Fraud and scams and in particular, scams perpetrated via SMS, are problems on a worldwide scale, with customers in almost every country in the world being caught out by the actions of cybercriminals.
The Philippines is no exception. The numbers are startling: 85% of people received a scam message in the last year via SMS, and 44% saw scammers attempt to defraud them via messaging apps.
These messages might be the attack vectors of choice for bad actors targeting the Philippines, but they’re only the starting point for scams that can be very sophisticated – and in many cases, very successful.
An invisible threat?
At the simplest level, the messages might just prompt the user to click a link to download a document or an anti-virus package; these invariably contain malware such as Remote Access Trojans (RATs) that can give a fraudster the access that they need to the victim’s device in order to steal credentials or clean out their accounts. Even mobile devices are at risk – there has been a marked rise in mobile RATs, or mRATs.
Often however, the message will be the precursor to a social engineering attack, where the scammer builds a relationship with their victim, culminating in convincing them to make a funds transfer themselves. They may masquerade as a trusted operative from the bank, or even the police, telling the legitimate customer that their account has been compromised, and that they need to transfer their funds to a new account.
Armed with an intimate knowledge of the user journeys of the customers’ banks, these fraudsters can appear very convincing indeed. And by the time the customer has realized what’s happened, it’s too late.
The challenges for banks
Preventing these scams is no easy task. Because the customer has been coerced into actioning a seemingly legitimate transfer, it’s difficult for the bank to identify that a fraud has taken place – if anything, it’s more likely to appear that it’s the victim who is trying to initiate a first-party fraud.
It’s a situation made more difficult by the fact that many banks and financial institutions are still reliant on legacy systems and infrastructures, subsequently finding themselves behind the curve in terms of the digital transformation necessary to put the solutions in place that can stop the fraudsters dead in their tracks.
As a result, there is frequently a reliance on passwords and usernames for authentication, a form of security that bad actors have few problems with bypassing. Even when additional authentication factors are used, the method of choice is usually SMS OTPs – which can be bypassed by SIM swap attacks or by the social engineering approaches outlined above.
Callsign – balancing UX, fraud prevention and compliance
Fortunately, there are organizations who are taking the initiative in helping businesses evolve and in doing so, protect their customers. Callsign’s industry-leading solution is already used by some of the biggest banks and organizations in the world.
Callsign has partnered with Infocentric solutions Inc. – an organization with extensive experience of helping businesses move into the digital space – to enable businesses to take advantage of our advanced digital authentication, fraud prevention and intelligence technologies.
The only solution that considers both security and user experience, Callsign’s sophisticated technology gives businesses the ability to let their customers get on with digital life with the minimum of friction but the maximum of safety.
That safety comes from layering device intelligence with Muscle Memory Technology – Callsign’s best-in-class behavioral biometrics. Callsign passively analyses thousands of data signals ranging from location and hardware addresses to how a person types, swipes or even holds their device.
Even if a fraudster attempts to use social engineering techniques to scam a would-be victim – a strategy that’s at the heart of the majority of SMS and message scams – Callsign’s Detect, Intervene, Protect approach can stage a dynamic intervention in real time, presenting the customer with a tailored warning that scammers can’t anticipate, or talk their way around.
A partnership for security – and success
Callsign and Infocentric are aligned on the all-important mission of stemming the tide of scams and fraud in the Philippines. As a key player on the global stage, it’s imperative that the Philippines is able to defend itself against the malicious activities of the bad actors who prey on businesses and their customers.
Equally, it’s important that the solutions adopted by organizations align with the compliance requirements of the Central Bank of the Philippines, and this partnership will bring both technical expertise and a deep understanding of the regulatory requirements of the region to the table.