Paul Morris, head of fraud product at Vonage and a Comms Council UK fraud group member, has been at the forefront in the fight against fraud. He spoke to Comms Business and explained that the scale of the UK telecommunications industry has made it a prime target for fraudsters.
“As the telecoms industry has become much bigger and there’s a much greater reliance on it, both for our work and personal lives, so the problem of fraud has also become much bigger,” said Morris. “And it’s only going to get greater due to the global nature of the issue as the risk of prosecution or penalty is very low for the criminals.”
This trend is evidenced in the National Cyber Security Centre’s 2024 cybercrime report, which found that more than half of UK businesses are affected by cyberattacks. Of those, more than 90 per cent of these attacks are phishing related.
With the average cost of a cyberattack estimated at between £1,000 and £2,000, and approximately nine million attacks annually, that amounts to a combined £9 million to £18 million hit for businesses every year.
Sophisticated techniques
Morris said that fraudsters use whatever means they have available and continue to adopt increasingly sophisticated techniques and technologies. This has evolved, he said, from, in its most basic form, toll number fraud, through to artificial traffic inflation, with fraud becoming an industry in its own right through the sale of stolen data and credentials on the dark web.
“Fraud continues to be a really serious threat for the entire telecoms industry,” said Morris. “It’s a constant challenge that has never really gone away – it has just evolved over time into new forms.
“Fraudsters will move to where the targets are and, with the advent of digitalisation and people increasingly moving their lives online, the prize has become even greater. Over the last two or three years, this has escalated with the proliferation of organised global groups operating across multiple jurisdictions, meaning that even if you manage to shut them down in one country they will just move onto another target elsewhere.”
Among the most prolific forms of fraud Morris has seen in recent years has been number spoofing, where overseas-based scammers use numbers purporting to be from the UK to contact victims. This has extended to social engineering such as phishing by email and text message, he said.
“This has resulted in a loss of trust among consumers,” said Morris. “Such is the scale of the problem that they no longer trust the number that appears on their phone or even the voice at the end of the line, that they are who they say they are.”
Impact on businesses
The impact of fraud on businesses can be devastating, said Morris, not only financially and operationally, but also reputationally. In the worst cases, he said, it can put them out of business.
“The financial losses and harm that can be caused are horrendous,” said Morris. “For small businesses it can, indeed, be existential.”
AI has a big role to play in the detection and prevention of fraud, said Morris. While many fraudsters have adopted it as an attack method, he said that businesses can also turn the technology to their advantage. By training it to learn all of the company’s systems, processes and customers, he said that it can be used to protect against such attacks occurring.
Morris said that some businesses are even using their fraud prevention capabilities as a competitive advantage. By establishing themselves as a leader in this space, he said that they can build and maintain consumer trust. But to be truly effective, he said that this must first be achieved as a standard across the industry.
To better protect themselves, Morris said that companies need to have robust cybersecurity practices in place. These include, he said, one-time passwords, system logins and secure website designs.
“The National Cyber Security Centre and Action Fraud are good resources for this,” said Morris. “At the end of the day, it’s better to prevent an attack happening rather than being reactive to it.”
Collaborative efforts
Another key to tackling fraud, said Morris, is greater collaboration between industry players, not just the big four telcos. By sharing information, as they do in the banking and financial services sector, he said that they can close the net on the criminals.
“There are many highly innovative small businesses out there that have a vital part to play, but they’re just not getting this data currently,” said Morris. “What’s needed is government and the regulators to establish frameworks for sharing and collaboration, and to put a solution in place that is affordable, scalable and accessible for all.”
This article was included in our December 2024 print issue. You can read the magazine in full here.