Phones Called the Weakest Link in Government Information Security

(Photo: Shutterstock)

(Photo: Shutterstock)

Though cybersecurity is the current buzzword on the Hill, government agencies should also be worried about the security of their phone systems, according to Eric Forseter, vice president of Federal and public sector at Pindrop.

“What we’ve seen in the government is massive fraud, especially in state and local and agencies that deal with money,” Forseter said. He said that of the three main avenues of attack–in person, through cyber, and on the phone–fraudulent calls through phone lines are the weakest point.

“Most bad guys aren’t going to walk in the front door,” he said. “The phone channel is the weakest area.”

Forseter explained that fraudsters commonly phone into agency call centers and pretend to be someone else in search of financial or personal information. Agencies like the IRS and Social Security Administration are particularly at risk.

“I know there are fraud rings out there that are calling up and saying they’re the IRS,” he said. “Those people are also probably calling into the IRS.” This creates a cycle in which one side ends up providing the information needed to scam the other side. And humans are the weakest point in this cycle.

“Most call center agents are very helpful,” said Forseter. “The fraudsters figured that out.”

Many agencies and private companies use a system of security questions to verify the identity of a caller, however, Forseter explained that since fraudsters trade for that information through scams or on the black market, those questions cannot always be trusted.

“Even the best-trained agent can be fooled because they’re human,” Forseter said, adding that fraudsters can modulate their voice and bounce the call enough to really seem like the person they’re calling as. Forseter said that many agents think, “ ‘Well I can just block a number,’ ” but since fraudsters can spoof the number of the person they’re pretending to be, agencies may end up blocking the number of the real citizen.

Forseter said that one way to identify whether a person calling is really who they say they are is to listen to the background noise of a call.

“Each carrier has what’s called a ‘comfort tone,’ ” he said, explaining that this noise has 147 different attributes that can identify where a person is calling from, what carrier they use, and other means of verifying the identity of the caller.

Pindrop analyzes these attributes to score how likely it is that the person calling is who they say they are. This score then informs the actions of the call center agent going forward.

“I think a lot of people are not aware that this tech exists,” said Forseter. “I think a lot of government agencies are aware that this is a problem, but they don’t know that there’s a solution.”

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
No Comments

    Leave a Reply


    Popular

    Recent