Is Your Enterprise Voice Traffic
a Roadway for Scammers?
By Chuck French on 8/5/20
Updated 11/2/21
Executive Summary
Anyone with a phone knows that spam calls have become a daily source of annoyance, with little evidence they will abate anytime soon. But for businesses, the intrusion of unwanted enterprise voice traffic and the threat potential when scams are involved not only impacts the welfare of employees, it constitutes a host of negative effects on the organization as a whole in terms of lost productivity, network performance and cybersecurity risk. While recognizing the problem, few organizations have the means to understand the true makeup of their voice traffic, let alone how to measure the financial impact of unwanted calls. This article examines the various forms of spam calls in the enterprise and what one company is doing to help organizations regain control over the security and integrity of their voice networks through a sophisticated Voice Traffic Assessment and Voice Traffic Filter solution.
TABLE OF CONTENTS
Defining “Voice Spam” (What is Voice Spam?)
The term “voice spam” is broadly used to define unsolicited/unwanted phone calls, but it comes in many forms. It can be a live telemarketer hoping to sell goods or services. While annoying and disruptive, these calls are considered legal as long as they adhere to Federal Trade Commission (FTC) standards.
Then, there is the all-too familiar robocall. Appointment reminders, flight cancellations, and other informational calls are legitimate forms of robocalls. However, illegitimate players are leveraging Voice over Internet (VoIP) technology to generate thousands of robocalls to random numbers from an auto dialer. Their messaging, at best, is intended to elicit a purchase but, in growing numbers, is designed to lure the call recipient into a scam. Scammers often employ caller ID “spoofing” to disguise their identity, replacing their source ID with one showing a familiar area code or person (neighbor spoofing), or business name (enterprise spoofing) to entice recipients to answer.
Most pernicious of all are “vishing” schemes. As the voice equivalent of email phishing, vishing has now emerged as one of the most effective – and dangerous – forms of fraud.
Vishing attacks are directed at specific individuals and employ social engineering techniques, often in combination with spoofed caller IDs and personal information gained through other hacking attacks. They manipulate the call recipient into a false sense of trust in order to extract from them sensitive or protected information. When perpetrated on an employee (who may be particularly vulnerable when in a helpdesk, customer or tech support position), the damage could be catastrophic with prospective loss of proprietary information, financial theft, public relations fallout and costly exposure to regulatory breach.
Even tech-savvy companies with sophisticated security systems in place are not immune, as evidenced by the high-profile attack on social media giant Twitter that resulted in the hijacking of numerous prominent accounts and advancement of a bitcoin scam. The breach, according to a statement from Twitter, was believed to be “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Scammers getting back to business
While the COVID-19 pandemic suppressed voice spam activity for a time, as countries have reemerged, so, too, have the spammers and scammers. According to a YouMail study, robocalls spiked back upward by more than 11% month over month since May 2020, with nearly 3.3 billion spam and robocalls placed nationwide during the month of June alone.
What’s more disturbing: 45% of those calls were identified as fraudulent scams.
In an interview with CNN Business, Kush Parikh, COO of Hiya, a consumer service organization that provides caller ID information to carriers, says, “Phone scammers have shown resiliency over the years and constantly change their tactics to find new ways to exploit the public.”
This is bad news for consumers who were, according to a year-end Federal Trade Commission (FTC) report, bilked out of nearly $667 million through impostor phone scams in 2019. But for businesses, a growing tide of unwanted calls not only threatens the welfare of employees; it constitutes a host of negative impacts on the organization as a whole in terms of lost productivity, network performance and cybersecurity risk.
The FTC has a page on its website dedicated specifically to phone scams that includes a descriptive list of old and emerging scams, how to recognize them, how to respond to them, and how to report them. This is something every organization’s risk officer should share with employees. Additionally, Congress has stepped up efforts to curb fraudulent phone activity through the initiation of the TRACED Act requiring carriers to apply attestation scores to voice data passed along the network chain in order to flag unverifiable call sources. However, full implementation will take many years and is directed towards consumers with little protection extended to enterprise phone networks.
(For more information on the TRACED Act and the impact on businesses CLICK HERE)
Understanding the Impact of Unwanted Voice Traffic (UVT)
Clearly, the cumulative impact of unwanted and fraudulent intrusions through voice networks is an issue that no business can afford to ignore, with unprotected voice traffic providing a convenient gateway for disruptive and even criminal activity. However, the volume and kinds of calls entering each organization is as unique as the organization itself, so how can the potential for damage be measured, and what can be done to prevent it?
With a 30+-year history solving complex business communication problems through advanced enterprise software solutions, Mutare, Inc., may be able to provide some answers.
Mutare has developed a powerful, multi-dimensional voice traffic filtering system specifically for the enterprise that identifies and blocks the vast majority of unwanted calls from entering the voice network. Unlike other solutions that simply apply a caller ID label to suspicious calls, Mutare’s solution blocks those calls at the network edge before they have a chance to ring through. The impact is immediate and significant. Unwanted voice network traffic is almost entirely eradicated, and both individual employees and their organization are insulated from unsolicited work disruptions and potential criminal intrusion.
