Call it the maturing of cross-channel fraud. Boston-based security firm Trusteer is reporting a jump in the use of old-fashioned phone calls by fraudsters, but with a devastating twist that makes the calls potentially much more effective: “the callers knows a lot about you, from data already harvested via malware. So you believe they are in fact employed by your financial institution,” said Yishay Yovel, Trusteer’s vice president of marketing.
It works like this. Cyber criminals already have significant but incomplete data on an individual that has been gathered by malware – Zeus for instance.
But a few more data points are needed to loot the account. And that information now is being gathered via bogus phone calls, Trusteer has reported in its blog.
Yovel, in an interview, elaborated that cyber criminals are selling malware harvested financial information in discounted, bulk loads (Trusteer said it has found such data for sale at prices ranging from 60 cents to $1 per gigabyte). Then to put the data to use in stealing from victim accounts, the crooks are turning to phone calls.
Get a call from a caller who knows the name of your credit union, maybe a challenge question answer, perhaps your SSN and, suddenly, it becomes easy to believe in the caller’s credibility.
Fraud is occurring offline as well as online, stressed Yovel, but most eyes now are firmly rooted on cyber criminals. “We cannot ignore offline fraud, it is happening,” said Yovel.
Yovel added: “Financial institutions have less of a handle on how much cross-channel fraud is occurring.”
