WAVES OF FRAUD AND CONFUSION
Last month, the Federal Trade Commission issued a notice that called attention to a new wave of fraud scams related to COVID-19. The commission warned consumers to be on high alert for robocalls and online offers that advertise products that claim to reduce the risk of or provide tests, treatments, and even cures for the deadly virus. Some of today’s largest players in the private sector have also taken steps to protect consumers, with the likes of Google and Amazon enacting policies to block predatory ads and sellers.
As it turns out, the forewarning and precautions may still not be enough. The sheer volume of nefarious activity aimed at cashing in on the panic and confusion surrounding COVID-19 is growing almost as quickly as the virus itself. Even the passage of a $2 trillion stimulus package meant to assist struggling Americans and a beleaguered economy is certain to attract even more opportunistic criminals. And in just the last several weeks, Americans are feeling the effects as they report heightened concerns across the board.
In fact, nearly 1-in-3 Americans (32%) say that they believe they have already been targeted by fraud or scams related to COVID-19.
Equally worrisome is the potential ramifications for enterprise call centers that have already begun to struggle in the face of an overwhelming increase in call volume — from customers and criminals. With more time on their hands and a bevy of unexpected circumstances, anxious customers are rushing to the phone.
A whopping 38% of Americans report having to make calls related to health and medical needs.
Unfortunately, fraudsters already work from home. Using the chaos as cover, bad actors are already setting the stage for months to come. Thus, the precipitous rise in call traffic brings with it a potentially devastating dilemma for contact centers–deliver a seamless customer experience to people in desperate need of it, or maintain the frustratingly rigid security process in place to stop criminals.
The initial indications are not good.
While staffing issues and social distancing may be partially to blame, excruciating hold times across the board indicate a more systemic problem. The balance between customer experience (CX) and security has never been so important and our call centers have never been so underprepared. In the coming weeks, we could witness a tsunami of activity set against a backdrop that can only be described as the perfect storm for fraudsters.
To illustrate the unusual activity taking place and the impact on businesses and individuals, Next Caller combined data collected from clients — which includes top Fortune 100 businesses — with findings from a research study commissioned to over 1,000 Americans*. This report aims to raise awareness of dangers on the horizon and provide insight to mitigate the impact of this crisis.
SOCIAL DISTANCING BRINGS FRAUD CLOSER
On March 16, many Americans started staying home to curb the spread of COVID-19. One immediate consequence of social distancing has been an extraordinary strain on the enterprise contact center.
Thirty-eight percent of Americans say that they have been making more calls to business than usual since being at home due to social distancing.
Our internal data provides a window into what enterprises saw during the week of March 16-23 (Week 1).
Two Fortune 500 financial institutions call volumes spiked to over 35%. One of the nation’s largest cable/internet providers saw a 25% increase.
Not only did this lead to a massive strain on phone agents at a time where call centers don’t have the manpower to match their needs, the data also shows something alarming. Call volume increase also brought with it an increase in high-risk calls*, signaling that fraudsters were immediately out in full force.
*Next Caller considers a call to be high-risk when spoofing or other similarly suspicious techniques have been detected.
Week 1 Increase in Call Volumes
Week 1 refers to the time period of March 16-23, the first week that most Americans began staying home which corresponded to the beginning of a significant statistical rise in call volume.
In the case of COVID-19 where call volumes rapidly and drastically spiked, the cascading effect is a traffic jam of phone calls from customers and bad actors anxiously waiting to be “verified.” Under normal circumstances, agents are inclined to rush through security to avoid angering callers and damaging satisfaction scores. With stakes at an all-time high, the pressure ratchets up incalculably. Imagine interrogating a distracted parent with secret password questions to complete a grocery shipment. Or declining a wire transfer to a sick patient in need of life-saving medication because of a forgotten PIN. Or denying a stranded traveler access to their account because they can’t access a one-time passcode from the airport. And yet, each of these scenarios is also a perfect cover for phone fraud. Even the best agents are susceptible to coercion, and fraudsters rely on these small oversights and mistakes to work the system.
The phone channel has been oft-targeted for more than inherent vulnerability due to human error and empathy. Data breaches and relentless phishing campaigns arm criminals with information to defeat knowledge-based questions and one-time passcodes with relative ease, while also adding friction for real customers. The result is longer, more expensive, and more frustrating calls.
In recent years, however, fraudsters have seized on a more subtle and extremely effective strategy: gaming the automatic number identification (ANI) matching system with a technique called spoofing. Spoofing allows fraudsters to change the number that appears on a caller ID. Fraudsters know that many businesses use the number matching system to instantly identify customers who call. By replacing their own number with the number of a customer, an IVR or agent mistakenly completes the match and rolls out the red carpet. Spoofing is designed not just to sidestep security, but to potentially avoid agent interaction altogether.
Weeks 2 and Week 3: A return to normal followed by another wave
If there was a silver lining for businesses following Week 1 of COVID-19’s impact on the contact center, it is that call volumes for most Next Caller clients temporarily returned to Pre-COVID-19 levels in Week 2 and in some cases were actually lower. While some clients still experienced elevated levels, early indications were that the initial explosion of consumer calling during Week 1 had waned.
However, by Week 3, perhaps corresponding to the release of new information on the stimulus and the start of the application period for small business loans, or the rise in consumer anxiety due to escalating COVID-19 cases and related deaths, call levels spiked again. In the most drastic case, one financial institution saw call volumes increase to almost 60% above Pre-COVID-19 levels. Call volume across all clients closed Week 3 up over 17% from Pre-COVID-19 levels. As time goes on, it’s likely that customer call volumes will ebb and flow during periods of transparency and confusion surrounding COVID-19 related news. Next Caller will continue to monitor and report on these trends.
