BlackHat资料us-14-Balasubramaniyan-Lifecycle-Of-A-Phone-Fraudster-WP.pdfVIP

Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Account Reconnaissance to Takeover using Graph Analysis and Acoustical Anomalies Abstract Enterprises are vulnerable to human hacking the effective social engineering of employees, contractors and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk we will show how to detect both the account takeover calls using acoustical anomalies and the reconnaissance calls leading to it through graph analysis. Using acoustical anomalies we are able to detect over 80% of these calls with less than a 2% false positive rate. Furthermore our graph analysis is able to see reconnaissance calls for 46% of these account takeovers 10 days before the actual takeover. These results are on a dataset of over hundreds of million calls. In the process we will reveal the lifecycle of a phone fraudster as he works through both the call center agent and its technology to extract information about a customer and takeover his or her account. Introduction Calling any enterprise typically involves first dealing with an interactive voice response (IVR) system which is self service and can be used for basic or low risk transactions (eg. account balance check) followed by dealing with an agent for more complicated or higher risk transactions (eg. wire transfer). In taking over an account over the phone we find that fraudsters both social engineer the call center agents and exploit the information revealed at the IVR. Detecting social engineering using acoustical anomalies The phone device making a telephone call and the network path that a call takes leave behind tell tale audio artifacts that reveal the device and the path. An