Blog, news & updates

Could your customer service/support team be a security weak point?

Could your customer service/support team be a security weak point?

As technology advances, it continues to create incredible apps and services that make our lives so much easier, take mobile banking from your mobile phone for example, how did we ever live without it?!

However, on the flip-side, fraudsters are adapting to new technology by finding the vulnerabilities in them and unfortunately, exploiting thousands of innocent people.

Sadly, customer service and support teams can be the most vulnerable part of a company’s fraud-prevention program. And one of the main reasons for this is the difficulty in defending yourself against “vishing” or voice phishing.

What is “vishing”?

Wikipedia defines vishing to be “the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers”.

The attacks are designed to generate fear and immediate response and therefore occur within short time frames.

The danger of voice phishing

With lots of consumers becoming savvier to existing fraudulent scams like email phishing and fake websites, fraudsters have already developed more sophisticated scams, and they are becoming increasingly common.

Vishing may not be as common as email phishing, however, it can be a lot more costly! In fact, Forbes report that businesses targeted in vishing attacks lost an average of $43,000 (£33,400) per account! Additionally, individuals targeted through these attacks lost $4,200 (£3,250) on average.

Types of vishing

A few common types of vishing that you may have already encountered are:

  • Suspicious activity regarding your bank account
  • Overdue or unpaid taxes to tax agencies
  • Prize or contest winnings (such as a holiday or newly-released pricey products)
  • Fake IT support calling to remotely access your PC to fix an issue

An example of vishing

In April 2018, 18-year old Kane Gamble was told he was to serve 2 years in a youth detention centre for his cyber attacks on US officials.

Gamble obtained "extremely sensitive" documents on military and intelligence operations in Iraq and Afghanistan, the court was told.

He was able to gain access to this information by impersonating his victims and by conning call centres into sharing confidential information.

Read more about the court trial here.

iHASCO's wonderful Support Team!

4 ways your company can make customer service more secure

Explain why security matters - Your team may not commit to security until they have a better understanding on why it matters. It’s good to share stories of security hacks to help them visualise the risks.

Publish a security policy - Give your support team an official document that they point clients to, so they’re less likely to be coerced into a mistake.

Use technology - You could apply technical solutions rather than relying on human decision making wherever possible, to reduce the opportunity for errors.

Reframe the conversation with your customers - Offer your support team the correct language and phrases they need to use to explain security issues with customers in a firm but friendly way.

Preparing your teams for fraud attempts

Being an organisation that thrives on our quality customer support team, we appreciate the value these team members can add to the company. As they make our job so much easier, we want to simplify theirs!

That’s one of the reasons why we developed our Fraud Prevention Training course! However, it’s not just support staff that need to be aware of fraudulent behaviour. It’s a skill everyone in the workplace should know

If consumers have money to spend, there will be criminals working hard to steal it. It doesn’t matter what type of organisation you work for, it could be subject to a fraudulent attack.