Call center fraud occurs when criminals exploit customer service channels to gain unauthorized access to financial accounts or sensitive data. Using techniques that include social engineering, caller ID spoofing, and/or stolen personally identifying information, the fraudsters put on a convincing act and manipulate call center agents into bypassing the security protocols that protect customer accounts. This type of fraud typically targets human vulnerabilities and agents' desire to help, rather than a financial institution's technical defenses.
Use case/ examples for call center fraud
Account takeovers: Spoofing caller ID and providing stolen personal data to convince call center reps to reset online banking passwords, including the use of harvested data to answer knowledge-based authentication (KBA) questions.
SIM swap fraud: Leveraging social engineering tactics to persuade call center agents to issue a new SIM card or authorize an eSIM for a new device, so that fraudsters have control of a target's phone number and can obtain two-factor authentication codes sent to that number.