State of Voice Network Security

2022 Call Security Report

SecureLogix collects call threat and fraud data across a study group of 200 operational customer voice networks. The following annualized data was recorded from January, 2020 to December, 2021.

116 Million THREATENING CALLS BLOCKED

SecureLogix blocked in excess of 116 Million total threatening calls in 2021 across a 200+ customer study group. Up from 30 Million in 2020.

476 K ATTACKS & SUSPICIOUS CALLS STOPPED PER CUSTOMER

SecureLogix stopped an average of more than 476,000 attacks and suspicious, harassing, and potentially fraudulent calls per customer in 2021 up from 250,000 in 2020.

90.4 % INCREASE IN ATTACKS & SUSPICIOUS CALLS PER CUSTOMER

We saw an increase of 90.4% in the number of attacks and suspicious, harassing, and potentially fraudulent calls stopped per customer in 2021 vs. 2020.

5 % OF ALL INBOUND CALLS WERE THREATENING

An average of 5% all inbound call traffic across all customer networks was threatening, fraudulent, or harassing.

31 % Of Blocked Calls Were Fraud, Scams, or Social Engineering

An average of 31% of all threatening calls and attacks observed in 2021 were either fraud, scams or social engineering attacks.

23 % OF TOTAL BLOCKED CALLS WERE TOLL FREE TRAFFIC PUMPING

Toll free traffic pumping (a.k.a. call pumping or toll fraud) made up 23% of total blocked calls across all customer networks in 2021.

2022 Call Security Insights & Trends

At the beginning of 2022, with the world still battling the COVID pandemic, and the global economy still recovering from a year of financial uncertainty, the state of voice network security remains urgent.

In the past year, we've seen a continued increase in attacks, scam, fraud, and abuse involving enterprise voice networks, financial and emergency call centers, and government and civic operations centers.

While there are some reasons to be hopeful, including the STIR / SHAKEN evolution and rollout, and an increasingly aggressive FCC stance on robocall enforcement, neither of these initiatives have been able thus-far to slow down or stop the proliferation and quantity of robocall and spoofing enabled attacks. Indeed, at SecureLogix, we have seen hackers continue to grow more aggressive in their attacks and more sophisticated in their methods.

Below is a summary of some of the key trends to watch in 2022:

The PSTN Continues to Get More Hostile

The public switched telephone network, (PSTN) that interconnects various customers and businesses through their mobile devices, business phones and contact centers continues to get more hostile. Our enterprise and government voice security customers received more robocalls, spam, fraud and abuse on average in 2021 than any year in our 20+ years of data.

Robocalls Are Cheap and Safe (for hackers and fraudsters)

In 2022 it is increasingly easy to cheaply, anonymously, and safely deliver millions or even billions of robocalls calls intended to try and harvest information and find weak spots for attack. For that reason robocalls continue to rise (both legal and illegal forms) even in the face of more aggressive FCC enforcement. Robocall-enabled attacks, and scams continue to rise and will do so for the foreseeable future.

Caller ID Spoofing Continues to Rise

Despite increased focus from the FCC, and legislators, and a host of state and local laws passed attempting to diminish the trend, it continues to be very easy for hackers and abusers to spoof phone numbers. In 2022 when a voice network or contact center receives a call, they can’t trust the information on the caller ID and they can’t trust the person who is calling in. And that’s one reason why fraud and various other types of attacks and threats continue to rise.

TDoS is a Continued Threat to Healthcare, Emergency Services, and Other Sectors

Telephony Denial of Service (TDoS) is a flood of inbound calls that can saturate some element of a contact center or enterprise voice network, preventing legitimate calls from getting through.

In February 2021, the FBI released a security announcement warning of potential TDoS attacks. In it, FBI investigators noted that there is a high probability that Telephony Denial of Service (TDoS) attacks are going to flood emergency 911 centers with the intention of taking them offline. TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service.

Vishing-Based Account Takeover Attacks Target Enterprise Business

Vishing means ‘voice phishing,’ an attack in which threat actors use phone calls instead of emails. Their goal: to try to trick the person on the other end into allowing access to their accounts. Vishers may try to convince enterprise employees to visit a website designed to steal their credentials thus giving attackers all they need to move deeper into the victim’s network.

On Jan 14, 2021, the FBI warned that cyber criminals are using Voice over Internet Protocol (VoIP) platforms to launch vishing attacks against enterprise employees worldwide. In one example hackers located an employee through a company’s chatroom, the FBI said. Then, they used a fake VPN login page to steal their credentials. The attackers authenticated themselves as the employee. Using this false persona, they found another employee who could implement username and e-mail changes. Next, they used a chatroom messaging service to steal that person’s details, too.

In November 2021 the popular online stock-trading app Robinhood fell victim to a cleverly executed Vishing attack in November 2021 when a Robinhood rep unwittingly handed over keys to the personal information of about 7 million customers in what's now believed to be the biggest retail brokerage cyber-breaches of all time.

Toll-Free Traffic Pumping Continues

Toll Free Traffic Pumping, also know as "access stimulation" or "call pumping", is a sophisticated form of toll call fraud in which 1-800 numbers are flooded with bogus calls. Those calls generate revenue for the fraudster who has created a fake telephone company and is now billing your toll call provider for carrier fees for a portion of each call.

In the last year we've seen a rise in requests from customers looking for relief from Toll-Free Traffic Pumping, and the reason is that an increase in overall phone traffic during the pandemic has also led to a situation where toll-fraud is harder to detect and potentially more lucrative for the bad actors.

Contact Centers Using KBA Are Increasingly Being Targeted and Attacked

One of the biggest disadvantages to KBA (knowledge-based-authentication) is that often times the fraudsters know the personal information of their victim better than the victim does themself. The data that powers KBA is bought and sold on the dark web where hackers harvest it. There’s also additional ways of getting this information through social engineering or in many cases, simply scraping social media.

It is important to note that KBA takes time even when it goes well. In the best case scenario, if a contact center has a customer answer three questions and the customer answers quickly and correctly, the process still takes 30 seconds. If it’s not done perfectly and it takes more time, then that component of the transaction is even larger. So, if the overall contact center call length is three minutes and you’ve wasted 30 seconds or a minute on KBA. That’s very, very expensive for the contact center. It’s also annoying for the customer.

The need for fast, affordable, and quality call authentication is growing.

With robocall and caller ID-spoofing technology and tools enabling larger, more frequent, and more sophisticated attacks, the time to implement automated authentication on your voice network and call centers is now. We predict that KBA will finally begin a more robust decline in 2021 and be phased out in favor of better automated authentication solutions, ones that can leverage and extend the protections promised by STIR / SHAKEN and at a more affordable and scalable model than supported by voice biometrics and related solutions.