Presentation Material
Abstract
Enterprises are vulnerable to “human hacking,” the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk, we will show how to detect both the account takeover calls using acoustical anomalies and the reconnaissance calls leading to it through graph analysis. Using acoustical anomalies, we are able to detect over 80% of these calls with less than a 2% false positive rate. Furthermore, our graph analysis is able to see reconnaissance calls for 46% of these account takeovers 10 days before the actual takeover. These results are on a dataset of over hundreds of million calls. In the process, we will reveal the lifecycle of a phone fraudster as he works through both the call center agent and its technology to extract information about a customer and takeover his or her account.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The conversation revolves around a system that detects fraudulent calls, specifically voice-over-IP (VoIP) services. The false positive rate of this system is around 2%, which is considered high but comparable to other network security systems. The speaker mentions that financial institutions tend to move slowly in implementing new technologies.
A question is raised about the 9-1-1 swatting incident and why organizations aren’t adopting this technology faster. The speaker attributes this to the slow pace of government institutions.
The conversation also touches on the cat-and-mouse game between fraudsters and detection systems, with fraudsters constantly adapting their tactics to evade detection. The speaker’s system uses audio characteristics to detect fraudulent calls, which can be effective but not foolproof.
Another question is asked about the deployment of this technology in banks and other institutions. The speaker responds that it has been around for about two years and is deployed in a few large banks and brokerages in the US, but it’s not yet widely adopted. Other technologies like voice biometrics and network characteristics have existed for longer periods but have varying effectiveness rates.
Overall, the conversation highlights the challenges of detecting fraudulent calls and the need for continued research and development to stay ahead of fraudsters’ tactics.