Warnings issued over Man-in-the-Phone fraud attacks
Daily news headlines
Actimize has warned banks and banking customers of a new kind of attack vector - dubbed Man-in-the-Phone
LONDON - Ever-resourceful fraudsters have developed a new technique to gain access to personal consumer bank information. Man-in-the-Phone fraud attacks involve the fraudster calling the customer impersonating a bank representative to inform them that their savings, checking or card account may have been breached or compromised.
The fraudster advises the customer that in order to remedy the situation they should remain on the line and verify a few account details. At the same time, the fraudster initiates a call to the customer's bank and connects the customer with a real bank representative while the fraudster remains muted on the line. The bank requests authentication information, such as social security number, passwords and other personal information, which is then provided by the customer. Once the personal information is provided, the fraudster quickly ends the conference line and informs the customer that the issue has been resolved. Meanwhile, with the personal information gathered during the call, the fraudster can take over the customer's phone banking relationship and transfer money out of the customer's accounts.
"We help many of the largest retail banks, investment banks and brokerage firms protect themselves and their clients from all types of cross-channel fraud attacks," says Paul Henninger, director of fraud solutions at Actimize. "With our unique perspective into the operations of financial institutions around the world, we can spot trends as they occur. We've noticed an accelerating trend in Man-in-the-Phone attacks. We hope that by publicising this new trend, we can help reduce its impact on individuals and our banking clients."
Actimize recommends that banking customers never share account or personal information with anyone that calls and requests to 'verify' banking credentials. Customers should always tell such callers that they will call the bank to provide such information using the bank's phone number listed on the back of an ATM, debit or credit card. While this sounds obvious, many consumers do not take this simple precaution. The vendor also recommends banks combine cross channel behaviour profiling and anomaly detection technologies with better call centre processes and training. Call centre employees should be trained to listen more closely and ask who originated the call. Attacks may be thwarted or losses minimised if bank employees ask simple (but random instead of static) security questions at various points in the phone conversation when confirming personal credentials. Fraudsters are less likely to trick customers into sharing answers to several security questions.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
Banks will not be frowned upon for discount window borrowing – Fed official
Risk Live: more banks have completed paperwork to access Fed lending facility than a year ago
Capital One puts OCC’s tough stance on mergers to the test
Proposed Discover deal should be approved but will go under the microscope, ex-regulators say
As FCMs dwindle, regulators fear systemic risk
Panellists highlight dangers of clearing membership becoming more concentrated
EU banks fear green asset ratios paint an unfair picture
Industry lobbyist clashes with lawmaker over usefulness of new sustainability disclosure
EU watchdogs to launch prop trader capital review in April
Prop traders say bank-style IFR rules are driving them out, but doubt EBA will suggest changes
Investors say new SEC disclosures may sit on shelf
Advisory committee questions value of rule 605 changes, even for retail investors
CFTC hears ‘call to action’ from swaps end-users on Basel III
Commissioner Pham mulls engaging with prudential regulators over capital hit on clearing
Iosco gears up for ‘intensive work’ on AI regulation
Watchdogs risk ‘falling behind the curve’, secretary-general warns; FSB also working on guidance
Most read
- As FCMs dwindle, regulators fear systemic risk
- Top 10 operational risks for 2024
- Top 10 op risks: AI fears drive cyber risk to record high