Enterprises are vulnerable to “human hacking,” the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk, we will show how to detect both the account takeover calls using acoustical anomalies and the reconnaissance calls leading to it through graph analysis. Using acoustical anomalies, we are able to detect over 80% of these calls with less than a 2% false positive rate. Furthermore, our graph analysis is able to see reconnaissance calls for 46% of these account takeovers 10 days before the actual takeover. These results are on a dataset of over hundreds of million calls. In the process, we will reveal the lifecycle of a phone fraudster as he works through both the call center agent and its technology to extract information about a customer and takeover his or her account.