Misdial Scheme Targets Credit Union Members
Fraudsters may be gaining valuable information from members who misdial when calling their credit union, according to a security advisory issued this week by an Atlanta firm.
The scam, dubbed the misdial trap, was reportedly discovered by a $1 billion credit union in the Northwest and more than 100 additional credit unions and banks could be targets, according to Pindrop Security, which issued the alert.
To pull off the scam, fraudsters purchase phone numbers similar to an institution’s main number and pose as legitimate customer service representatives to gain information from people who dial the wrong number, according to Pindrop.
The phishing scam, which seems to be the latest form of call center fraud sweeping the nation, is a different twist on typosquatting, cybersquatting and Internet brandjacking, which capitalize on mistyped website addresses and domain names.
To avoid the misdial trap, Pindrop recommended credit unions and other financial institutions conduct a thorough Internet search and verify that all webpages are under the institution's control to ensure that all contact information listed is legitimate.
Credit unions should invest time in investigating phone numbers that are similar to call centers and branches, according to Pindrop’s advisory.
Cooperatives should determine whether any phone numbers likely to be confused with the credit union are being used for fraudulent purposes, the security firm said.
Crooks commonly use variations that change the final digit or switch to a different toll-free area code, the Pindrop said.
If a potential misdial trap risk is detected, Pindrop advised credit unions to immediately notify members and ensure customers have the correct contact information.
"Phone fraud costs banks and financial institutions nearly $2 billion every year and fraudsters continue to develop new attacks to steal from consumers and financial institutions," Vijay Balasubramaniyan, CEO of Pindrop Security said. "The misdial trap scam is just the most recent example of how sophisticated fraud rings are exploiting inherent vulnerabilities in the phone channel to collect consumer information and defraud financial institutions.”
To research the phone scam, Pindrop sampled 600 financial institutions and determined the most likely misdialed variations of primary phone numbers. It then compared to Pindrop’s database of phone number reputations to determine how many were likely being used to perpetrate phone fraud, the company said.
More than 100 financial institutions of various size – a little more than 17%, or one in every six sampled – appeared to be affected by misdial traps, the company said.
To confirm the scam, the security company actually dialed suspected numbers, Matt Anthony, Pindrop’s VP of marketing said.
If a phone number was very similar to a financial institution and the person answering pretended to be affiliated with the institution, then it was considered part of an attack, Anthony said.