Social Engineering and Fraud in the Contact Centre

Amiram Pinto of NICE explains the different way that contact centre agents may be influenced by ‘fraudsters’.

I like playing a fraudster. Every time I call one of my service providers, I play a little game of persuading the agent to skip parts of the authentication process just for fun. I am always surprised how easy it is to psychologically manipulate an agent. And I’m not a fraudster.

You might think that all fraudsters are professional hackers with exceptional technical skills. But in fact, most of the fraud in contact centres is perpetrated by fraudsters who master the social skills rather than the technical ones. It is the human interaction with the contact centre agent that creates opportunities for these fraudsters.

What is Social Engineering and How Does It Work?

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Because it works so well it is being used in over 65% of all attacks in the phone channel.

To protect from social engineering, it’s important to understand what you’re up against. There are a few typical tactics used by fraudsters to manipulate contact centre agents into skipping parts of the authentication process or to give out personal details.

Psychology

Psychology plays a strong role in social engineering. Fraudsters rely on the power of human vulnerability to complete their scam, and often rely on fear to manipulate.

If a fraudster can combine an agent’s desire to help while introducing fear, they are more likely to have that agent act against procedures built to keep fraudsters away.

If a fraudster can impart a sense of authority over an agent, such as saying, “I could have you fired” and “don’t you know who I am?” the agent will likely instinctual react to pain or danger avoidance and try to resolve the issue quickly without further complications.

Distraction

One of the most common tactics includes the use of diversions or distractions in the background of the calls, in order to confuse or distract the contact centre agent.

For example, a fraudster might play the sound of a crying baby in the background of the call. this is an effective distraction, as a baby’s cry might subconsciously create sympathy.

The louder the baby cries, the faster agents are willing to resolve the call for the “overwhelmed” fraudster calling.

Empathy

Fraudsters are very successful playing off the human capacity for empathy to get contact centre agents to empathise with their fake predicaments.

A made-up family issue, such as “my husband is very sick, and I need to transfer money from his account to cover the medical bills” will usually get the agent to put themselves in the caller’s shoes and help the scam succeed.

Trust

Fraudsters are experts in creating a false feeling of trust with the contact centre agents. The fraudster will mask the phone number he’s calling from to appear as the number of his target and use a calm and pleasant demeanour that puts the agent at ease.

Agents are used to dealing with upset caller, so politeness and sympathy to the agent, such as “yes ‘mam…I wouldn’t want to take up much of your time…. it’s my fault I keep forgetting my password….” , might cause the agent to drop his guards.

Vishing

Vishing is the phone variation of phishing, with a similar goal: to obtain valuable information that could be used for account takeover.

By exploiting the agents’ willingness to help, the fraudster can obtain personal information of the target, such as email address and phone number.

For example: the fraudster will pretend to be a customer who clicked the “forgot my password” option in the website but did not receive the reset password email.

“I am not sure which email address you have on file for me. Is it the Yahoo one?… no? then which one is it?.”

Frustration

Another key social engineering tactic is the use of mumbling. When confronted by contact centre agents with knowledge-based authentication questions (KBA), such as mother’s maiden name or first pet’s name, the fraudster will mumble his way through the answer over and over.

The goal is to frustrate the agent to the point that they will simply proceed with helping the customer, giving them access to the account.

Understanding some of the tactic fraudsters use for social engineering is only a part of the efforts to stop them. It is also important to understand how they attack. Fraudster use various call flows to exploit contact centre agents.

This blog post has been re-published by kind permission of NICE – View the Original Article

For more information about NICE - visit the NICE Website

Call Centre Helper is not responsible for the content of these guest blog posts. The opinions expressed in this article are those of the author, and do not necessarily reflect those of Call Centre Helper.