Your Wake-Up Call: What Your Calls Being “Recorded For Quality, Training And Verification Purposes” Really Means For Your Safety

2169

“This call will be recorded for quality, training and verification purposes.”

We hear this phrase, or variants of it, nearly every day. When we call a bank, an airline or in nearly any type of customer support situation. You may not even really hear it anymore. It’s now part of every recorded script: “Push 1 for customer service, push 2 for…” Most likely, you don’t think of hanging up because the call is being recorded. You probably never consider for what type of quality, training or verification purpose is your call – and hundreds of thousands like it – being used for, do you? It’s not widely known, but if the business being called has anything to do with money or where it might be defrauded by a caller, that recording is really for verification purposes. How do they do this? Let me explain.

There are only a handful of companies that dominate the call center world. Pindrop and TrustID are a couple of examples. These call centers rely on their own proprietary or third-party software to verify the authenticity of callers. This works just like caller ID but with the additional data layer of whether the number you called the support line from actually belongs to you or is registered at your physical location. Plus, the call centers maintain a blacklist of phone numbers where fraudulent activity is known to originate from, which then enables the call center to terminate a nuisance/fraudulent callers before it even reaches customer support.

Also, many of these companies will use recordings and voice biometrics to match a voice with a known fraudulent caller. This is not science fiction! Once call centers started tracking phone numbers, the fraudsters started to use throw-away phones or move locations in an attempt to get around the blacklist of bad phone numbers. With voice biometrics, if a bad actor manages to perform a fraudulent transaction then their voice recording – recorded for verification purposes – is now cataloged. Next time that bad actor calls in – they won’t get very far.

Okay, here’s the scary part. Now fraudsters will call you, entice you to speak and then record your voice And they use the recording of your voice to call a call center to either defraud you or use your innocent voice to defraud another person’s account. For example, earlier this year, Virginia police warned residents of a new phone scam in which scam artists are calling people while masquerading as a business and asking “Can you hear me?” – a seemingly innocuous question, but for those who answer “yes,” then recording that response and using it to authorize and justify fraudulent charges.

Imagine that — fraudsters are creating databases of “innocent” voices. It’s chilling. So what can you do to protect yourself against this latest scam?

  • Use caller ID religiously – Think before you answer a call. Before you answer your phone make sure you know who’s on the other end. If you don’t recognize the caller ID or the caller shows as “unknown” then send them to voice mail. You can immediately check the voicemail – if they leave one – and call back legitimate callers. It’s reflexive to want to answer a call but it’s time to think before you answer.
  • Hang up – If the caller is asking you questions like “Are you the homeowner?” and you have no reason to believe a call is valid then just hang up. Any legitimate caller will call you back and you can send them to voicemail to hear their pitch and then decide what to do.
  • Don’t hesitate to use two-factor authentication to protect your online accounts. This helps to prevent fraudsters from even initiating a transaction on your behalf. If they can’t initiate a transaction then they have nothing to work with.
  • Be sure you are using strong passwords and not re-using passwords. It’s easier to use the same password across all your web sites. Don’t do it! For any of your sensitive accounts – like your bank or stock account(s) – be sure that you are using a different password and a strong password (e.g., 8+ characters with a mix of letters and numbers). Change it frequently.

It’s time to start thinking defensively about phone calls. Just as we all drive defensively – hopefully. Every time your phone rings, act defensively and check the caller ID, listen and think before you start answering questions, and don’t hesitate to hang up or send the caller to voicemail. They can always call you back.

About Jackson Shaw
jacksonshaw200 Jackson Shaw is senior director of product management at One Identity, an identity and access management company formerly under Dell. He has been involved with identity, directory and security initiatives for 25 years and co-authored the book “Identity and Access Management for Dummies.” He has spoken at popular industry security conferences, advised companies on their information security strategies, and written for publications such as CIO, Dark Reading, Information Security Buzz and EE Times on various cybersecurity topics.
In this article