Call centers are becoming a hacker’s favorite point of entry in infiltrating a company’s database of sensitive client information and protected strategies. Whether or not your contact center handles financial and banking accounts, it could still be a potential target for cross-channel fraud because of its vulnerability to social engineering techniques.
While there are security programs, that you can adapt in order to protect your company from threats, fraud detection fundamentally starts by identifying the tactics that intruders can use to gain access to your confidential assets. Let’s group the common techniques according to the channel where they usually come from.
Dubious emails with “legit” attachments
People with a strong intent on intruding your properties would of course compose their phishing emails in a way that would make them appear legitimate. Poorly written messages would make readers doubt the content, especially if they are supposed to come from outside affiliates or internal departments. So scammers are smartening up by sending emails that come attached with legitimate-looking files or personal information (which phishers can now easily take from social media) to entice readers to click on an accompanying link.
This is why your email provider should have a clean track record for security and trusty filter or verification systems. All agents, especially those under email support accounts, must be reminded to only open messages from verified addresses and never give out client information to unauthorized persons.
Phony phone calls
Common users are not the only targets of the fake support call tactic; small businesses and call centers can also become victims to scammers who ask for money in exchange of “solutions” to nonexistent technical problems like malware infestation. You should therefore be wary of people requesting remote access to your desktop. Ultimately, don’t entertain anyone from “tech support” if you didn’t request for assistance at all.
A more elaborate way of squeezing information from agents is by obtaining publicly available information about customers and using it to ask for password resets, money transfers, and other sensitive transactions. So, it should be mandatory to make security questions trickier than the usual ones you ask. Better yet, invest in voice biometrics, which can detect unauthorized voice patterns even if the person at the other end of the line aces the checkpoint questions.
If they can’t attack from the outskirts, offenders can personally plant viruses or launch malware payloads right inside your office. An effective way of doing so is through the “misplaced flash drive” trick—hackers will leave an infected drive near your office, which a curious employee will hopefully pick up and plug into a company computer. Others simply camouflage as an employee and do their deeds even with unsuspecting workers around.
Social engineering techniques such as these only press the immense protection that simple security practices can give to the whole company. Wearing IDs, being aware of tailgaters, and not sharing access badges can really go a long way, and more so if everyone follows workstation policies. By cultivating a culture of individual responsibility, fraud detection can become a workable group initiative instead of something shouldered by only a selected few.