Using Phone Intelligence to Fight Social Engineering

Digitalization has made it easy for fraudsters to manipulate individuals to gain access to sensitive data or bank accounts. Today, scamsters execute fraud using far more subtle and effective methods such as social engineering techniques that target humans through multiple social interactions.

Phishing, vishing, smishing, pharming, Business Email Compromise (BEC), and Email Account Compromise (EAC) are commonly used social engineering methods. Here’s how these techniques work:

  • Phishing: Fraudsters pose as executives from reputable firms to send emails to working individuals asking them to reveal personal information such as passwords and credit card numbers.

  • Vishing: These are phishing techniques that use voice calls or messages purporting to be from reputed companies to mislead individuals into sharing personal and financial information.

  • Smishing: Fraudsters send text messages from credible-looking sources to retrieve personal information from unsuspecting individuals. Smishers leverage this technique to retrieve SSNs, credit card numbers, and passwords.

  • Pharming: Swindlers redirect the web traffic of a legitimate website to a fake website for stealing usernames, passwords, financial data, SSNs, or any other personal information.

Business Email Compromise & Email Account Compromise: Fraudsters pose as seemingly genuine institutions/persons and send mails, for example, a CEO making a purchase request. In 2020, 19,369 BEC victims lost $1.8 billion in the US alone.‍

High-profile individuals such as executives, business owners, IT professionals, and government officials are usually the victims of social engineering fraud. Last year, social engineers turned the COVID pandemic to their advantage by exploiting businesses and individuals leveraging viruses, vaccines, and COVID relief themes. As per the FBI Internet Crime (IC3) Report, phishing, vishing, smishing, and pharming incidents registered a 110% growth between 2019 and 2020 in the US.

While educating employees is crucial for preventing social engineering fraud, organizations must also insulate their systems from social engineering hacks. Sending numerous OTPs to a victim’s phone number and phishing/smishing (to steal identity) using fraudulent links are techniques deployed by social engineers to gain access to systems.

Businesses need to implement authentication systems that can protect their customers and employees from this fraud vector. Legacy authentication methods such as OTPs must be replaced by modern methods such as Phone-Centric Identity™ to ensure that the actor is indeed who they claim to be. Multiple verified identity sources and device and phone number-related characteristics can enable companies to measure the trustworthiness of digital interactions.

Instant Link™ leverages secure SMS link messages. The technology uses a combination of active (SMS delivery with user action required) and passive (checking against phone intelligence signals) to authenticate identities in real time when users click the link.‍

‍Trust Score™ thwarts social engineering attacks by analyzing behavioral and Phone-Centric Identity™ signals from authoritative sources at the time of a potential transaction.‍

GaitAuth™ behavioral biometrics passively authenticates a user by analyzing their gait.

This article is a synopsis of a blog published by Prove.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.