Is Your Enterprise Voice Traffic
a Roadway for Scammers?

By Chuck French on 8/5/20

As countries around the world begin to emerge from their COVID-19 shut-downs, another familiar scourge is experiencing a revival…voice spam.

Executive Summary

Anyone with a phone knows that spam calls have become a daily source of annoyance, with little evidence they will abate anytime soon. But for businesses, the intrusion of unwanted enterprise voice traffic and the threat potential when scams are involved not only impacts the welfare of employees, it constitutes a host of negative effects on the organization as a whole in terms of lost productivity, network performance and cybersecurity risk. While recognizing the problem, few organizations have the means to understand the true makeup of their voice traffic, let alone how to measure the financial impact of unwanted calls. This article examines the various forms of spam calls in the enterprise and what one company is doing to help organizations regain control over the security and integrity of their voice networks through a sophisticated Voice Traffic Analysis and Voice Spam Filter solution.

Defining “Voice Spam” (What is Voice Spam?)

The term “voice spam” is broadly used to define unsolicited/unwanted phone calls, but it comes in many forms. It can be a live telemarketer hoping to sell goods or services. While annoying and disruptive, these calls are considered legal as long as they adhere to Federal Trade Commission (FTC) standards. (Note, calls from political organizations are considered acceptable, an issue that is sure to have an impact on spam call volume as the 2020 election approaches).

Then, there is the all-too familiar robocall. Appointment reminders, flight cancellations, and other informational calls are legitimate forms of robocalls. However, illegitimate players are leveraging Voice over Internet (VoIP) technology to generate thousands of robocalls to random numbers from an auto dialer. Their messaging, at best, is intended to elicit a purchase but, in growing numbers, is designed to lure the call recipient into a scam. Scammers often employ caller ID “spoofing” to disguise their identity, replacing their source ID with one showing a familiar area code or person (neighbor spoofing), or business name (enterprise spoofing) to entice recipients to answer.

Most pernicious of all are “vishing” schemes. As the voice equivalent of email phishing, vishing has now emerged as one of the most effective – and dangerous – forms of fraud.

Vishing attacks are directed at specific individuals and employ social engineering techniques, often in combination with spoofed caller IDs and personal information gained through other hacking attacks. They manipulate the call recipient into a false sense of trust in order to extract from them sensitive or protected information. When perpetrated on an employee (who may be particularly vulnerable when in a helpdesk, customer or tech support position), the damage could be catastrophic with prospective loss of proprietary information, financial theft, public relations fallout and costly exposure to regulatory breach.

Even tech-savvy companies with sophisticated security systems in place are not immune, as evidenced by the high-profile July 16 attack on social media giant Twitter that resulted in the hijacking of numerous prominent accounts and advancement of a bitcoin scam. The breach, according to a statement from Twitter, was believed to be  “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” 

Scammers getting back to business

While the COVID-19 pandemic suppressed voice spam activity for a time, as countries have reemerged, so, too, have the spammers and scammers. According to a YouMail study, robocalls have spiked back upward by more than 11% month over month since May, with nearly 3.3 billion spam and robocalls placed nationwide during the month of June alone.

What’s more disturbing: 45% of those calls were identified as fraudulent scams.

In an interview with CNN Business, Kush Parikh, COO of Hiya, a  consumer service organization that provides caller ID information to carriers, says,  “Phone scammers have shown resiliency over the years and constantly change their tactics to find new ways to exploit the public.”

This is bad news for consumers who were, according to a year-end Federal Trade Commission (FTC) report, bilked out of nearly $667 million through impostor phone scams in 2019. But for businesses, a growing tide of unwanted calls not only threatens the welfare of employees; it constitutes a host of negative impacts on the organization as a whole in terms of lost productivity, network performance and cybersecurity risk.

The FTC has a page on its website dedicated specifically to phone scams that includes a descriptive list of old and emerging scams, how to recognize them, how to respond to them, and how to report them. This is something every organization’s risk officer should share with employees. Additionally, Congress has stepped up efforts to curb fraudulent phone activity through the initiation of the TRACED Act requiring carriers to apply attestation scores to voice data passed along the network chain in order to flag unverifiable call sources. However, full implementation will take many years and is directed towards consumers with little protection extended to enterprise phone networks.

(For more information on the TRACED Act and the impact on businesses CLICK HERE)

Understanding the Impact of Unwanted Voice Traffic (UVT)

Clearly, the cumulative impact of unwanted and fraudulent intrusions through voice networks is an issue that no business can afford to ignore, with unprotected voice traffic providing a convenient gateway for disruptive and even criminal activity. However, the volume and kinds of calls entering each organization is as unique as the organization itself, so how can the potential for damage be measured, and what can be done to prevent it?

With a 30+-year history solving complex business communication problems through advanced enterprise software solutions, Mutare, Inc., may be able to provide some answers.

Mutare has developed a powerful, multi-dimensional spam filtering system specifically for the enterprise that identifies and blocks the vast majority of unwanted calls from entering the voice network. Unlike other solutions that simply apply a caller ID label to suspicious calls, Mutare’s solution blocks those calls at the network edge before they have a chance to ring through.  The impact is immediate and significant. Unwanted voice network traffic is almost entirely eradicated, and both individual employees and their organization are insulated from unsolicited work disruptions and potential criminal intrusion.

