State of Voice Network Security
The SecureLogix annual report of statistics and trends in enterprise voice network and contact center security
2020 Voice Security Statistics
SecureLogix collects call threat and fraud data across a study group of 200 operational customer voice networks. The following annualized data was recorded from September, 2019 to September, 2020.
30 Million Threatening Calls Blocked Per Year
SecureLogix is blocking in excess of 30 Million total threatening calls per year across a 200-customer study group
250,000 Attacks Stopped Per Customer Per year
SecureLogix is stopping an average of more than 250,000 attacks per customer per year
50,000 Fraud-related Attacks Prevented Per Customer Per Year
SecureLogix is preventing an average of more than 50,000 fraud-related attacks per customer per year
5% Of All Inbound Call Traffic is Threatening
An average of 5% of all inbound call traffic across all customer networks was threatening / fraudulent / harassing
34% Of Blocked Calls are Fraud, Scams Or Social Engineering Attacks
Fraud / Scam / Social Engineering attacks represented 34% of total blocked calls
25% Of Total Blocked Calls are Call Pumping or Toll Fraud
Call pumping and toll fraud attacks represented 25% of total blocked calls
70% Of Inbound Calls Blocked During TDoS Attack
Have blocked as much as 70% of inbound calls during acute TDoS / call flood attacks
Call Security Insights & Trends
In 2021, with the world still recovering from the COVID pandemic, and the global economy still recovering from a year of financial uncertainty, the state of voice network security remains dire.
In the past year, we've seen a continued increase in attacks, scam, fraud, and abuse involving enterprise voice networks and call centers.
While there are some reasons to be hopeful, including the STIR / SHAKEN evolution and rollout, and an increasingly aggressive FCC stance on robocall enforcement, neither of these initiatives have been able thus-far to slow down or stop the proliferation and quantity of robocall and spoofing enabled attacks. Indeed, at SecureLogix, we have seen hackers continue to grow more aggressive in their attacks and more sophisticated in their methods.
Below is a summary of some of the key trends to watch in 2021.
The PSTN Continues to Get More Hostile
The public switched telephone network, (PSTN) that interconnects various customers and businesses through their mobile devices, business phones and contact centers continues to get more hostile. Our enterprise and government voice security customers received more robocalls, spam, fraud and abuse on average in 2021 than any year in our 20+ years of data.
Robocalls Are Cheap and Safe (for hackers and fraudsters)
In 2021 it is very easy to cheaply, anonymously, and safely deliver millions or even billions of robocalls calls intended to try and harvest information and find weak spots for attack. For that reason robocalls continue to rise (both legal and illegal forms) even in the face of more aggressive FCC enforcement. Robocall-enabled attacks, and scams continue to rise and will do so for the foreseeable future.
Caller ID Spoofing Continues to Rise
It also continues to be very easy for hackers and abusers to spoof phone numbers. In 2021 when a voice network or contact center receives a call, they can’t trust the information on the caller ID and they can’t trust the person who is calling in. And that’s one reason why fraud and various other types of attacks and threats continue to rise.
TDoS is a Continued Threat to Healthcare, Emergency Services, and Other Sectors
Telephony Denial of Service (TDoS) is a flood of inbound calls that can saturate some element of a contact center or enterprise voice network, preventing legitimate calls from getting through.
In February 2021, the FBI released a security announcement warning of potential TDoS attacks. In it, FBI investigators noted that there is a high probability that Telephony Denial of Service (TDoS) attacks are going to flood emergency 991 centers with the intention of taking them offline. TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service.
Vishing-Based Account Takeover Attacks Target Enterprise Business
Vishing means ‘voice phishing,’ an attack in which threat actors use phone calls instead of emails. Their goal: to try to trick the person on the other end into allowing access to their accounts. Vishers may try to convince enterprise employees to visit a website designed to steal their credentials thus giving attackers all they need to move deeper into the victim’s network.
On Jan 14, 2021, the FBI warned that cyber criminals are using Voice over Internet Protocol (VoIP) platforms to launch vishing attacks against enterprise employees worldwide. In one example hackers located an employee through a company’s chatroom, the FBI said. Then, they used a fake VPN login page to steal their credentials. The attackers authenticated themselves as the employee. Using this false persona, they found another employee who could implement username and e-mail changes. Next, they used a chatroom messaging service to steal that person’s details, too.
Call-Pumping and Toll-Free Traffic Fraud Continues
Toll Free Traffic Pumping, also know as "access stimulation" or "call pumping", is a sophisticated form of Toll Call Fraud in which 1-800 numbers are flooded with bogus calls. Those calls generate revenue for the fraudster who has created a fake telephone company and is now billing your toll call provider for carrier fees for a portion of each call.
In the last year we've seen a rise in requests from customers looking for relief from Toll Fraud, and the reason is that an increase in overall phone traffic during the pandemic has also led to a situation where toll-fraud is harder to detect and potentially more lucrative for the bad actors.
Contact Centers Using KBA Are Increasingly Being Targeted and Attacked
One of the biggest disadvantages to KBA (knowledge-based-authentication) is that often times the fraudsters know the personal information of their victim better than the victim does themself. The data that powers KBA is bought and sold on the dark web where hackers harvest it. There’s also additional ways of getting this information through social engineering or in many cases, simply scraping social media.
It is important to note that KBA takes time even when it goes well. In the best case scenario, if a contact center has a customer answer three questions and the customer answers quickly and correctly, the process still takes 30 seconds. If it’s not done perfectly and it takes more time, then that component of the transaction is even larger. So, if the overall contact center call length is three minutes and you’ve wasted 30 seconds or a minute on KBA. That’s very, very expensive for the contact center. It’s also annoying for the customer.
The need for fast, affordable, and quality call authentication is growing.
With robocall and caller ID-spoofing technology and tools enabling larger, more frequent, and more sophisticated attacks, the time to implement automated authentication on your voice network and call centers is now. We predict that KBA will finally begin a more robust decline in 2021 and be phased out in favor of better automated authentication solutions, ones that can leverage and extend the protections promised by STIR / SHAKEN and at a more affordable and scalable model than supported by voice biometrics and related solutions.
Get Help with Voice Security
Speak with one of our experts today, to learn how our voice security and call authentication solutions can help your organization stay protected.Speak with an Expert