The past several years have seen an explosion in the use of call centers by cyber criminals to attack business clients. The call center representatives disguise themselves as being from a trusted vendor (e.g., Microsoft) or from the government (e.g., the IRS). These attacks attempt to trick the person answering the call to share login credentials or other personal information in order to initiate a cyber-attack. In the past, these fake calls were easily identifiable by the poor English spoken by the call center representative. Currently, call center representatives are either domestic or speak perfect English. The high profits generated by these calls raise what the cyber-criminals are able pay, resulting in a better call center employee.
How do the cyber-criminals do it? Cyber-criminals use the same technology employed by those annoying telemarketers that you can’t stop. They begin by compiling a list of potential phone numbers to dial with the desired demographic (see Blog "Social Engineering: Marketing...Get the List").
Once the list is in hand, the criminals work on a script to trick the person receiving the call into taking actions they wouldn’t normally take. The advent of host Voice Over Internet Protocol (VOIP) call center systems has allowed cyber-criminals to put call centers offshore while using local phone numbers. Phone numbers can also be “spoofed” so that the phone number appearing on the caller ID appears to be a local number. By the use of call center and VOIP technology, the cyber-criminals are able to quickly and cheaply build call centers around the world. The VOIP technology effectively circumvents long distance phone charges, making the call center calls virtually free from anywhere in the world.
Here are some tips for spotting and preventing the loss of data to cyber-criminal call center employees:
The use of call centers for attacks is a growth business for cyber-criminals. Well documented successful business plans, easy to use and setup technology, plenty of people world-wide that need jobs, and poor law enforcement make call centers an attractive business for cyber-criminals.
Click HERE for more information.