Information Security - Scam Meet-up
We hosted an information security event on Monday night and had TalkTalk’s Head of Security Operations Mark Johnson present to us on scam challenges that they face and measures that they put in place to protect their customers.
This is in no way an advertisement for TalkTalk but more rather identify challenges that many UK businesses face on a daily basis, proactive strides they have taken and whether they have seen a measurable difference.
Is there really an issue?
Of an astounding 100 million calls that are transferred through the TalkTalk network each month, 50 million of those are from international carriers presenting a UK geographic number. 6 million of these are bound for TalkTalk customers and the rest are targeted at customers of other UK providers. The majority of these calls appear to originate from Kolkata with some sole intention of scamming UK citizens from their money. In 2018 customers reported £3 million of losses.
Their data analytics illustrate that 71-80 year olds are the age group that have lost most on average and substantially more scam victims. It is not exclusively this group that have been victimised the information also presents that 31-40 are susceptible with an average claim £3,500. Worryingly victims in the older generations lose their life savings and the issue becomes more severe. Life and death.
How is money being stolen?
Scammers call the victim claiming to be their internet provider and that they are vulnerable to their home network being penetrated. Once the victim engages in a conversation with the hackers they are tricked to download a programme where the hacker can carry out a range of tasks to access personal details including bank account details.
There is not just one trick that scammers use but TalkTalk aim it to raise awareness and make people savvy to scams and how easy it is to be caught.
What is being done?
TalkTalk offer a Call Safe service for their phones which asks for any caller not on the customer’s whitelist to identify themselves and leave a message. Although not technically the most sophisticated it has been very successful as there has only been one claim of money lost by a customer with this installed since the service went live. Reason associate with this figure is being these calls are from automated diallers do not leave a specific message. It is these automated diallers that facilitate millions of these calls being made annually.
Raising awareness is a key message that they are looking to promote. We were fortunate to see a recent internal awareness video demonstrating how these scams work and how easy it is for these scams to cost people thousands of pounds.
To proactively anticipate how these scams work the security operations function have commandeered a 1000 lines that are dormant before being reallocated to see how the scams operate and letting them manifest in a secure environment.
Although not always appreciated amongst the tech community they have programmed the DNS on their routers to prevent certain websites being accessed that are known to be used to commit these illegal activities. These restrictions can be easily altered by customers who need access and the business believe this is a worthwhile decision.
What can be done moving forward?
Of course with TalkTalk providing for 4 million UK homes there are many who will not receive this treatment so what else is being done? TalkTalk are engaging with other Telco’s and businesses including financial services.
I see that there are far more Information Security Training and Awareness roles within businesses and hopefully this education will filter through to day to day life. There is a responsibility of professionals in the industry to spread this message to friends and family and hopefully mediums like TalkTalks video will reduce the number of people falling victim to scams. A public version of the video is something that they are working towards.