Telecom Fraud is evolving. Should we be afraid?

Love them or hate them, there is a proliferation of auto-generated reports on the internet on any topic you wish to type into an internet search engine. But we are fortunate in that amongst all these reports and surveys there are a few that provide some real and substantiated insights into what is happening when it comes to telecom fraud and risk.

Industry bodies such as TM Forum, CFCA, RAG, UK Finance, ENISA, as well as regulators like FTC and Ofcom have all produced some form of survey or report recently. The staple telecom frauds such as PABX, IRSF, Wangiri, bypass, spoofing, etc. still flourish, but in the past few years it has become clear that as well as these traditional fraud threats, fraud attacks are now migrating to where they pinch consumer pockets directly.

We should certainly be very aware…

Since the pandemic hit, every business and industry has been forced into survival mode…though some less than others! Individuals and businesses have had to manage the impacts of remote working, sickness and staff shortages, fragmented working groups, lighter day-to-day management supervision, decreased communications, and learning and embracing new working practices.

The pandemic has also accelerated digital transformation adoption exponentially, forcing us all to change our habits to ensure we can work as well as play successfully in this new environment. New or previously under-utilised digital architectures, operations, self-service portals, etc. have become commonplace as businesses and individuals alike have looked to adapt in this new world. 

Fraudsters, always looking for new routes to illicit funds, have spotted these changes, and have transformed them into opportunities. Their tactic has become that of maximising the levels of confusion, naivety and oversight, to target an even weaker link than the corporation: the end consumer. You and I.

The new El Dorado for criminals is not the traditional telco offerings, but data. All forms of data freshly generated by individual consumers every day. This data, once it is accessed through targeted and sophisticated social engineering schemes, can be exploited, and used to manipulate individuals in larger, more complex financial frauds and scams.

As telcos witness an increase in customer enquiries related to the ever-growing volumes of data-based products and services, this creates an opportunity for fraudsters. Just as the legitimate consumer contacts their service provider, the fraudster is also impersonating and looking to extract more sensitive information from over-worked telco customer care agents.

A good example is a request for a new SIM card, or SIM swap. A fraudster can pose as a legitimate customer to take control of the consumer’s phone number and intercept two-factor authentication 2FA messages used by banking and finance, social media accounts. The end goal of this fraudulent operation is to tap into the consumer’s world of financial services, property, and assets. 

It’s becoming commonplace to hear news of vulnerable individuals losing their life savings from a scam that initially targeted them through an SMS, instant message, phone call or email, purporting to be from their phone company, bank, or other service provider.

The seriousness of this threat has prompted greater inter-industry collaboration. Banks, financial services, telecom service providers as well as consumer groups are now on the alert and looking for ways to counter the increase in frauds and scams.

As risk management vendors, we need to be carefully tuned-in to the trends and nuances seen in the industry. We need to adapt our solutions and offerings and align them to the risks and frauds being perpetrated, and be included in collaboration initiatives.

As telcos, we need to understand the increased volume of malicious attacks that will occur around subscription, provisioning, and customer care operations in order to gain access to individuals’ accounts for fraudulent purposes, to mitigate these risks across industry verticals.

As businesses, we need to be cautious. We need to ensure that every facet of the business and commerce is working together to quell and proactively manage risk, collaborating with others to try and stay one step ahead. We need to educate and inform.

As consumers we need to be extremely vigilant with respect to any suspicious contact from our service providers, before engaging in activities that may impact us negatively.

Digital transformation is here. Our digital identities will grow, we will continue to discover new ways of improving our everyday lives, but we also need to ensure that we can confidently operate risk free in this new world. The responsibility lies with us all: consumers, service providers, businesses, regulators, etc. to ensure we can keep the fraudster in the cold.