Newly discovered social engineering attack affects nearly 20 percent of financial services institutions
ATLANTA – Nov. 18, 2014 – Pindrop Security, the pioneer in phone fraud prevention and call center authentication for banks and enterprise call centers, today issued a high-severity advisory for financial institutions and their customers following the company’s research into a phone scam, dubbed “Misdial Trap,” affecting one in six sampled financial services institutions. The company credits financial industry reporter Tracy Kitten for alerting Pindrop researchers to the scam.
How Misdial Traps Work
Fraudsters purchase phone numbers that are similar to a financial institution’s main phone line and use those numbers to target consumers who misdial. When customers accidently dial those numbers, fraudsters pose as legitimate customer service representatives in order to gain personal or account information from the consumer.
Impact to Financial Institutions
To determine the impact of the scam, Pindrop Security sampled 600 financial institutions and determined the most likely “misdialed” variations of their primary phone numbers. Those variations were then run against Pindrop’s database of phone number reputations to determine how many were likely being used to perpetrate phone fraud.
More than 100 financial institutions of various size – just over 17 percent, or one in every six banks – appear to be affected by Misdial Traps.
Pindrop Security recommends financial institutions and consumers take the following steps to protect themselves from the Misdial Trap scam:
- Conduct a thorough Internet search and verify that all webpages related to your institution are under the institution’s control to ensure that all contact information listed is legitimate;
- Determine whether any phone numbers likely to be confused with your institution’s phone number(s) are falsely representing themselves as your institution. Common variations are changes to the final digit and changing the area code to a toll free variant;
- Notify customers immediately of the potential Misdial Trap risk and ensure customers have the correct contact information.
- Always verify the phone number for a financial institution by checking it against official communications, or refer to the number listed on the back of the debit or credit card issued by the institution;
- Never leave a message on a voicemail system that asks for personal or account information;
- Never click on any links, open attachments or dial a number unless absolutely certain that the communication is from your financial institution.
“Phone fraud costs banks and financial institutions nearly $2 billion every year and fraudsters continue to develop new attacks to steal from consumers and financial institutions,” said Vijay Balasubramaniyan, co-founder and CEO of Pindrop Security. “The Misdial Trap scam is just the most recent example of how sophisticated fraud rings are exploiting inherent vulnerabilities in the phone channel to collect consumer information and defraud financial institutions.”
For more information on the Misdial Trap phone scam, please visit the Pindrop Security blog.
About Pindrop Security:
Pindrop Security, headquartered in Atlanta, Ga., is a privately-held company that provides enterprise solutions that help prevent phone-based fraud. Its breakthrough phoneprinting technology can identify phone devices uniquely just from the call audio thereby detecting fraudulent calls as well as authenticating legitimate callers. We have helped enterprises eliminate financial losses and reduce operational costs on their phone channel. Pindrop’s customers include two of the top five banks and one of the leading online brokerages. Named SC Magazine 2013 Rookie Security Company of the Year, a Gartner “Cool Vendor” in Enterprise Unified Communications and Network Services for 2012 and one of the 10 Most Innovative Companies at the 2012 RSA conference, Pindrop Security’s solutions restore enterprises’ confidence in the security of phone-based transactions.