Fraudsters are exploiting contact centres as entry points for co-ordinated, increasingly
AI-driven cross-sector attacks. Businesses that can respond with earlier detection hold the key to combating widespread fraud across the entire organisation
Reports and headlines continue to remind us that fraud is not going away and, indeed, is increasing. The latest numbers from CIFAS’s Fraudscape 2025 six month check point indicate 217,000 new cases were filed between January and June this year, across a range of sectors including, financial services, communications (telco), insurance and retail.
CIFAS also notes a 25% spike in identity fraud filings from insurance companies, mainly in relation to motor insurance, and that telcos have seen a shift in filings from identity fraud to account takeover. This cross sector, cross channel view of fraud trends is reflected in the activity we see at Smartnumbers.
Our customers’ telephony data provides a unique picture of how fraudsters use contact centres at multiple stages during a fraud, including to gather the data that makes later attacks possible. We frequently see signs of the very early stages of fraud, even when it is carried out elsewhere.
Contact centres are being exploited by fraudsters who use them as gateways to sensitive customer information. Known in financial services as the reconnaissance and set-up phases, these early stages in the fraud lifecycle are when criminals gather information and prepare accounts to make later fraud possible. These kinds of activity are widespread and growing in scale.
Laying the groundwork for fraud
Fraudsters exploit interactive voice response (IVR) menus to confirm security questions, validate account details or map call flows. They learn which questions agents ask and what systems check. They initiate short, seemingly low-risk requests, such as checking an address or adding a secondary number.
These early actions are seen as low-risk and leave few traces, which is why many organisations underestimate their significance or may not be aware of them. This activity might seem harmless in isolation but it enables fraudsters to set up accounts for later attacks. Ignoring these signs is costly, because by the time a fraudulent transaction occurs the groundwork is already complete.
Our research shows that fewer than half of organisations have automated tools to flag warning signs of this activity – such as calls from numbers registered on deny lists, multiple calls from the same number in quick succession or multiple customer accounts or policies being targeted by the same caller(s). Many still rely on manual workarounds. The result is a critical blind spot, with businesses remaining focused on transaction-based events while attackers move freely in the earlier stages of the fraud process.
Our cross-sector view
Across sectors, we see the same playbook of activities repeated thousands of times by the same organised groups of fraudsters. Personal information gathered in one sector can also be used for fraud in another. For example, telco customer account records can be gathered to help bypass security with their bank. Stolen card details can be used to purchase last-minute tickets with an airline.
Some businesses may be struggling to modernise, but criminals are not. They have embraced automation and, increasingly, artificial intelligence (AI). Analysis of our data shows that bots are increasingly probing IVR systems to steal or validate stolen personal data. If a fraudster knows a person’s birth year and month, a bot can easily make 31 calls to find the correct day. Combined with details gathered from sources such as social media, that can unlock customer accounts.
As criminals increasingly use automation and AI to scale their operations, combating these threats requires more than tactical fixes. It demands systemic changes in how organisations detect warning signs, a shift in focus from stopping fraud transactions to preventing them.
Talk to us about how we can help.