The Numbers Tell the Story

In business, the numbers often rule.  Many organizations look to both internal and industry standards in the form of statistical metrics, Objectives and Key Results (OKRs), and Key Performance Indicators (KPI’s) to guide organizational focus, priority and budget.  Regarding unwanted enterprise voice traffic and the business impact, the numbers are both revealing and daunting. According to statistics gathered and analyzed by the Ponemon Institute and IBM Security, Social-Engineer.org, Compliancy Group and Mutare data:

Average percentage of voice traffic that is unwanted: 12%

Average cost of a single data breach in the US: $8,19M

Estimated global loss/year due to vishing or telephone fraud: $46.3B

Average HIPAA fine due to vishing: $1.5M

Potential disruption per employee due to unwanted calls: 23 minutes/day

“Looking at live customer data, we have seen the percentage of unwanted calls reach as high as 88% over a given period of time for some organizations,” says Roger Northrop, Mutare CTO. “Keeping those calls from entering the network provides significant benefits in terms of regained time and security.”

Powered by Big Data & Analytics

For the last three years Mutare has made its Voice Spam Filter solution a top organizational priority.  One of the key elements in building this highly effective enterprise voice spam filter solution has been the ability to capture huge amounts of data from both industry sources and customers which can then be mined to provide insights and learnings.  Today, Mutare’s powerful Unwanted Voice Traffic (UVT) Engine is both an organizational jewel and the power source for its Voice Spam Filter solution. The UVT Engine is a proprietary intelligence platform that utilizes advanced data collection, big data technology, intelligent analytics and enterprise reporting to protect Mutare’s customers from unwanted voice traffic.  

Seeing is Believing

Most organizations are unclear about the amount of unwanted calls coming through their networks each day and its potential impact.  Robocalls, spoof calls, voice spam and vishing are relatively new concerns for most Technology and Cybersecurity executives, as the voice network has never been viewed as a gateway for nefarious activity and bad actors.

To expose the real issues hidden in daily voice traffic and quantify the problem, Mutare has developed the Voice Traffic Analysis, or VTA.  The Voice Traffic Analysis is a detailed, multi-faceted assessment and report that provides organizations with key insights and detailed metrics to help them understand the toll that unwanted voice traffic is having on their voice networks, including:

Estimated voice traffic reduction

Estimated malicious calls stopped

Team member productivity savings

Total evaluated calls

Total permitted calls

Total unwanted calls

Total robocalls

Total spoof calls

Total unique Caller IDs

Total unique Caller IDs listed as robocallers

Understanding the Enterprise Voice Traffic Analysis alternatives

Voice Traffic Analysis (VTA) comes in two flavors, VTA/Essential Analytics, and VTA/Advanced Analytics.

OPTION 1: VTA/ ESSENTIAL ANALYTICS

This option is the simpler of the two. With this program, the client company provides Mutare with data from their existing voice network, known as the Call Detail Record (CDR).  Mutare then runs this dataset through their UVT Engine to generate a detailed assessment.  Option 1 is quick and easy, and client companies receive their VTA assessment in about a week. It is complimentary, but don’t sell it short as it will provide you with compelling insights and an entirely new perspective about your organization’s voice traffic.

OPTION 2: VTA/ ADVANCED ANALYTICS

This option is a full, paid proof-of-concept trial where the Mutare Voice Spam Filter solution is installed at the client site for, on average, three months. This program provides not only a true hands-on experience with the filter administrative controls, but also a deeper insight into the makeup of the organization’s voice traffic. It applies additional advanced components of the Mutare Voice Spam Filtering system, including Mutare’s proprietary analytics capabilities, that further flag suspicious and/or potentially malicious calls based on call pattern recognition, heuristics and machine learning. Trial users have full access to the administrative portal and tools used to create organization-specific blocklists and allowlists, as well as rules for specific numbers or number types with related actions (Allow, Route,  Drop or send to the Mutare Voice CAPTCHA).

The voice CAPTCHA, another unique feature of the Mutare Voice Spam Filter, provides protection against the inadvertent blocking of a legitimate caller. Calls that may go through the filter but are flagged as suspect for other reasons may be directed to the CAPTCHA where the caller must type in a short numeric code before continuing with the call, effectively separating computer-generated calls from humans. How the system handles spam and suspect calls can be fine-tuned through administrative controls to meet the specific profile of each organization.

Mutare organizes the captured data and delivers it with other key metrics, insights, risk analysis and recommendations in the form of a highly detailed Voice Traffic Analysis report.

Creating Clarity by Measuring the Voice Spam Problem

In the first quarter of 2020, Mutare has provided Voice Traffic Analysis reports to a multitude of organizations, consistently revealing the potential for significant recovery of productive time and related cost savings ranging from $100,000 to over $1 million annually.

These results, combined with ongoing customer and prospect conversations, have provided Mutare developers with unique insights into the attitudes and challenges facing businesses as they confront the reality of voice traffic intrusion.

Notes Rich Quattrocchi, Mutare’s Vice President of Digital Transformation, “The truth is, most organizations have no idea how voice spam is hurting the bottom line and compromising security. Users complain, but overburdened IT and help desk staff are powerless to do much other than occasionally blocking a repeat nuisance caller. They have no data other than anecdotal reports.

“The Voice Traffic Analysis gives savvy managers and security administrators a way to measure the impact of voice spam and control it as part of their key performance indicators. It provides understanding that cannot be identified any other way, as well as a clear view into how the power of Mutare’s Voice Spam Filter improves voice network performance, reduces cybersecurity risk and boosts team member productivity.”

Need proof? Mutare invites you to give it a try.

Fill out the Form Below to Download the Special Report