Caller ID spoofing

Caller ID spoofing has led to 5 fraud calls every minute to individuals and 9 out of 10 banks impersonated. Pindrop Security, the innovative provider of enterprise phone fraud security solutions, today released its State of Phone Fraud Report for the first three quarters of 2012. During this period, Pindrop Security tracked over 1.6 million phone fraud attacks.

“Trust in the phone is eroding quickly as the frequency of fraud calls increases,” said Dr. Vijay Balasubramaniyan, founder and CEO of Pindrop Security. “Social engineering via the phone is typically targeting the most vulnerable, the elderly, those in financial distress, recent immigrants, anyone who may be pressured into acting hastily. Fraudsters are using caller ID spoofing and damaging institutions, including banks and governments, by impersonating them to fraud victims. The demand for protection from this threat is very high.”

Addressing caller ID spoofing phone fraud attacks will be one of the topics discussed at the Federal Trade Commission (FTC) Robocall Summit, to be held tomorrow, October 18, 2012, in Washington, DC. The Robocall Summit will explore innovations designed to trace robocalls, prevent wrongdoers from faking caller ID data, and stop unwanted calls. Dr. Balasubramaniyan will participate on a panel discussing Caller ID Spoofing and Call Authentication Technology.

The FTC on October 16, 2012 published their latest National Do Not Call Registry Data Book. While Pindrop Security’s report focuses on complaints of fraudulent calls, the new FTC report is specific to telemarketing calls. The report reveals tremendous growth in the number of complaints, increasing from 2,273,516 during FY 2011 to 3,840,572 during FY 2012. There is likely overlap between the complaints in the FTC report and the Pindrop Security data since fraudsters also use automated systems and since they frequently represent themselves as being from familiar institutions including companies and governments.

Pindrop Security’s State of Phone Fraud Report, Q1-Q3 2012 details trends in fraudulent activity in 2012 to date. The findings include:

  • 5 fraud calls every minute: There were over 1.6 million instances of phone fraud, in the U.S from January – September 2012. At this rate, there are almost 5 fraud calls every minute. 
  • Almost every big bank is being spoofed: Calls to consumers purporting to be from a trusted financial institution continued to spread. Nine out of the top 10 Banks and 34 of the top 50 Banks either had their name spoofed in Caller ID data or were impersonated by fraud callers. 
  • VoIP continues to be the primary device type used by fraudsters: 50% of the fraud calls came from Voice over IP phones in 2012 so far. Cell phone use by fraudsters increased significantly from 5% last year to 14%. Google Voice led among VoIP provider networks and Verizon led for cell phone provider networks. The rate of attacks from Verizon cell phones reflects their market share. Google Voice does not publish subscriber numbers.

“The scope and variety of Caller ID Spoofing attacks using the phone channel is remarkable,” said Dr. Paul Judge, Pindrop Security Executive Chairman, “We see evidence of the widespread use of automated systems and large-scale call center type operations by attackers.