Call Center Fraud: How to Prevent Social Engineering
The concept of call center fraud – such as social engineering that typically targets call centers—is nothing new. What has changed is the ever-more sophisticated techniques that are used to fool people in order to gain valuable information from them.
Social engineering is considered one of the most dangerous cyber threats around, and for good reason: contrary to computer hacking, which targets mass information, social engineering targets individuals.
The reason for this is simple: it’s much easier to fool people into revealing confidential data than try and hack their computer and steal that same information.
It’s true that everyone learns best through their mistakes, but when your business is at stake, I think we can all agree that it’s better to play it safe.
We already talked about in a previous article what you need to do in order to prevent cybercriminals to break into your systems.
So, in this article, we’ll focus on the human factor and highlight how you can prepare your employees for a possible social engineering attack. I trust you won’t want to miss out on this one!
Why call centers? Being the bullseye in the target
Before we dig in, let’s quickly look at what “social engineering” means. Social engineering is the act of manipulating people into divulging confidential information with the aim of using it to carry out fraud. Amongst other things, social engineering can involve phishing, elicitation, intimidation and pre-text scenarios.
And when you consider that professional social engineers prefer targets that offer a low risk of being discovered, and have the potential for high payoffs, it quickly becomes clear why the call center industry is one of their main focuses.
The first and foremost reason why cybercriminals target call centers is the enormous amount of data call centers process and store. This customer data can include personal information, such as account details, as well as highly confidential information, including passwords and credit card information.
Secondly, let’s face it: it’s much easier to fool people than computers. Considering that today’s up-to-date technology solutions are based on highly secure systems, it’s no coincidence that cybercriminals started to target people rather than try and hack those same systems.
As already mentioned, social engineers target individuals, and often refer to sob stories, such as a divorce or the death of a spouse, to manipulate agents into providing account information. The results of 200 social engineering test calls carried out by TraceSecurity shows that 25% of calls led to a Total Comprise, meaning that testers managed to gather enough information to access accounts by taking advantage of call center employee’s empathy.
Turnover levels in the call center industry, as I’m sure you will be aware, are still extremely high, and in most call centers agents literally come and go. As a result, sensitive and confidential information can easily end up being handled by untrained staff. Of course, that’s a great opportunity for social engineers, as it is much easier to convince untrained staff to provide cybercriminals with valuable information.
Due to the above-mentioned factors, the chance of social engineers being caught in the act when targeting call centers is comparatively low. And thus there is simply no reason why you should think they are going to stop targeting call centers anytime soon.
So, how can you prevent social engineering affecting your call center?
Mitigating the risks of exposure to call center fraud such as social engineering needs to be a top priority for any forward-thinking call center.
We cannot emphasize enough the importance of comprehensive technology that provides 100% security for your systems. An advanced encryption system, for instance, can encrypt and decrypt data without employees having access to your valuable information.
But while investing in the latest technology solutions is a prerequisite for any business, unfortunately on its own it’s not enough.
In fact, security starts with your employees. You can have all the latest security technology in the world, but if your agents are not well-educated about different forms of cyberattacks, chances are that the consequences will be disastrous.
Therefore, make sure to provide your agents with frequent security awareness training sessions. During such training sessions, the main goal should be to help agents learn how they can recognize and react to different forms of social engineering. (Also, don’t forget that GDPR also came into effect on 25th May, so educating your staff about data privacy and security is now more important than ever.)
Once you have proper technology and well-educated staff in place to help you maintain security at your call center, it’s time to test your procedures. Social engineering tests in particular allow your business to review how easy it potentially could be to gain information from your call center agents.
And as cybercriminals continue to evolve their methods regarding call center fraud, if you want to keep your data safe, repetition is the key to success.
Security risk assessments, security awareness training sessions and social engineering tests need to be both frequent and up-to-date.
Call center fraud, such as social engineering, poses a huge threat to all kinds of businesses, and call centers, who accumulate an astonishing amount of data, are definitely no exception. So make sure you really try and follow our tips, as they will help ensure your call center employees don’t fall victim to social engineering attacks.
Articles and entries on vcc.live/blog do not constitute legal advice. Should you have any legal questions, please contact your lawyer or legal advisor. VCC Live® will not take any responsibility or liability for any damages, disadvantages or losses that may arise from the results of any interpretation of the contents of the blog.