Lifecycle of a Phone Fraudster: Exposing Fraud Activity From Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies

by Vijay Balasubramaniyan, Raj Bandyopadhyay, Telvis Calhoun
Sept. 21, 2017 0 comments www.blackhat.com belen_caty Pen Testing & Audits attacking attackers hacking

Enterprises are vulnerable to "human hacking," the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk, we will show how to detect both the account takeover calls using acoustical anomalies and the reconnaissance calls leading to it through graph analysis. Using acoustical anomalies, we are able to detect over 80% of these calls with less than a 2% false positive rate. Furthermore, our graph analysis is able to see reconnaissance calls for 46% of these account takeovers 10 days before the actual takeover. These results are on a dataset of over hundreds of million calls.

https://www.blackhat.com/us-14/archives.html#lifecycle-of-a-phone-fraudster-exposing-fraud-activi...