The fight against unwanted and illegal robocalls is complex. Protection isn’t solely centered on preventing robocalls attacks as they occur, it’s a sustained effort to defend the integrity of brand reputation among customers. Robocalls peaked to a year-high 4.5 billion calls last month, including 2.6 billion unwanted robocalls and 1.2 billion classified as fraud. Over the internet, branded email attacks represent 25 percent of phishing attempts — 43 percent impersonate Microsoft specifically. Persistent impersonation attacks carried out over all communication channels erode consumer faith in otherwise reputable brands. The FTC received 2.8 million fraud reports from consumers last year resulting in $5.8 billion in consumer losses. The consumer damage levied by fraudsters isn’t the only toll, brand reputation suffers as well. Imagine the brand cache Microsoft possesses to successfully maintain customer confidence in the face of so much fraud. Does your enterprise carry that kind of pull? Most do not.
In this article, we cover:
What tools do enterprises have at their disposal to fend off the escalating damage to brand reputation?
The Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENS (SHAKEN) technology standard uses digital certificates and encryption to secure phone calls. The idea is to eliminate number spoofing with reliable telephone number attestation. However, STIR/SHAKEN doesn’t come without caveats.
For one, the interconnection between rural telecom operators and network remains TDM/SS7. Despite calls originated from rural operators being authenticated by STIR, it will be ineffectual in terms of validation (SHAKEN) as the STIR/SHAKEN token will be lost prior to reaching terminating carrier networks. Recently, five A-attesting voice providers and 25 B-attesting voice providers originated Amazon imposter calls received by consumers. Half of the attested volume originated from just three voice providers.
In other words, STIR/SHAKEN is only capable to a point. Unfortunately, it has a blind spot: call intent. It’s only further muddied by the chasm between the validity of the number owner and the content a leasee actually uses in its call campaign. In other words, in a STIR/SHAKEN world, there is still need for telephone usage behavior monitoring.
STIR/SHAKEN is a form of event-based analytics that relies on network signaling. In event-based analytics, signaling, switching, and handset resources are used to attempt to predict outcomes based on an assessment of the data presented. For example, data may infer that calls from a particular telephone number are indicative of spam or even potential fraud. These predictions as intent, however, can only be proven post-fact.
Content-based analytics, on the other hand, relies on the inspection of actual telephone call content to describe what has occurred. For example, using content-based analytics, the true intent of a voicemail claiming to be from the Social Security Administration can be more accurately determined. Content-based analytics are not misled by signaling data but instead on the objective truth of what has happened.
To tap into content-based analytics, brand monitoring tools such as Brand Monitor from YouMail Protective Services provide surveillance of brand identity over the voice channel. This includes explicit unauthorized brand name mentions as part of vishing (voice phishing) scams as well as implied references to brand relationships. Enterprise customers are notified upon detection of potential trademark infringement and/or inappropriate brand mentions including incidences involving unlawful behavior or ill intent associated with voice calls. Enterprises are informed of the potential impact of the impersonation incidents including call volume of bad actor campaigns.
Reputation Management
Millions of network sensors can be employed to identify brand imposters and capture evidential proof in the form of audio from bad actor robocall campaigns. Reputation management complemented by spoofed phone call detection is a powerful mix. Hijacked telephone numbers and identifying instances can be identified using DID/TFN that are associated with unwanted robocalls.
Reputation management is fraud management designed to mitigate enterprise damages and deter recurrence of brand abuse. Users would be wise to seek out a comprehensive solution that incorporates alerts and reporting, mitigation, and enforcement including support for litigation against bad actors.
If your brand needs help stomping out the constant threat of reputation-damaging impersonation attacks, we can help. Schedule a demo today to see how YouMail Protective Services provides essential surveillance services that protect your brand’s identity over the voice channel.