Blog

Scattered Spider Attacks: What They Are & How to Stop Them

Josh Read

A scattered spider attack is a sophisticated cybercrime method targeting call centres through social engineering and impersonation. Attackers trick agents into revealing sensitive customer information or bypassing security protocols by pretending to be legitimate users or employees. 

The typical outcome? Fraudsters gain unauthorised access to accounts, execute SIM swaps, and carry out financial theft.

Attackers exploit call centres as weak links, relying on voice phishing (aka “vishing”) tactics and leveraging human error. Scattered spider’s goals include manipulating agents to gain access to customer accounts or systems by exploiting multi-factor authentication (MFA) weaknesses, account resets, and security gaps. 

Given the sensitive nature of the data handled by call centres, these attacks can result in massive financial and reputational damage.

The threat of adverse selection for vulnerable call centres

Call centres that do not employ robust fraud prevention measures are at even greater risk due to adverse selection, as fraudsters tend to target organisations with weaker security protocols, recognizing them as vulnerable points of entry. 

Without advanced fraud detection and identity verification (IDV), call centres may experience a high frequency of repeated fraud attempts, making them prime targets for sophisticated attacks. 

This trend can further exacerbate security vulnerabilities, resulting in increased operational costs and significant financial loss.

A multi-layered defence against scattered spider attacks

IDVerse provides an integrated suite of solutions designed to prevent these attacks through real-time identity verification, biometric authentication, and fraud detection technologies.

1. IDVerse identity verification

Our IDV platform offers real-time verification of government-issued identity documents through advanced OCR (optical character recognition) and document fraud analysis (DFA). It ensures that every customer’s identity is authenticated before sensitive actions are taken, like account resets or SIM swaps.

  • How it works: When a call centre agent interacts with a customer, they send a secure link to the customer’s mobile device, prompting the user to conveniently complete a digital Identity verification. The system checks the document for authenticity using DFA, ensures that the user is live, present, and their facial biometric data matches.
  • Fraud prevention: This real-time process blocks impersonators, making it impossible for attackers to manipulate agents using fake credentials.

2. Face Access: Passwordless biometric authentication

For existing customers, Face Access enables rapid, secure, passwordless re-authentication using facial biometrics and liveness detection. This ensures that the person attempting access is physically present and matches the original user’s profile.

  • How it works: Customers can verify their identity with a simple face scan, skipping traditional password or PIN-based logins that attackers can manipulate through phishing.
  • Fraud prevention: By eliminating the need for vulnerable credentials like passwords, Face Access stops attackers from leveraging stolen credentials or using deepfake technologies to spoof access.

2.1 Face Access redux: Pre-authentication in queue

By integrating Face Access into the call queue flow, call centres can significantly reduce friction and time spent on live agent calls, thus cutting costs. Here’s how it would work:

  1. While in the call queue: When a customer calls, an API sends a link to their registered mobile number, either via SMS or through a secure mobile app they are already logged into.
  2. Face Access authentication: The customer completes Face Access (liveness and face match) while waiting, confirming their identity.
  3. Agent notification: Once the customer reaches the top of the queue, the system displays the validation results to the receiving agent, indicating whether the customer has been successfully identified and validated.
Image animated using Luma.

This pre-authentication process shortens agent call times and enhances security by confirming identity before the customer even speaks to the agent.

3. FraudHub™: Real-time fraud detection and behavioural analysis

FraudHub™ provides real-time monitoring of identity verification attempts, tracking repeat behaviours like fraudulent use of identity documents, photos, and other attributes. This product stores known fraudulent identities and continuously checks for patterns that match new attempts.

  • How it works: FraudHub™ performs a one-to-many search, flagging suspicious patterns such as the same photo being used on different documents or repeat fraudulent behaviour associated with a phone number or date of birth.
  • Fraud prevention: This proactive approach allows call centres to immediately detect and prevent fraudsters from reusing compromised or manipulated identity components.

4. Deepfake Defender™: Blocking synthetic media attacks

With the rise of deepfake technology, attackers can use AI-generated videos or synthetic media to impersonate legitimate customers. Deepfake Defender™ identifies these synthetic attempts by analysing micro-expressions and detecting whether the user interacting with the system is a real, live person.

  • How it works: During authentication (via IDV or Face Access), Deepfake Defender™ runs liveness detection checks to ensure that the person’s behaviour matches genuine human interaction, rather than an AI-generated video.
  • Fraud prevention: By blocking deep fakes, the system prevents attackers from spoofing their way through advanced biometric verification

Preventing adverse selection through stronger security

Adopting these advanced solutions is critical for call centres looking to prevent adverse selection. Without these defences, call centres are likely to see an increase in fraud attempts as attackers target weak security infrastructures. 

Implementing IDVerse’s comprehensive solution suite ensures that your organisation is no longer seen as a soft target but rather as a secure environment with stringent identity verification and fraud detection capabilities.

Using IDVerse solutions like IDV, Face Access, FraudHub™, and Deepfake Defender™, call centres can:

  • Authenticate users securely in real time, ensuring that only legitimate customers can access their accounts.
  • Prevent fraud attempts by blocking impersonators, phishing schemes, and social engineering tactics.
  • Identify and stop repeated fraud patterns, even when attackers try to reuse components of fraudulent identities.
  • Eliminate vulnerabilities created by traditional passwords and PINs, securing customer interactions with biometric authentication.

Reinforcing call centre security with IDVerse

Scattered spider attacks are a significant threat to call centres due to their reliance on human manipulation and weak authentication methods. When companies deploy IDVerse’s advanced security solutions, they can protect themselves from these sophisticated attacks, safeguard customer data, enhance the customer experience and build trust with their clients.

Incorporating real-time IDV, biometric re-authentication and fraud detection into your call centre operations ensures a secure, seamless experience that prevents fraud and eliminates the risk of being a target for future attacks.

About the post:
Images and videos are generative AI-created. Image prompt: Futuristic high tech call center, workers in futuristic clothing wearing headsets sitting in front of ultramodern screens, large screens on the walls to monitor security, bright neon, LEDs, Minority Report vibes. Tools: Midjourney, Luma.

About the author:
Josh Read is Chief Operating Officer at IDVerse. He has over 25 years of leadership experience in technology organisations including Equifax, KPMG Australia, Telstra Enterprise and Government, and Yellowfin Business Intelligence International. As COO, Josh supports and directs the global expansion of the company, building optimised business processes for IDVerse to become the global partner of choice for IDV and compliance.

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security