Lifecycle of a Phone Fraudster - Exposing Fraud Activity

Explore the intricate world of phone fraud in this Black Hat conference talk. Delve into the lifecycle of phone fraudsters and learn how to detect account takeover attempts through acoustical anomalies and graph analysis. Discover techniques to identify reconnaissance calls days before actual account takeovers occur. Examine a dataset of hundreds of millions of calls to understand the methods used by fraudsters to socially engineer call center agents and exploit system vulnerabilities. Gain insights into the effectiveness of using acoustical anomalies for fraud detection, achieving over 80% accuracy with less than 2% false positives. Investigate the application of graph analysis in identifying reconnaissance calls preceding account takeovers. Uncover the various stages of phone fraud, including IVR manipulation, call center exploitation, and voice distortion techniques. Learn about the distribution of fraudsters, creation of fraudster profiles, and the importance of reputation and velocity in fraud detection. Analyze real-world examples, including IRS scams and electrical grid interference. Understand key takeaways such as time gaps between fraud stages, changing attack vectors, and the prevalence of this technology in the industry.

Introduction
Overview
Call Center Fraud
IVR
Call Center
Reveal
Mode of Operation
Analysis
Voice over IP
Shortterm energy
Packetization
IRS Scam
Electrical Grid Interference
Acoustical Anomalies
Distribution of Fraudsters
Anomalies
Separating Good and Bad Calls
Creating Fraudster Profiles
Plotting Fraudster Profiles
Voice Distortion
Red Pockets
CDR Data
Reputation Velocity Behavior
Reputation Example
Velocity Example
Reconnaissance Example
Overall Result
Example
Key takeaways
Time gap between fraud stages
False positive rate
Changing vectors of attack
How common is this technology