Call centers warned about Telephony Denial-of-Service (TDoS) attacks

Posted on: April 10th, 2013 by Art Barger

Imagine a call center without the ability to take inbound calls or make outbound calls. That’s the impact that growing Telephony Denial of Service (TDoS) attacks can have on targeted call centers. Sort of the cousin to online DoS attacks, TDoS as designed to incapacitate call centers after initial calls for fraudulent transactions are made.

According to the article, “Telephony Denial-of-Service Attacks Prompt Federal Attention,” the Department of Homeland Security and FBI recently issued a “situational awareness bulletin” after a number of TDoS attacks were targeting public safety and emergency services call centers. The alert warned that criminals were phoning the call centers impersonating agencies to collect outstanding payday load debt of $5,000. If the targeted employees didn’t agree to pay, the caller would launch the attack that flooded the call center with enough traffic to disable any incoming or outgoing calls for a period of time.

While the recent attacks have targeted public safety telephone lines, the complaints don’t stop there. Many believe criminals are expanding the types of industries they are targeting. In the memo, the DHS said attackers are “targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications.”

Using network-based forensics to verify in real-time the exact location of the telephonic device calling bank call centers, we at TRUSTID has seen similar TDoS attempts. Because spoofing Caller ID and ANI is a key component to TDoS attacks, curbing these attacks requires the ability to understand if inbound calls pose a risk before the phone is picked up.

In doing so, financial institutions need to find a better way to authenticate their customers over the telephone channel and protect their call center agents from answering spoofed calls in the first place. The TRUSTID® Physical Caller Authentication solution validates whether all inbound calls can be trusted, or if they are high risk. By knowing if a call is trustworthy or not before it happens, banks can mitigate their risk of TDoS attacks and other social engineering scams without having to invest precious time and resources on known fraudulent calls.