How TOADs are Attacking Businesses: Risks, Impacts, and Solutions

Introduction

Telephone oriented attack deliveries (TOADs) are becoming an increasingly common threat to businesses across the globe. Recent statistics show that TOADs account for over 60% of all call center fraud attempts, making it a major concern for organizations that rely on call centers to conduct business. In the UK alone, businesses have lost over £500 million to these types of scams, with no end in sight to this growing problem.

TOADs are a type of phishing scam where fraudsters use real phone numbers to impersonate legitimate callers, tricking victims into revealing sensitive information, such as usernames, passwords, and credit card details. Scammers may also use this information to take over accounts or make fraudulent purchases, resulting in significant financial losses for businesses.

The Effects of TOAD Attacks on Business

The impact of TOADs on businesses can be severe, with significant financial losses, reputation damage, decreased business productivity, and a loss of customer trust.

● According to the Federal Trade Commission (FTC) in the United States, businesses reported losing a total of $1.8 billion to imposter scams, including vishing, in 2020 alone.

● The Better Business Bureau (BBB) in the US also reported that businesses lost an average of $7,640 to vishing scams in 2020, with some individual losses reaching as high as $500,000.

● In a survey conducted by Pindrop Security in 2019, nearly 60% of businesses reported that they had experienced a vishing attack in the previous 12 months. The average financial loss reported by these businesses was $43,000 per incident, with some losses exceeding $1 million.

● In the UK, the cost of fraud to businesses reached £1.2 billion in 2020, according to a report by UK Finance. The report found that vishing was one of the most common types of fraud reported by businesses, with losses totaling £37.8 million.

It is clear that TOAD can result in significant financial losses to businesses, with some individual losses reaching into the millions of dollars. However, the exact cost of these attacks can vary widely depending on a range of factors, and it can be difficult to measure the total impact of voice scams on businesses worldwide. But, these losses can be devastating for small and medium-sized enterprises, leading to bankruptcy in some cases.

Additionally, businesses that fall victim to TOADs may lose customers' trust, resulting in long-term reputation damage and lost revenue.

Example of TOAD Attacks

1. The Amazon Customer Vishing Scam: Back in 2020, con artists impersonated Amazon employees and reached out to Amazon customers via phone calls or voicemails. These scammers didn't specifically target any particular person or organization.

2. The Scam Involving IRS Impersonation: This type of scam has persisted for years, affecting individuals and businesses throughout the United States. The IRS cautioned people in 2019 about a surge in such scams. No specific victims have been named.

3. The One-Ring Scam Warning: In 2019, the Federal Communications Commission (FCC) alerted the public about the one-ring scam, which targeted people and businesses across the country. The victims in this case remain unidentified.

4. The Escalation of Tech Support Scams: In 2018, Microsoft published a report revealing a 24% increase in tech support scams from the previous year. The affected individuals have not been disclosed.

5. The Social Security Scam Alert: In 2018, the Social Security Administration (SSA) warned the public about a new scheme involving scammers pretending to be SSA employees and asking individuals for their personal information. No victims have been named.

6. The Marriott Data Breach Incident: Marriott International disclosed a data breach in 2018 that had persisted since 2014. The breach compromised the personal details of nearly 500 million clients, including their names, phone numbers, email addresses, passport numbers, and credit card data. The culprits reportedly employed phone phishing to infiltrate Marriott's system.

7. The Capital One Data Breach Announcement: In 2019, Capital One revealed a data breach that exposed the personal information of more than 100 million customers and applicants, including names, addresses, phone numbers, and credit scores. The attacker exploited a misconfigured firewall and used phone calls and emails to deceive Capital One employees into providing access to the company's cloud storage.

8. The Twitter Bitcoin Scam Incident: In 2020, multiple high-profile Twitter accounts, such as those of Elon Musk, Bill Gates, and Barack Obama, were compromised in a bitcoin scam. The hackers employed phone phishing to access the accounts and subsequently posted tweets encouraging followers to send bitcoin to a specific address with the promise of a larger return.

9. The WhatsApp Spyware Attack: A security flaw in WhatsApp was exploited by an Israeli cyber intelligence firm in 2019 to plant spyware on the phones of journalists, human rights activists, and political dissidents. The attackers allegedly used phone calls to initiate the spyware installation.

How to Take Effective Countermeasures

To combat the growing threat of TOADs, businesses can implement various solutions.

1. Educate employees: Train your employees to recognize and report potential TOADs. Teach them how to identify suspicious phone calls and emails, and provide them with clear guidelines on how to respond to these types of attacks.

2. Stay up-to-date on emerging threats: Use Vishing Simulation tools, which is training exercise designed to educate employees and raise awareness about voice phishing. It involves simulating a voice phishing attack and evaluating how employees respond to the attack.

3. Implement multi-factor authentication: Require multi-factor authentication for all sensitive accounts and transactions. This can help prevent fraudsters from gaining access to your systems, even if they have obtained some of your employees' login credentials.

4. Use call blocking and filtering technologies: Implement call blocking and filtering technologies to prevent known fraudsters and robocallers from reaching your employees and customers.

5. Establish clear policies and procedures: Establish clear policies and procedures for handling sensitive information over the phone. Make sure your employees understand these policies and procedures, and enforce them consistently.

Are you concerned about the risk of voice phishing attacks targeting your company?

At Keepnet Labs, we recognize the significance of safeguarding your business from the threat of telephone scams. To help you achieve this, we provide you with a product that enables you to assess and train your employees by conducting simulated phone calls. By monitoring your employees' reactions to these mock attacks, we help you equip your staff with crucial insights for your organization's readiness against threats, pinpointing areas that require enhancement.

Furthermore, we focus on educating employees and raising awareness about voice phishing attacks. After simulating realistic attack scenarios and evaluating employee responses, we customize your training and awareness programs to bolster your business's defenses against such threats.

Take a proactive step towards protecting your business with Keepnet Labs' risk-free and compliance-ready fraud protection solutions. Schedule a demo or contact us for a free trial today.