Ofcom confirmed that new consumers protection rules will come into effect from Monday 01 October in an announcement yesterday, but UK based security services company, Redscan, believes it should be on the radar of security pros and that it could have a bigger impact that simply reducing nuisance calls. Redscan CTO, Andy Kays, explains below how these new rules may help prevent vishing (voice phishing) scams – in which criminals target individuals or businesses with social engineering campaigns by phone (often elderly and vulnerable persons).
Andy Kays, CTO at Threat Detection and Response Specialist at Redscan:
“Beyond nuisance calls for PPI or personal injury claims, Ofcom’s new consumer protection rules could go a long way toward preventing malicious voice phishing scams. Usually targeting elderly or vulnerable people, such scams cause a great deal of pain and suffering to victims.
“Calling potential victims pretending to be their bank, utility provider or pension company, with the aim of obtaining payment details, is a popular money-making tactic for fraudsters. Modern technology makes it easy for criminals to hide their identity or even mimic the number of a real company or person who may be known and trusted.
“Any protection rules that compel phone companies to help reduce the number of nuisance or criminal callers is certainly welcome, particularly as most scam victims are liable to receive no financial compensation, even if they lose their life savings. While these new measures won’t put an end to phone scams entirely, fraudsters will now find it harder to scale up their activities.
“Despite the introduction of the rules, consumers still need to stay vigilant. Never give out personal information in response to incoming calls, or rely upon Caller ID as the sole means of identification, particularly if the person on the other end asks you to carry out an action which might have financial repercussions. If someone rings you asking for personal information, don’t provide it. Instead, ask for the phone number needed to call the person back and if still in doubt verify this online and against any official correspondence. Wait at least five minutes before returning a call – this ensures the line has cleared and you’re not still speaking to the fraudster or an accomplice.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.