Today, hackers and fraudsters are working to take over customer accounts by any means possible. As more people turn to their smartphones and other mobile devices to conduct business, such as opening an account and making purchases, fraudsters are finding ways to intercept information and use it for their own gain.
Account takeovers via porting, ANI spoofing, and device cloning now top the list of mobile fraud tactics, according to IDology’s 2015 Fraud Report launched last week. These methods are becoming increasingly popular with fraudsters as ways of accessing accounts before customers and businesses even know what happened.
This year’s fraud report analyzes the prevalence of these mobile tactics and examines how organizations can employ multi-layered identity verification and fraud prevention techniques to thwart the attackers targeting you and your customers.
Phone Number Porting
One of the main areas of concern for financial organizations is porting, which happens when a criminal takes possession of a customer’s phone number and ties it to their own device. Fraudsters are able to use stolen information or other data they find online to trick phone companies into porting a number onto a new or different mobile phone.
Fraudsters then access accounts by requesting a new password from an organization. Instead of the legitimate customer receiving a call or text with a temporary password, the information goes directly to the fraudster’s phone. In our fraud report this year, 20 percent of respondents reported porting as one of the most prevalent fraud techniques.
ANI Caller ID Spoofing
Similar to email phishing scams, ANI spoofing seeks to trick customers and call centers into divulging account information. This type of attack happens when fraudsters conceal their Caller ID information or make it appear as if it is from a legitimate source. In our fraud report, we found this as the most prevalent form of mobile fraud, with 23 percent of respondents ranking ANI spoofing as a top threat.
Fraudsters are able to collect account information from call centers and sell it on the Dark Web, or use it to access accounts, products or services on their own. When calling into a call center, fraudsters conceal their identity and pretend to be from the victim’s phone number in order to bypass verification.
New technology related to cell signal boosting and wireless networks is making it possible for hackers to clone a device without ever having to come in contact with it. According to PCMag, security loopholes in some smartphones make it possible for hackers to set up signals that allow them to “eavesdrop and record all voice calls, intercept incoming SMS and MMS messages,” and more. Device cloning was the third-highest threat to mobile security in IDology’s survey, receiving 19 percent of responses.
While mobile fraud techniques continue to advance, enhanced verification and fraud prevention techniques are critical in order to enable you to stay ahead of fraud while also improving the overall user experience. Contact us today to find out more.