Scam calls hitting global businesses – how do we steer clear?

It’s no secret that over the past couple of years, email threats targeting enterprises have really exploded as bad actors rode the wave of stay-at-home orders, and the exposed nature of work devices then. But how does email phishing stack up against the classic enterprise shakedown — scam calls?

Well when it comes to email ‘social engineering campaigns, the most basic and easily-recognizable attempts follow a scenario where an individual, usually from somewhere distant enough not be in person, has come into money, and needs someone (you) to help manage it for a chunk. While these kinds of scams are easy to spot for most people — they’re usually poorly written and are far too good to be true– as data payloads continue to get richer, cyber attackers are getting smarter in their approaches.

Con artists are scraping LinkedIn to disguise themselves as company CEOs or finance chiefs and identifying individual targets within organizations based on freely available information. They are leveraging individuals’ anxiety and distractedness around current events, like the coronavirus; Google said it was blocking more than 100 million phishing emails a day at the height of the pandemic, with almost a fifth being scam emails related to the virus.

Meanwhile in the US, three in five Americans have lost money due to automated scam calls, with 4.1 billion of those occurring in August 2021 alone. These happen at an absurd average rate of 130.9 million calls a day, according to phone number identification app Truecaller — again with SMSs and calls related to COVID-19 often being the main threat factor behind it. Enterprises find themselves affected as most of these scam calls often imitate their products and services. Big tech companies like Microsoft, Apple, and AWS often end up having call scammers imitating their services to get their victims — and they’re getting increasingly sophisticated.

In the UK, a new study from award-winning IT support and security company Custard Technical Services found that the most common type of scam detected was the crypto scam, amounting to 72% of the crimes recorded. This involves a scammer pressuring the individuals into transferring money via cryptocurrency, often threatening to leak material that doesn’t actually exist.

With scam calls proving to be as hardy and as risky a business threat as scam emails, TechHQ spoke exclusively with Hitesh Raj Bhagat, Global Head of Corporate Communications at Truecaller, about the impact spam and scam calls are having across business communications in 2022 — and what organizations can do to better insulate themselves from call scams and spam in a murky security environment.

1. Could you walk us through how incidents of spam calls have ballooned in the past year?

Spam calls are always increasing. Despite several efforts from carriers, telecom regulators, mobile operating system developers, smartphone makers, and a global pandemic — spam calls continued to pester and scam people around the globe the past year.

According to Truecaller’s research and findings, Indonesia experienced a doubling of spam call volumes in 2021. The data showed that total spam calls in the country were nearly 12.6 million in January but increased to more than 25 million in October 2021. On average, Indonesians receive 14 spam calls per user per month, according to our anonymous internal analytics.

In the US, the spam problem may not have the same kind of volume, but it still results in huge losses. In our dedicated US Spam and Scam report, survey questions posed to a wide demographic found that 59.49M Americans (23%) reported having lost money as a result of phone scams in the past 12 months – this is up from 56 million (22%) in 2020. Average reported loss was US$502 and when extrapolated to the adult population, the money lost to scam calls in the US, over the past 12 months equates to an estimated $29.8 billion USD. Americans receive 4.8 spam calls per user per month and if we multiply that by the total number of smartphone users, it equates to a staggering 1.4 billion scam calls per month that Americans must deal with.

Looking at other trends on a global level, Truecaller identified 184.5 billion calls and 586 billion messages. Truecaller’s mission is to enable safe and effective communication and helps avoid fraud and unwanted spam or scam calls.

2. Which country and region globally have recorded the most significant growth in such calls, and what are the pain points that have encouraged this boom?

Brazil is the country affected the most by spam calls and it has retained this position for four years in a row, according to our annual insights reports. However, we have noticed that scammers in Indonesia have an unusually scientific and precise way of setting sights on their targets, often digging out the complete background and financial history of their target along the way. In Indonesia, about 50% of all incoming calls that Truecaller users received were from numbers not saved in their phone books.

In terms of other categories of spam calls in Indonesia, a majority 80% of all spam calls are from financial services while sales calls make up 19%. Another important statistic for Indonesia is that it is one of the two countries in this list (the other being Vietnam) that has more than doubled spam call volume from Jan to Oct 2021. January saw a total spam call volume of 12,580,275 (nearly 12.6 million) and that went up to 25,789,283 (25.8 million) total spam calls in October. On average, Indonesians received 14 spam calls per user per month.

3. What cybersecurity protection practices should consumers be aware of, to minimize fraud and scams across business comms?

Frauds and scams are a growing concern in online and offline businesses, and one needs to be aware of the common types of threats (malware, viruses, phishing, and so on). The first step in improving your cybersecurity is understanding your risk of an attack, and where you can make the biggest improvements.

For the business itself, a cybersecurity risk assessment can help identify where systems are vulnerable. A proper risk assessment should include user training, guidance on securing email platforms, and advice on protecting the business’s information assets.

5 key steps for a business:

• Have a strong security team in place
• Ensure high standards of data security
• Utilize latest and most advanced security protocols
• Consistent monitoring for threats
• Taking swift and decisive action when needed

5. How can features like Truecaller Business’ ’Call Reason’ help verify caller and company identities, and how can this help insulate businesses from call scams and spam?

A piece of the puzzle is Truecaller Enterprise – this is a verification service for businesses. Large businesses can contact Truecaller to verify their identity on Truecaller. This locks in their correct business name and logo so that users can’t change it, gives them a green caller ID, a verified badge and a ‘Verified by Truecaller’ logo. While we charge businesses for this advantage, it is not a whitelisting service. This means if users mark a number as spam, the total number of spam reports will still show up, even for a verified business number. For users, it is an anti-fraud measure. So, if a user gets a call from their bank with a green caller ID, they can be assured it is actually a bank representative calling them.

And finally, we recently added Call Reason for verified business customers too. This too, is an advantage for both businesses and consumers. For example, if you order food delivery, the delivery service might call you from your front door and the reason (food delivery) could be displayed for users. In this way, the user knows the reason for the call from the business, even without answering the phone.