Call centers are becoming a hacker’s favorite point of entry in infiltrating a company’s database of sensitive client information and protected strategies.
Whether or not your contact center handles financial and banking accounts, it could still be a potential target for cross-channel fraud because of its vulnerability to social engineering techniques.
While there are security programs, that you can adapt in order to protect your company from threats, fraud detection fundamentally starts by identifying the tactics that intruders can use to gain access to your confidential assets. Let’s group the common techniques according to the channel where they usually come from.
Phishing Through Non-Verbal Communication
Phishing is the most common technique of social engineering, occurring when scammers use any type of communication to acquire personal information from you. Usually done through email, scammers would encourage you to download malware that can access your private information.
Phishing comes in different forms:
- Spear phishing: when scammers target a specific individual or organization
- Whaling: when scammers target a high-profile person such as a business executive
- Smishing: when scammers send dubious links via SMS messaging
Phony Phone Calls
You should, therefore, be wary of people requesting remote access to your desktop. Ultimately, don’t entertain anyone from “tech support” if you didn’t request for assistance at all. Common users are not the only targets of the fake support call tactic; small businesses and call centers can also become victims to scammers who ask for money in exchange of “solutions” to nonexistent technical problems like malware infestation.
A more elaborate way of squeezing information from agents is by obtaining publicly available information about customers and using it to ask for password resets, money transfers, and other sensitive transactions.
So, it should be mandatory to make security questions trickier than the usual ones you ask. Better yet, invest in voice biometrics, which can detect unauthorized voice patterns even if the person at the other end of the line aces the checkpoint questions.
Social engineering techniques such as these only press the immense protection that simple security practices can give to the whole company. Wearing IDs, being aware of tailgaters, and not sharing access badges can really go a long way, and more so if everyone follows workstation policies. By cultivating a culture of individual responsibility, fraud detection can become a workable group initiative instead of something shouldered by only a selected few.
If they can’t attack from the outskirts, offenders can personally plant viruses or launch malware payloads right inside your office.
An effective way of doing so is through the “misplaced flash drive” trick—hackers will leave an infected drive near your office, which a curious employee will hopefully pick up and plug into a company computer. Others simply camouflage as an employee and do their deeds even with unsuspecting workers around.
Frequently Visited Sites
Known as “watering hole attacks,” this social engineering technique happens when hackers already know which sites you regularly visit. They could either infect the site with malware that automatically downloads itself while you visit or redirect you to a fake version of the site so they can get your personal information without you noticing it.
One way to prevent watering hole attacks is by having a password manager in your computer. A password manager doesn’t automatically enter your codes upon visiting a site, so it doesn’t matter if the site you are on is real or fake.
While you are browsing the Internet, you might notice a message that pops up on your screen saying your device has been infected with a virus. This kind of message, known as a scareware, implies that you are under an imminent threat. The scammer then expects you to panic and download the “solution” they present to you.
Of course, the link they will provide you is what will actually enable the malware to enter your device. By the time you click the link, it’s already too late.
Make data security a priority for your business to keep your customers safe. Contact Open Access BPO for secure call center services and back office solutions trusted by global brands.