Ofcom to block ’millions’ of suspicious call in reponse to rise in scams – IEEE comments
July 2024 by IEEE
Millions of suspicious calls from scammers abroad will be blocked as UK telecoms rules become stricter, the Office of Communications (Ofcom) has said*. Future phone companies will have to stop calls from abroad which imitate UK landline numbers, a practice known as "spoofing". The requirement, which comes into effect in January 2025, is designed to protect people who are more likely to trust a call because it appears as a UK number on their handset. Ofcom also called for firms to come up with "innovative solutions" to tackle fraudsters who imitate UK mobile numbers.
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university offers the following statement:
"Telephone-oriented attack delivery (TOAD) is an emerging phishing technique that combines elements of voice and email phishing to exploit victims. In these attacks, perpetrators contact the targets via the phone, impersonating officials from reputable entities to establish trust. The conversation is designed to extract sensitive data, such as login credentials or financial information. Following the call, the attacker sends an email to the victim, including a malicious link or attachment aimed at further compromising the victim’s security.
"The effectiveness of TOAD attacks lies in the attackers’ ability to manipulate social engineering principles, leveraging the perceived authority and trustworthiness of well-known organisations to bypass conventional security measures. Due to their dual-channel approach and targeting of specific individuals, people need to be extra vigilant. These attacks rely upon dynamic websites and tailored techniques which have an alarmingly high success rate, and low detection rate. Unsolicited communications which ask for personal data should be thoroughly checked. It’s also important to avoiding clicking on links or downloading attachments from suspicious emails. For those who are concerned that they have been caught out by the attackers, they should review online accounts regularly – this helps to flag signs of fraud or rogue charges."