{"id":11150,"date":"2017-08-23T12:28:27","date_gmt":"2017-08-23T06:58:27","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/?p=11150"},"modified":"2017-09-24T20:09:40","modified_gmt":"2017-09-24T14:39:40","slug":"synthetic-voice-phone-fraud","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/synthetic-voice-phone-fraud\/11150\/","title":{"rendered":"Technologically advanced phone scams"},"content":{"rendered":"<p>Readers of this blog will already be familiar with <a href=\"https:\/\/blog.kaspersky.com\/indian-techsupport-scam\/\" target=\"_blank\" rel=\"noopener nofollow\">phone scams<\/a> \u2014 you\u2019ve probably even received a shady call or two. But you don\u2019t accept offers from strangers or give up personal info when speaking to them, so you\u2019ll be fine, right?<\/p>\n<p>It turns out that the answer is no, not really. Not long ago, the Federal Communications Commission (FCC) <a href=\"https:\/\/transition.fcc.gov\/Daily_Releases\/Daily_Business\/2017\/db0327\/DOC-344083A1.pdf\" target=\"_blank\" rel=\"noopener nofollow\">issued a warning about an unusual phone scam<\/a>. Fraudsters call their victims up and ask a seemingly innocent question: \u201cCan you hear me?\u201d The answer \u201cYes\u201d is all they need. Replaying a recorded affirmative response lets them subscribe their victims to paid services, which will be included in the victims\u2019 phone bill.<a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/08\/21071733\/hitech-phone-fraud-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/08\/21071733\/hitech-phone-fraud-featured-1024x673.jpg\" alt=\"\" width=\"1024\" height=\"673\" class=\"aligncenter size-large wp-image-18033\"><\/a><\/p>\n<p>The type of scam where additional services are included in the bill of a subscriber without his or her consent (for example, daily messages with horoscopes or news) is called <em>cramming<\/em>.<\/p>\n<p>Consider several alarming points about this type of scam. How is it that cramming is even possible? Why can\u2019t law enforcement officials do something about it? Is it really possible to use a voice recording to subscribe someone to additional services?<\/p>\n<p>Technically, cramming is possible because phone companies allow the inclusion of third-party services in subscribers\u2019 bills.<\/p>\n<p>The ruse itself is not that new: 800Notes.com, a website that lists suspicious telephone numbers, informed people about it as far back as 2008. Back then, the trick was used <a href=\"http:\/\/800notes.com\/arts\/16-ways-you-can-be-phone-scammed\" target=\"_blank\" rel=\"noopener nofollow\">for imposing services on organizations<\/a>. According to those who have taken the bait, the audio recordings were edited in such a way as to make it seem that victims agreed to adding paid services.<\/p>\n<p>Authorities are trying to combat cramming; thus, in 2015, the FCC <a href=\"https:\/\/www.fcc.gov\/document\/verizon-sprint-pay-158m-settle-illegal-billing-investigations-0\" target=\"_blank\" rel=\"noopener nofollow\">obliged<\/a> telecom giants Verizon and Sprint to pay $158 million to settle the claims of customers who\u2019d had services foisted on them. Still, fraud techniques like cramming may instead grow with the development of modern technologies.<\/p>\n<h2>Voice banking<\/h2>\n<p>With growing popularity of voice authentication, in the very near future something similar to cramming may become a problem in the banking sector. For example, one of the largest banks in the United Kingdom, Barclays, introduced voice authentication for all of its private customers in 2016.<\/p>\n<p>Global finance corporation HSBC also <a href=\"https:\/\/www.hsbc.co.uk\/1\/2\/voice-id\" target=\"_blank\" rel=\"noopener nofollow\">lets its clients<\/a> take advantage of voice authentication instead of using a password. Clients have to call up the bank, authenticate themselves using a code word, and say aloud, \u201cMy voice is my password.\u201d<\/p>\n<p>HBSC claims the system is protected against attempts to bypass it with voice recordings of customers. Purportedly, the Voice Biometrics technology creates a voiceprint that recognizes physical and behavioral nuances of one\u2019s speech.<\/p>\n<p>Besides, phone scammers will have to find a way to get a bank client to say the entire secret phrase. It hardly seems possible; however, they can attempt to get the client talking and tease out the words they need one by one over several phone calls.<\/p>\n<p>Whenever someone invents a way to trick people, someone else will look for a way to avoid being tricked. For example, <a href=\"https:\/\/www.pindrop.com\/call-center-anti-fraud-solutions\/\" target=\"_blank\" rel=\"noopener nofollow\">Pindrop created technology<\/a> that takes a variety of factors \u2014 including location \u2014 into account when evaluating the authenticity of a remote person. A call from the wrong side of the planet will alert the system, for example. Banks use this type of technology for antifraud purposes as well.<\/p>\n<p>Another sign \u2014 although not a sure sign \u2014 is the chosen communication channel. According to Pindrop\u2019s statistics, scammers use VoIP in 53% of cases, whereas for genuine clients the proportion is quite different, with only 7% using VoIP to contact their banks. For that reason the system automatically notes VoIP calls.<\/p>\n<p>Naturally, fraudsters take countermeasures \u2014 for example, by simulating a low-quality connection, which theoretically makes it harder for the system to identify the caller. Evidently, phone scammers will expand their arsenals with new and powerful tools soon.