Caller ID spoofing represents a growing problem for organizations and individuals, with more than 13,000 people having been confirmed as victims of government impersonation attempts during 2019 alone. We spoke with Danny Thompson, SVP of market and product strategy at apexanalytix on this threat, who has extensive experience working with large companies to mitigate risks like business email compromise and vishing.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
A scammer calls pretending to be from your bank’s fraud department and suggests a fraudulent transaction or fraudulent attempt has been made to intercept a payment. The visher provides just enough information to appear legitimate, for example, they may pick up the name and last 4 digits of a bank account number from a credit card receipt. They may even replace the caller ID with the phone number of the legitimate bank fraud department or customer account maintenance team.
Anxiety in the call recipient is raised by the threat of the reported fraud attempt, and trust in the visher is built by the professionalism of the call, the legitimate information shared and seemingly legitimate caller ID. The last step, then, is for the fraudster to ask for truly private information, like a credit card CVV number or PIN, or the consumer’s real bank account number. This is all that is needed to steal from the call recipient.