Financial institutions everywhere are still wrangling with the issues of vishing and smishing, the identifiable code words for scam phone calls and text messages. According to the Crime Survey for England and Wales (CSEW), there were an estimated 4.5 million fraud offences in the Telephone-operated Crime Survey year ending March 2022, a 25% increase compared with the CSEW year ending March 2020.

Yet, recent technological advancements that have ballooned in popularity are set to increase the effectiveness of these phone calls and text messages significantly. Talk about generative AI and its widescale use for anything from marketing materials to academic papers has been well documented. However, this technology can also be used to produce convincing communications designed for malicious intent. With just 3-5 seconds of real speech, the advanced AI can be used to recreate someone's voice. So, to increase the impact of their messages, a fraudster in a foreign country can easily produce scripts in English, French, Portuguese, or Spanish. 

Often, the victims of these financial telco scams will not get reimbursed by their financial institution because the fraudulent transaction is “authorised” by the customer, be it knowingly or not.  So, what is being done by financial institutions to get potential victims of this new attack vector off the hook? 

The Automatic Reply

For the most part, financial institutions view these phone calls and text messages as a problem that is outside of their control. Maybe all they can do is educate their customers. But the reality is the industry can start to take some actions. 

In the UK, Ofcom has initiated rules where phone companies will be required to identify and block ‘spoofed’ calls, where feasible. There are efforts underway in other countries as well, including the U.S., where The Broadband Association runs a Traceback service (The Industry Traceback Group) that goes to the source point of the call to stop vishing/robocalls from being initiated, for example.

Several telco vendors are also coming up with solutions, such as offering mobile carriers firewall protections that leverage AI to block smishing text messages. Other vendors are helping legitimate companies sign their text messages and phone calls so these can be easily identified as legitimate by the customer. Mobile carriers have an incentive to also solve this problem, as they make significant revenue from delivering marketing/security calls/messages to their customers.

These issues are considerable pain points for consumers, and a challenge for telco vendors to try and address.  

Therefore, there is a significant opportunity for financial institutions to work together with their trade associations or cybersecurity groups to help shape these solutions. By working collaboratively with the telco ecosystem, financial institutions can make a direct impact in minimising fraud due to scam calls and text messages. 

Educating customers with actionable information is still important as well. Here is a three-step education process to share with consumers: 

1.  Add friends, family, and key service providers (e.g., doctor and dentist) phone numbers into your contact list on your mobile phone.

2.  Never answer a phone call from a phone number you do not recognize.  Just let it go to voicemail.  There you can listen to the message. If it is from someone that claims to be from your bank, call them back from a phone number you have on file, the number that appears on the back of your credit card or on the bank’s website.

3.  Never respond to a text message from a phone number or short code you do not recognize. Especially a message that appears to be sent in error (e.g., thanks for a great weekend or I enjoyed seeing you at the charity event on Saturday). These messages are just trying to start a false dialogue.  If it appears to be from a bank follow the instruction in step 2.

Just as financial institutions thought they were starting to get ahead of vishing and smishing scams, the introduction of a revolutionary technology has crashed the party, resulting in a surge in fraud offences. 

However, technological solutions like AI-powered firewall protections and identifying and blocking spoofed calls are being used to fight fire with fire. Financial institutions have the upper hand, though. By collaborating with the relevant parties within the fraud kill chain to educate customers and shape solutions, there is an opportunity for them to quash this type of fraud and help customers put the phone down on scammers, for good.