Sign up to our newsletter
A few weeks ago my colleague Stephen Cobb (knowing my interest in research related to fraud and scams, including phone scams) drew my attention to a section in the *Consumer Sentinel Network Data Book for January-December 2014 that pointed to a rise in the percentage of fraud complaints about phone scam calls over the period 2012 to 2014. The data concerning ‘Fraud Complaints by Company’s Method of Contacting Consumers’ indicate that the percentage of phone scam complaints rose from 34% in 2012 to 54% in 2014, whereas the percentage of complaints about scam emails dropped from 37% in 2012 to 23% in 2014.
Interestingly, complaints about scams initiated via ‘Internet – Web Sites\Others’ rose from 12% to 15% in 2013 and dropped again to 11% in 2014. Maybe three years isn’t long enough to draw too many conclusions, and in any case the percentage of people who actually report the initial method of contact has dropped over the same period from 55% to 46%. However, one possibility is that the decline in email-related complaints represent at least two factors:
The spike and subsequent drop in web-related fraud reports is harder to explain, so I won’t even try. :) But it does seem that phone fraud is getting more attention, and if the higher volume of reports really does reflect a rise in activity – and I have no reason to believe that it doesn’t – maybe that’s because it’s often harder to ascertain the legitimacy of a caller’s phone number (if available at all) than it is the legitimacy of an email. Admittedly, interpreting email headers isn’t always easy, but at least they’re there. Tracing the real source of a phone scam call is something most potential victims are not resourced for, however. And even tech support scams, part-based on trying to get remote access to the victims’ PC, don’t always offer easy attribution to the scammer’s point of origin.
Still, in view of these figures, it doesn’t come as a surprise that a report by Pindrop Security – *The State of Phone Fraud 2014-2015: a Global, Cross-Industry Threat – indicates that ‘more than 86.2 million calls per month in the US are phone scams’. The focus of the report is actually far wider than the direct attacks on individual consumers that the Consumer Sentinel Network data are drawn from, stating that ‘Across financial and retail institutions, 1 in every 2,200 calls is fraud, an increase of more than 30 percent since 2013’ and considering attacks on banks, brokerages, card issuers and retailers. In fact, there isn’t such a clear line between consumer attacks and attackers on these organizations, since stolen credit cards and credit card numbers are very common accessories to an attack on a provider. However – to take an example cited by Pindrop – chargeback fraud takes place when a scammer places an order with a stolen credit card. While the card owner should normally receive a refund from the card issuer if the loss of the card has been reported and the fraudulent charge disputed, the retailer or e-retailer may already have despatched goods for which it will receive no payment.
However, consumer scams are by no means ignored. Pindrop reckons that the top 25 consumer-oriented scams between them account for more than 36 million scams per month in the US, out of a total of 86.2 million. Frequent readers of this blog will probably not be surprised to hear that eight million of these calls are estimated to be tech support scams, while payday loans are close behind at nearly seven million. Among the other top-listed scams are IRS scams, auto insurance scams, home security system scams, and student loan scams. While IRS scam calls are well behind tech support scams at around a million a month, that figure does represent a significant increase in highly profitable scam calls over the last two years, including a particularly effective scam where the callers impersonate IRS agents over the phone and threaten arrest for tax evasion if payment isn’t made immediately.
Pindrop observes that ‘phone fraud rates are essentially the same in all major economically developed countries, especially the U.S. and U.K.’ I won’t try to summarize the whole paper, but it does make some interesting points about the impact of technology in terms of spoofing and VoIP, and the growing use of cell phones.
However, it’s worth noting that there isn’t necessarily an exact correlation between types of scam reported in the US and here in the UK. For instance, various types of UK-targeted Payment Protection Insurance (PPI) scam like these and these may share some characteristics with scams seen in the US, but don’t – as far as I know – have a precise equivalent. Similarly, some UK student loan scams may be significantly different to those commonly reported in the US. And though I still get the occasional tech support scam call here in the UK, the volume of such calls seems to have declined dramatically in recent years.
*Interesting though these reports are, there are some caveats to bear in mind as regards the accuracy of the data:
David “Call me anytime” Harley
ESET Senior Research Fellow
Author David Harley, ESET