When considering high-risk traffic, Next Caller data reveals a foreboding trend. The frequency of high-risk calls entering client queues has continued to rise over Weeks 1, 2, and 3. Astonishingly, high-risk calls saw no decline during Week 2 even with the temporary return to Pre-COVID-19 levels in overall call traffic. At the end of Week 3, the rate increase of high-risk calls reached nearly 30%. For financial services, the spike in high-risk calls topped 40%.
Overall, the rate increase of high-risk calls after Week 3 was 60% higher than the rate increase of general call traffic.
The implications are crystal clear: while consumer call behavior may be unpredictable if not outright volatile from week to week during the ensuing crisis, fraudster activity is steadily escalating with no end in sight.
WEEKLY CALL TRAFFIC VOLUME BREAKDOWN (IN COMPARISON TO PRE-COVID-19 LEVELS)
Week 1: March 16-23, Week 2: March 24-30, Week 3: March 31-April 6. “Pre-COVID-19” represents average call volume over the 10 weeks prior to March 16.
CAPITALIZING ON CHAOS AND CONFUSION
Any crisis makes us especially vulnerable to scams and COVID-19 is no different. People are scared and looking to protect themselves and their families, but they aren’t just afraid of getting sick. On top of concerns over health, 52% of Americans say that they are more concerned about being victimized by fraud than they normally would be due to COVID-19 related fraud and scams.
Unfortunately, these fears are well-founded. There are thousands of bad actors looking for an easy payday. Some sell snake-oil products promising treatments and cures. But others carry out more diabolical plots aiming for higher returns.
With financial relief on the way to Americans and their small businesses, fraudsters are seeing dollar signs. A second wave of fraud will leverage broadscale confusion and the sheer volume of activity (over 10 million Americans filed for unemployment last month) to prey on desperate individuals and overwhelmed businesses.
Schemes aimed at individuals include:
- Fake stimulus checks that extract real bank account information
- Change information on accounts to later drain cash, savings, or point balances
- Sending physical checks and debit cards then stealing them out of the mailbox
- Opening new lines of credit or securing loans on the individual’s behalf
- Creating new businesses using some of the individual’s information
It may be months before the individual (and even the participating business or organization) is aware that they were a victim. In many cases, the consequences will be irreversible.
For businesses, the problems are even more complex. By tricking an individual into providing a pin, password, or other sensitive data, criminals are equipped to pass every security or authentication test without raising red flags. This would allow criminals to target a business or government organization to:
- Reroute payments and loans to accounts under the fraudster’s control
- Establish fraudulent lines of credit
- Quickly and repeatedly cash the same legitimate checks at different locations
- Create fake documents or checks to gain payment approvals
- File fraudulent tax returns to collect reimbursement checks
- Collect unemployment or other benefits from federal and state agencies
It is astonishingly easy for fraudsters to manipulate individuals into divulging confidential or personal information. Even during unprecedented times, the phishing process relies on relatively familiar tactics. However, COVID-19 is unique in the vast array of new avenues that fraudsters can deploy which are far more likely to, at least momentarily, gain the trust of unsuspecting or distraught individuals. These new schemes use phony websites, mobile apps, emails, phone calls, and mail pretending to be official communication from healthcare providers, insurance companies, financial institutions, religious groups, delivery services, and government agencies. Once an individual takes the bait (which can be as easy as opening a link or creating a login on a website, or sophisticated enough to include call spoofing and some of an individual’s sensitive information) the fraudster instantly begins to leverage the compromised information to advance the scheme elsewhere.
The phone channel has long been a criminal’s gold mine, and the elderly have long been a favorite target of bad actors looking to exploit their lack of understanding of evolving technical capabilities. Sadly, in addition to being the primary age demographic susceptible to COVID-19, those over 55 years old were also the most likely (55%) to say they are more concerned about being victimized by fraud due to COVID-19 related fraud and scams.
Particularly if a fraudster knows the individual is already engaged with one of the companies or organizations listed above, calling to “finalize” a process is a familiar requirement for the individual, but far from secure. So, it’s no coincidence that as call centers are seeing an increase in suspicious call volume, individuals across the country are reporting the same.
44% of Americans say they have noticed an increase in phone calls and texts from unknown numbers, and emails from unknown sources since COVID-19.
A fraudster with one or more phone lines can systematically place spoofed calls to individuals without being detected. Fraudsters use familiar numbers (local area codes or the actual number to a local bank branch) to increase the chances that a person will answer. Because spoofing allows each call to come from a new number, blocking any particular number is ineffective. Spoofing can also be done with brute force. A fraudster doesn’t need everyone to answer. With automated and continuous dialing, just one in a hundred is enough to make millions over the course of a week.
FIGHTING TWO INVISIBLE ENEMIES
Older Americans should not be alone in their newfound concerns over fraud. The ceaseless announcements of corporate data breaches, infinite new opportunities for fraud, and the advancement of sophisticated technology and criminal techniques demonstrate an urgent need for our attention.
1-in-3 of all Americans say that the distractions created by COVID-19 and related events have made it more difficult to focus on taking steps to monitor or protect personal information
The same number of Americans who say they are “not at all confident” that businesses and government institutions are taking the necessary measures to prevent them from falling victim to COVID-19 related fraud and scams.
While we rally together to fight two invisible enemies — a deadly virus and the fraudsters who hide silently in its wake — our efforts to restore optimism about the future cannot lower our guard against fraud in the present. Businesses and consumers must remain diligent so that our eventual return to normal life doesn’t reveal millions of new stolen identities.
To supplement our own institutional knowledge and internal data, Next Caller commissioned a study administered to 1,066 U.S. respondents aged 18+, balanced against the U.S. population by age, gender, and region.
Survey conducted between March 31, 2020 and April 1, 2020.