Not all fraudsters rely on being technically savvy to get by — some have the charm and deception to pry sensitive information right out of unsuspecting consumers and businesses. In the latest installment of Forter’s Meet The Fraudsters series, Forter Senior Fraud Analyst Gilit Saporta joined Karen Webster to discuss these Sweet-Talking Fraudsters and why their kindness shouldn’t be taken for weakness.
Stealing personal data or sensitive information doesn’t always require brute-force cyberattacks or massive data breaches.
Sometimes, it can happen just by having what seems like an innocent conversation with the wrong person. Enter the Sweet-Talking Fraudsters.
These Sweet-Talking Fraudsters don’t always need malicious code or cyberattacks to compromise information, instead their tools of the trade typically involve social engineering and social manipulation.
In the latest episode of the Meet The Fraudsters series, Gilit Saporta, senior fraud analyst at Forter, explains why this particular fraudster profile is one that should not be underestimated.
Whether it’s someone who sparks a conversation with the intention of getting a person to divulge their mother’s maiden name or a fraudster posing as a customer in order to persuade the victim’s bank to change their mailing address, Sweet-Talking Fraudsters are everywhere.
Saporta compared them to the so-called “magicians” in the film “Now You See Me,” who have small talk with someone and, by talking about their childhood, they manage to get that person to say their mother’s maiden name.
Even with very minimal pieces of data, Saporta said it’s easy for these fraudsters to manipulate a customer support representative at an eCommerce establishment or a person’s financial institution.
Putting People Skills To Work
For the Sweet-Talking Fraudster, their expertise lies in being friendly and unsuspecting.
Saporta explained that, oftentimes, they will friend a potential victim on Facebook to gather information or even stoop so low as to befriend their child on Facebook, hoping the kid may start chatting about family details.
Any information a Sweet-Talking Fraudster acquires can then be turned around and sold to more sophisticated cybercriminals. In many cases, a Sweet-Talking Fraudster’s lack of technical expertise is offset with their ability to gather data that can be used against both consumers and merchants.
While they may not be the cybercriminals making big-dollar scores or absconding with a lot of merchandise, they perpetrate these actions by selling information to the fraudsters that can.
“Think about the damage that they can do if they sell that information not to just one type of fraudster but to several as they usually do,” Saporta noted.
How To Stop The Sweet Talk
The ways in which Sweet-Talking Fraudsters use and sell the data they steal can make their activities very difficult to detect.
Saporta recommended that, in order for merchants to protect themselves from the schemes of this particular fraudster profile, they may have to rely on third-party authentication services.
But picking the right security vendor is key.
“I know of third-party services that will automatically approve any transaction where anyone passes security questions, and merchants need to grow out of this phase,” she explained, because, oftentimes, Sweet-Talking Fraudsters have the information in their possession that can bypass security questions.
Trusting a single point of authentication to safeguard consumers and transactions is a mindset Saporta noted the entire industry needs to let go of.
“It’s always about a constant analytical effort to map the legit behaviors and the fraudulent behaviors in your particular industry,” she said. “Anti-fraud mechanisms are always multi-layered, as they should be. You just can’t rely on a single silver bullet to handle everything.”