higher prices.