The call centre has processes, the latest technology and maybe even a clear desk policy. Sound normal enough?
" Scammers are known to be patient and monitor an individual or business’s activity to determine the best time to strike.”While this could be any call centre, it isn’t. It’s the emerging face of scams.
As banks have continued to invest in hardening their defences, so too have fraudsters changed their focus to target businesses and individuals directly, recognising it is easier to extract money directly rather than trying to bypass banking controls. Similar to how a petty criminal will break into the house with unlocked windows or no dog or CCTV.
Scam call centres are unfortunately real and whilst they are not trying to sell you the Brooklyn Bridge, their schemes range in complexity and take measures to ensure they are believable.
Adaptable and changing
According to the latest ACCC Annual Scam report, in 2018, almost half a billion dollars ($A489 million) were lost in over 378,000 scams reported to the ACCC, the Australian Cybercrime Online Reporting Network (ACORN) and other state and territory government agencies.
“These losses represent an increase of 44 per cent over the $A340 million reported in 2017 and demonstrate that the impact of scams on the Australian public is worsening,” the report said.
Scammers target everyone, are sophisticated and well-funded. The scammers have predefined scripts and approaches to convincingly trick people and businesses into parting with their money.
They are highly adaptable and regularly change their approach to optimise their success.
Scammers are also known to be patient and monitor an individual or business’s activity to determine the best time to strike, gathering personal information, monitoring emails, payment patterns, expected future large expenditure; watching social media activity to identity times you will be overseas or travelling making it harder to stop and report transactions.
This emphasises it should go without saying people should be vigilant of calls, emails and texts they are not expecting and should never release personal information, account details, passwords or provide remote access to computers or smartphones to anyone.
Businesses meanwhile need to ensure they have appropriate controls in place to detect changes in payment details and ensure segregation of duties cannot by bypassed. A common scam occurs when a business is tricked into paying into the wrong account - often after an official looking email notifying a change of payee account details.
No one is immune
Around one-third of the loss experienced by ANZ customers relates to businesses. Typically, the volumes for business are lower but the value of the losses higher - the average loss experienced by ANZ’s business customers was 10-20 times greater than individual scam victims.
Business email compromise (BEC) events can impact all businesses - from retail customers all the way through to the institutional customer base - meaning no one is immune.
The importance of appropriate business controls can’t be underestimated. In the majority of cases, the controls in place at the organisation are not sufficient to detect the scam or are easily circumvented to enable to scam to occur.