<\/p>\n<h3>Say nothing<\/h3>\n<p><a href=\"https:\/\/blogs.adobe.com\/conversations\/2016\/11\/lets-get-experimental-behind-the-adobe-max-sneaks.html\" target=\"_blank\" rel=\"noopener nofollow\">Project VoCo, outright called \u201cPhotoshop-for-voice,\u201d was demonstrated<\/a> at the Adobe MAX conference in 2016.<\/p>\n<p>After analyzing a speech fragment, the system generates a sample of that person\u2019s voice, including spoken words that were not in the source recording. The invention, <a href=\"http:\/\/www.bbc.com\/news\/technology-37899902\" target=\"_blank\" rel=\"noopener nofollow\">according to BBC reports<\/a>, has caused concern among information security experts. VoCo, just like its graphical ancestor, may become a tool for compromising people, or a method for bypassing speech-authentication systems.<\/p>\n<p>Adobe\u2019s not the only one. Google <a href=\"https:\/\/deepmind.com\/blog\/wavenet-generative-model-raw-audio\/\" target=\"_blank\" rel=\"noopener nofollow\">announced<\/a> its own project for realistic speech synthesis in 2016, and a Canada-based start-up called Lyrebird announced its technology for speech generation in April 2017. A 1-minute speech recording is sufficient for training the system to say random phrases with the voice of a person who has been recorded (you can listen to a synthesized discussion between American politicians <a href=\"https:\/\/lyrebird.ai\/demo\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>). Even the developers have admitted that the capability to synthesize speech is potentially dangerous, especially for players in the political arena.<\/p>\n<p>Lyrebird\u2019s founders have settled their technology\u2019s ethical problem with the following statement: \u201cWe hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible.\u201d<\/p>\n<h3>How to deal with all of this<\/h3>\n<ol>\n<li>The specifics of the attack in which a victim is coaxed into saying just one word (\u201cyes\u201d) calls for a radical solution. The FCC recommends not answering calls from unknown numbers at all. If someone really wants to contact you, he or she will leave a message.<\/li>\n<li>Do not reveal personal data at all.<\/li>\n<li>Always check all invoices and bills for unexpected items.<\/li>\n<li>An individual method that offers some protection against some phone spam is listing your contact information on the national registry of numbers that telemarketers have to exclude from their lists. Of course, that\u2019s an option only for countries that have such registries \u2014 <a href=\"https:\/\/www.donotcall.gov\/\" target=\"_blank\" rel=\"noopener nofollow\">the United States, for example<\/a>. In the European Union it\u2019s a bit trickier: there\u2019s no All-European registry, although there are national do-not-call lists.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Modern technology actually helps phone scammers \u2014 what you need to know to stay safe.<\/p>\n","protected":false},"author":2049,"featured_media":11151,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2196],"tags":[389,80,22,204,701,2152,2153,321,1286],"class_list":{"0":"post-11150","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-adobe","10":"tag-fraud","11":"tag-google","12":"tag-phone","13":"tag-scam","14":"tag-speech-recognition","15":"tag-speech-synthesis","16":"tag-technology","17":"tag-voice"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/synthetic-voice-phone-fraud\/11150\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/synthetic-voice-phone-fraud\/12499\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/synthetic-voice-phone-fraud\/11678\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/synthetic-voice-phone-fraud\/11188\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/synthetic-voice-phone-fraud\/14144\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/synthetic-voice-phone-fraud\/14141\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/synthetic-voice-phone-fraud\/18521\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/synthetic-voice-phone-fraud\/18034\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/synthetic-voice-phone-fraud\/9405\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/synthetic-voice-phone-fraud\/9605\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/synthetic-voice-phone-fraud\/7274\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/synthetic-voice-phone-fraud\/14519\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/synthetic-voice-phone-fraud\/8362\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/synthetic-voice-phone-fraud\/17686\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/synthetic-voice-phone-fraud\/17757\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/synthetic-voice-phone-fraud\/17732\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/technology\/","name":"Technology"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/11150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/2049"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=11150"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/11150\/revisions"}],"predecessor-version":[{"id":11152,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/11150\/revisions\/11152"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/11151"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=11150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=11150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=11150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}