Brand imposters that attempt to defraud consumers over the telephone can do unmeasurable damage to an enterprise. These bad actors impersonate an enterprise agent in order to steal the customer’s identity, access their account, make fraudulent purchases and many more types of attacks. Their campaigns sully the enterprise’s reputation and consume significant expense in remediation and prevention.
In this article, we explore robocall-based brand impersonation:
Enterprise brands are vulnerable to impersonators who initiate voice phishing (vishing) attacks.
Computers — aka “robocalls” — dial thousands or millions of numbers. The bad actors are often able to spoof — change the Caller ID to look like the brand they are impersonating — an outbound phone number. A recorded message and/or a live operator then claim they are from the brand, with some sort of scam, hence the term “robocall-based brand impersonation.”
Scams might include “your electricity will be turned off tonight if you don’t pay” or “your package needs payment of Customs Fees if you are to retrieve it,” or “Your identity has been stolen, we need more info.” Recently, the most nefarious scams use AI to make a call sound almost exactly like one of your relatives — although it could just as easily sound like a celebrity or other known brand. These are incredibly convincing, as the public simply isn’t accustomed to scam calls that sound like voices that we know.
The bad actors then use the trust that the brand has spent years earning, to trick you into trusting them. Victimized customers often no longer trust the brand, and complain loudly on social media and elsewhere, multiplying the damages. What’s more, these attacks often occur on a massive scale as fraudsters use modern, low-cost robocalling tools.
When robocall-based brand impersonation fraud occurs, enterprises consume significant expenses to respond to complaints and to stop the bad actors. Identifying fraud sources, compiling evidence and filing legal procedures takes considerable time and effort. All the while, customers are falling victim, which diverts customer service teams from their primary responsibilities.
Six industries make up more than 65% of the industries targeted by robocall-based brand impersonation: Financial Services, SaaS/Webmail, Social Media, Logistics/Shipping E-Commerce/Retail, and Payments.
Explicit Versus Implicit Brand Mentions
Sometimes your brand is explicitly mentioned — as in “This is (company name), and your bank account has been compromised.”
Other times in robocall-based brand impersonation, it’s an implicit brand mention — such as “This is your bank, and your account has been compromised.”
Explicit brand mentions can often be caught quickly via today’s best robocall mitigation services. The top robocall mitigation services offer brand impersonation monitoring, and have troves of voice data to analyze and listen for mentions of your specific brand.
However, implicit brand mentions are often trickier to handle. They may have a more broad potential reach — the scammer doesn’t need to know where you back — but at the same time, they often have a less successful result, as it’s harder to trick someone into giving their data.
Implicit brand mention in a robocall-based brand impersonation attack are also often harder to later fight with legal or law enforcement action, as you cannot prove as easily that your brand was mentioned.
So what solutions to modern brands have for robocall-based brand impersonation attacks?
Solutions to Brand Impersonation Attacks
Let’s look at one potential solution: YouMailPS (through its Brand Impersonation Defender and Brand Monitor services) provide surveillance of brand identity over the voice channel in various manners. This includes explicit unauthorized brand name mentions as part of voice phishing scams as well as implied references to brand relationships.
This service uses the YouMail Sensor Network, with over 13 million users answering calls, to provide voice data for AI-powered audio analytics and fingerprinting. The Sensor Network actively listens for fraud among billions of calls from real users.
The YouMailPS AI algorithms analyze audio content to accurately identify imposter calls, then creates unique digital fingerprints that are matched with the telephone numbers used by bad actors.
So, unlike conventional honeypots that rely upon audio to text transcription, YouMail uses these fingerprints to efficiently and effectively identify subsequent attacks that are part of the same imposter calling campaign — even if the brand name is not explicitly mentioned in future calls.
These fingerprints often follow bad actors wherever they go – across spoofed telephone numbers and multiple originating service providers. YouMail’s adaptive algorithms are effective regardless of attack duration, frequency, and other tactics. When fraud is initially detected, YouMail autonomously identifies bad actor campaigns and all associated source phone numbers, enabling immediate and decisive action.
This methodology can identify new attack vectors within the first 1 to 100 calls, notifying brands almost immediately that there is an ongoing attack that specifically mentions their brand.
It also allows brands to access media recordings and metadata from identified fraud calls. This information can be used as evidence in legal procedures and complaints.
The YouMailPS solution for robocall-based brand impersonation provides a dashboard that continuously monitors fraud activity and measures the scope and intent of each unique brand impersonation campaign. It maintains full, nationwide risk visibility and enables fast, effective management strategies. The dashboard is based on the YouMail Threat Database, the same data source relied on by the U.S. Government, telecommunications industry authorities and leading consumer brands to monitor and manage consumer robocall risk.
This also gives users an overview of their industry and common attacks, which can further help reduce the threat of implicit mentions of a brand.
Solutions for robocall-based brand impersonation can free up resources across legal, CISO, contact center and other departments.
Curious as to breakdowns of how many robocalls happened last month, to whom, and where? Or even the 100 Top Volume Robocallers? Check out the Robocall Index.
Or learn more about solutions for robocall-based brand impersonation in a no obligation call on how to protect your brand from Brand Impersonation attacks here >