What are the latest deepfake speech tools? How has social engineering overtaken phishing? What do consumers expect and more?

Matt Smallman Avatar Matt Smallman
5 min read
Published:
Updated:

Modern SecuritySecurity is one of three key measures of Call Centre Security process performance. It is usually expressed as the likelihood that the process allows someone who isn't who they claim to be to access the service (False Accept). Newsletter #003 - June 2023

Welcome to the Modern Security Newsletter community newsletter. This newsletter provides members with a monthly summary of news, ideas, insight, and analysis in customer security based on my hours of reading and analysis so that you don't have to. In this edition:

Community News

πŸ”Ž Is the latest attack on Synthetic Speech Detection really 99% effective? - In-depth

A team at Waterloo University says it has produced a system that is 99% effective against synthetic speech detection countermeasures used to protect Voice Biometric authenticationAuthentication is the call centre security process step in which a user's identity is confirmed. We check they are who they claim to be. It requires the use of one or more authentication factors. schemes. The headline is definitely eye-catching, but the truth behind the headline actually holds out some promise. Regardless it's still an important step in the evolution of this threat. More->

πŸ“° In the news

  • Deepfakes get better and better - Obviously, Meta (Facebook's parent) couldn't let Microsoft and Google beat them, so they had to create their own Synthetic Speech Tool, which is obviously better than everyone else's but perhaps sensibly; they developed a detection tool in parallel and are keeping it private to ensure responsible usage. Read->
  • Social engineering overtakes phishing - Verizon's annual Data Breach Investigations Report makes interesting reading for those interested in cybersecurity in general. For those in customer service, the key takeaway is that pretexting (social engineering) type scams with some form of psychological manipulation and customisation for the victim are now more prevalent than the traditional spray-and-pray phishing scams. This will only increase further as generative AI tools get their hands on your personal data. Read->
  • Do we need caller line identificationIdentification is call centre security process step in which an individual record is found in the organisation's systems of record. In this step users claim an Identity. (CLI) authentication? - OFCOM (UK Telecoms Regulator) published its consultation on implementing the same STIR/SHAKEN technology as the US. There is some interesting commentary on the US and Canadian schemes' success (or otherwise). My takeaway is that it's easy for telcos to kick the can down the road and say they are doing something (even if it's unlikely to be effective) to prevent fraud rather than tackle some more fundamental issues. Read->
  • Call centres miss customer expectations. - BT and Cisco Published their annual report on the customer's changing service attitudes and behaviour. This is a well-researched report with more than 4,000 respondents in 8 countries. You really should read the whole thing, but the key takeaways for me were an increase in the volume of calls (77% expect to call up from 65%) and call centre service expectations that most organisations failed to meet (60% want to be answered within 5 mins but only 40% are). It also reinforces the "customer in crisis" role of the call centre. I look forward to this report every year because it usually has a focus on authentication, but this year they focused a lot on the experience of the victims of fraud, with 41% saying they had been a victim but 61% of those saying it was extremely difficult to get the support they needed. Read->

🀣 Just for fun

🀬 Password Game - Infuriating, frustrating, hilarious, tortuous, painful - These are just a few words summarising this brilliant demonstration of why passwords make for terrible security mechanisms. I finally through my computer out the window at level 12. Play->