The Numbers Tell the Story
In business, the numbers often rule. Many organizations look to both internal and industry standards in the form of statistical metrics, Objectives and Key Results (OKRs), and Key Performance Indicators (KPI’s) to guide organizational focus, priority and budget. Regarding unwanted enterprise voice traffic and the business impact, the numbers are both revealing and daunting. According to statistics gathered and analyzed by the Ponemon Institute and IBM Security, Social-Engineer.org, Compliancy Group and Mutare data:
Average percentage of voice traffic that is unwanted: 8.94%
Average cost of a single data breach in the US: $9.05M
Estimated global loss/year due to vishing or telephone fraud: $29.8B
Average HIPAA fine due to vishing: $1.5M
Potential disruption per employee due to unwanted calls: 23 minutes/day
“Looking at live customer data, we have seen the percentage of unwanted calls reach as high as 88% over a given period of time for some organizations,” says Roger Northrop, Mutare CTO. “Keeping those calls from entering the network provides significant benefits in terms of regained time and security.”
Powered by Big Data & Analytics
For the last three years Mutare has made its Voice Traffic Filter solution a top organizational priority. One of the key elements in building this highly effective enterprise voice spam filter solution has been the ability to capture huge amounts of data from both industry sources and customers which can then be mined to provide insights and learnings. Today, Mutare’s powerful Unwanted Voice Traffic (UVT) Engine is both an organizational jewel and the power source for its Voice Traffic Filter solution. The UVT Engine is a proprietary intelligence platform that utilizes advanced data collection, big data technology, intelligent analytics and enterprise reporting to protect Mutare’s customers from unwanted voice traffic.
Seeing is Believing
Most organizations are unclear about the amount of unwanted calls coming through their networks each day and its potential impact. Robocalls, spoof calls, voice spam and vishing are relatively new concerns for most Technology and Cybersecurity executives, as the voice network has never been viewed as a gateway for nefarious activity and bad actors.
To expose the real issues hidden in daily voice traffic and quantify the problem, Mutare has developed the Voice Traffic Assessment, or VTA. The Voice Traffic Assessment is a multi-faceted analysis of an organization’s actual voice traffic makeup and patterns. The detailed report provides insights and metrics to help businesses understand the toll that unwanted voice traffic is having on their voice networks and bottom line. The report focuses on four main areas of concern:
Core Visibility:
Metrics include annualized total calls identified as either wanted or unwanted, and unwanted calls broken down into nefarious vs. nuisance.
Cybersecurity Risk
Evaluates potential risk of cybersecurity breach based on overall exposure to unwanted calls, industry patterns and projections and FAIR model standards.
Network Reliability
Evaluation of the impact of bad traffic on network performance; insights regarding network tuning for full optimization.
People and Performance
As humans are the weakest link in cyber defense, this section presents actions to mitigate nefarious contacts via calls, while also presenting calculations that show the toll unwanted calls is exacting on workforce productivity.
Understanding the Enterprise Voice Traffic Assessment alternatives
The Mutare Voice Traffic Analysis (VTA) and Proof of Concept (PoC).
OPTION 1: VTA/ ESSENTIAL ANALYSIS
This option is the simpler of the two. With this program, the client company provides Mutare with data from their existing voice network, known as the Call Detail Record (CDR). Mutare then runs this dataset through their proprietary dynamic database of unwanted voice traffic to generate a detailed assessment. Option 1 is quick and easy, and client companies receive their VTA assessment in about a week. It is complimentary, but don’t sell it short as it will provide you with compelling insights and an entirely new perspective about your organization’s voice traffic.
OPTION 2: VTA/ PROOF OF CONCEPT (PoC)
This option is a full, paid, proof-of-concept trial where the Mutare Voice Traffic Filter solution is installed at the client site for 30 days. This program provides not only a true hands-on experience with the filter administrative controls, but also a deeper insight into the makeup of the organization’s voice traffic as it utilizes all aspects of the system’s filtering capabilities. Trial users have full access to the administrative portal and tools used to create organization-specific blocklists and allowlists, as well as rules for specific numbers or number types with related actions (Allow, Route, Drop or send to the Mutare Voice CAPTCHA).
The voice CAPTCHA, another unique feature of the Mutare Voice Traffic Filter, provides protection against the inadvertent blocking of a legitimate caller. Calls that may go through the filter but are flagged as suspect for other reasons may be directed to the CAPTCHA where the caller must type in a short numeric code before continuing with the call, effectively separating computer-generated calls from humans. How the system handles spam and suspect calls can be fine-tuned through administrative controls to meet the specific profile of each organization.
Mutare organizes the captured data and delivers it with other key metrics, insights, risk analysis and recommendations in the form of a highly detailed detailed Voice Traffic Assessment report.
Creating Clarity by Measuring the Voice Spam Problem
Since the inception of its VTA program, Mutare has provided Voice Traffic Assessment reports to a multitude of organizations, consistently revealing the potential for significant recovery of productive time and related cost savings ranging from $100,000 to well over $4 million annually.
These results, combined with ongoing customer and prospect conversations, have provided Mutare developers with unique insights into the attitudes and challenges facing businesses as they confront the reality of voice traffic intrusion.
Notes Rich Quattrocchi, Mutare’s Vice President of Digital Transformation, “The truth is, most organizations have no idea how voice spam is hurting the bottom line and compromising security. Users complain, but overburdened IT and help desk staff are powerless to do much other than occasionally blocking a repeat nuisance caller. They have no data other than anecdotal reports.
“The Voice Traffic Assessment gives savvy managers and security administrators a way to measure the impact of voice spam and control it as part of their key performance indicators. It provides understanding that cannot be identified any other way, as well as a clear view into how the power of Mutare’s Voice Spam Filter improves voice network performance, reduces cybersecurity risk and boosts team member productivity.”