Another Anglicism in the world of cybersecurity. However, it is important to know the word Spoofing well, as this scam which aims to steal your money has been spreading in recent months.
First of all, know that this word is synonymous with identity theft. And the modus operandi of the crooks is well established. Several new cases have been reported to the French authorities, where the victims describe a scam that they had difficulty identifying at first glance.
In fact, spoofing implies that a person recovers information about your private life but also discovers a way to reach your “wallet” online to help yourself, with transfers that can sometimes reach several thousand euros.
A very believable storyline
Recently, complaints noted in particular by our colleagues from the daily newspaper Les Dernieres Nouvelles d’Alsace have demonstrated, if it were still necessary to underline it, the very fertile imagination shown by cybercriminals. In a logic of spoofing, the latter have developed a technique to pretend to be your bank which intends to recover bank identifiers for a maintenance operation or a pretext for an investigation.
If you should never provide this information over the phone, the scammers managed to “put their victims to sleep” thanks to a very believable scenario. “On the other end of the line, a man introduces himself as an inspector from the fraud prevention department of your banking institution. It tells you that you are the victim of an attack, gives you your home address to give you confidence. Very often, the scammer already has information on his target, ”explains the head of the administrative investigation and fraud group of the Bas-Rhin departmental security at DNA. Above all, the scammer is able to call by displaying your bank’s number and sending an email with a header and its logo.
And if the spoofing explodes, it is mainly because the telephone channel is still very vulnerable. “The DSP2 regulations, which notably establish stricter security standards for online payments, in essence only secure the internet channel”, explains to CNEWS Dominique Ango, general manager of the southern Europe region of the company Pindrop, an expert in the authentication, fraud detection, and real-time security of voice interactions.
60% of fraud happens over the phone
In fact, “DSP2 creates new opportunities for fraudsters to target call centers because it does not secure the telephone channel. Organizations need to build their real-time authentication and anti-fraud capabilities to prepare for this. Additionally, scammers love the phone channel because of the sense of anonymity it provides and there are readily available spoofing apps that can spoof the caller’s identity. With these apps, you don’t know if it’s really your bank on the other end of the line, and the agent handling the call can no longer assume it’s you, just because caller id shows your phone number. The simplicity of the process and the lack of security of the telephone channel are the two main factors behind the recent increase in this type of scam likely to affect all types of companies and individuals,” explains Dominique Ango.
The latter also recalls that at present, 60% of all fraud necessarily passes, at some point, through the telephone channel.