Year after year, billions of dollars continue to be lost from phishing attacks, as threat actors continue to evolve. Today, the most popular strategy used by threat actors is spoofing. A spoofing attack occurs when a number belonging to an enterprise or individual is used as part of the threat actor’s scheme. It allows them to more successfully impersonate the enterprise, since their calls appear to come from a phone number belonging to the enterprise. These spoofing attacks are extremely effective because of the sophisticated use of social engineering techniques to trick people into believing they were communicating with someone each victim believes to be known and credible.
Spoofing is surprisingly easy to get away with. When a phone call is made, part of putting that call on the phone network includes providing the number that is originating the call. The threat actors simply plug in the number they want to spoof as their caller id. Really, that’s it. Unless the carriers they use have sophisticated checks to make sure that the caller IDs are ones owned by their customers, there’s nothing in the way of the threat actor using whatever caller ID they desire.
Threat actors evolved phishing techniques to leverage every available digital communication channel. With the rise of mobile device, new channels became available to spoof:
There were over 880,000 complaints in 2023 totaling in excess of $12.5 billion, with phishing a part of 34% of all complaints reported.
The Federal Communication Commission has started to combat spoofed robocalls with caller ID authentication and new regulations like STIR/SHAKEN. Carriers have further tried to use programs like branded calling to have authenticated calls look and feel different than other calls. However, even more is required to stay ahead of the threat actors across multiple channels of communication.
A successful anti-spoofing solution requires proactive monitoring of voice and SMS threats as they occur for real-time intelligence and attack detection. Successful remediation of spoofed telephony requires cooperation between carriers, consumers, and interested 3rd parties to assist with the takedown of phone-based vectors for smishing and vishing within hours of detection as well as add preventative controls along vectors in order to escalate as necessary.
One challenge is that basic fraud detection programs are limited to behavioral insights. However, with all the active participation in these programs we’ve seen, the fact remains; the only effective way to qualify the intention of the call, and accurately confirm the person calling is who they say they are, is thru content driven analytics. This approach is basically the same as what networks and email security programs use today, where they leverage the content of messages to be able to determine when fraud is happening.
The Federal Trade Commission also stores reports in a database called Consumer Sentinel Network (Sentinel)which is available to law enforcement. While the FTC doesn’t help with consumer cases, they do assist with the apprehension and prosecution of the perpetrators. In their 2023 Sentinel Databook they reported that losses to call/text are 284% greater than the email channel with average losses of $1,250 per case (over $1.2 billion lost to calls/text in 2023). Providers are most at risk here.
The FCC has been fining carriers $millions and shutting down flagrant violators in their “Spring Cleaning 2024” efforts to combat robocalls and spoofing. Even the FTC has gone on record to say “It’s in businesses’ best interest to consider solutions that will help protect their good name and their loyal customers.”
YouMail Protective Services’ managed detection and response solutions for Imposter Communications are a key tool in the fight against spoofing. These services are supported via a live threat network that collects intelligence across our million+ app subscribers (which represent all North American Mobile Networks), and in the 10s of millions of honeypots active across the US, UK and Australia.
We connect evidence to an integrated system of thousands of communication providers and enforcement agencies for intelligence, disruption, prevention & justice for direct disruptions, voice tracebacks, SMS tracebacks and network block. YouMail PS has a comprehensive program with threat briefings and self-serve dashboards for both intelligence and disruption.
– And Disruption: takedown of threat actors spoofing your number
Contact our sales team today to learn more about how you can get started with this essential service.