Monday April 22, 2024

Combating Vishing: An Analysis of Voice Call Impersonation and Emerging Defenses

Our modern world is digitizing rapidly. The escalation of scams, particularly voice call impersonation or “vishing,” is a growing concern for all stakeholders. This article explores vishing scams and evaluates the shortfalls and successes of current anti-fraud strategies.


The State of Vishing

Vishing is a challenging threat; fraudsters skillfully pose as trusted entities to extract sensitive and valuable data from their victims. Such deceptive techniques risk personal security and have the potential to cause extensive financial damage to companies and individuals.

Vishing’s alarming upward trend is evidenced by the staggering $1.2 billion it took from victims in 2023. With an annual increase of 30% in vishing incidents, 68.4 million Americans lost money to this phone fraud type in 2023, up 23% from 2022.


Fraudsters’ Game Plan

Don’t underestimate them; phone scam fraudsters are intelligent operators. They exploit telecom networks using ever-updated, sophisticated impersonation tactics, and they don’t discriminate. In 2023, 20% of vishing victims were aged 60 and above.

Vishing strategies often involve mimicking legitimate phone numbers of family, friends, work colleagues, or respected institutions. In 2023, 10% of scam call attacks employed spoofed CLIs, where Caller IDs are manipulated to further deceive victims.

Vishing calls often incorporate hybrid techniques, meaning they use mixed communication methods, including email and text, to produce increasingly successful, layered attacks. The rate at which hybrid vishing attacks occur surged by 554% in 2023, with 77% of all attacks ending successfully for scammers.

Vishing calls often aim to manipulate victims into offering sensitive information, frequently preying on the human instinct to trust and respect the people we communicate with. The damaging result is that victims may find it hard to trust legitimate companies and institutions in future communication.


Database Limitations

Fraudsters often use allocated and assigned numbers that don’t appear as suspicious in number databases. AB Handshake’s research indicates that a significant 75% of voice fraud activities utilize numbers perceived as trustworthy, overwhelming the identification and prevention strategies of most security infrastructure.

Such masking of fraudulent activities in legitimate channels makes it impossible for traditional databases to detect and prevent vishing attacks. This problem is often worsened by vishing’s international nature, where traceability and accountability mechanisms are further limited.


Artificial Intelligence Technology

AI anti-fraud technology can offer a positive, loss-reducing solution. Systems powered by AI can usually examine telephone traffic patterns via several parameters in real time, offering a more likely scenario where all signs of fraud are detected and prevented.

AI-based techniques successfully identify and prevent mass vishing attacks that target the general population. However, AI is less effective in preventing more specialized attacks, such as whaling, where high-value individuals are identified in a less formulated and more targeted manner.


Real-Time Call-Validation

The isolated nature of solely AI-based solutions and outdated, threshold-based rules and databases is ineffective when compared to real-time call validation. At its core, the method involves two-way communication.

When an incoming call is received, the telecom service provider queries the brand owner regarding the number status in real time. If the call is deemed to be authentic, it proceeds.

If it’s flagged as fraudulent, it’s either blocked or marked. This simple yet effective process prevents calls from harming unsuspecting victims.

Real-time call validation guarantees strengthened security for operators, with zero false positives and 100% fraud prevention. Additionally, cross-validation between the originating and terminating operators increases customer trust and satisfaction.


Call-Validation: ITU CxO Insights

The ITU CxO committee met in December 2023 to discuss the technology industry’s most important topics. Unsurprisingly, voice fraud made it onto the list. The CxO highlighted the inadequacies of common threshold-based rules and other isolated methods in preventing voice fraud.

The committee called on the industry to rapidly explore call-validation technology as a global solution.

The ITU’s endorsement of real-time call validation technology is one that we are glad to hear and align with. If we are to stop voice fraud’s upward trend and protect businesses and consumers from further damage, the need for advanced, connected, and consistent solutions is crucial.


Securing Our Digital Future

Voice fraud statistics are easy to find, partly due to their shock factor and increasingly large percentages. When you read statistics such as “3 out of 4 businesses lost money to voice scams in 2023” and “an average cost exceeding $14 million per year for each business,” alarm bells start ringing.

Vishing damages the entire telecommunications network and all of its users. If, as an industry, we are to take its prevention seriously, a multilayered approach is required. The integration of advanced technological solutions, alongside a collective commitment to vigilance and adaptation, remains our best defense.

A collaborative, two-way approach to voice fraud prevention, such as end-to-end call validation, enables future-proof telecom security. We remain committed to safeguarding individual privacy and the integrity of our digital ecosystem.

If you would like to learn more details, please read AB Handshake’s Ultimate vishing guide or get in touch with us.

Disclaimer: The views and opinions expressed in this article/press release are those of the authors and do not necessarily reflect the approved policy or position of the GSMA or its subsidiaries.

Contact the GSMA

Please get in touch if you need more information or have any queries about anything you see on our website.

Contact us