With the Executive Yuan holding a press conference on the "New Generation Anti-Fraud Strategy Action Program" and forming a national anti-fraud task force, the Financial Supervisory Commission has recently collaborated with the Criminal Investigation Bureau and the "Securities F4" including the stock exchange, over-the-counter market, futures exchange, and central securities depository to announce a brand new anti-fraud policy. At the same time, TrustTech company Gogolook has also partnered with the Criminal Investigation Bureau to release Taiwan's first "Corporate Impersonation Incident Report" today (28th), which provides a data-driven in-depth analysis of the types and trends of impersonation calls, while integrating perspectives from the Institute for Information Industry, KPMG, and other cybersecurity and enterprise risk management viewpoints to provide companies with self-assessment and evaluation indicators, raising awareness of fraud prevention among enterprises.
Scam and spoofed calls also have factions! Whoscall teaches you to distinguish between 'altered numbers' and 'impersonated numbers'
According to the analysis by the stranger call identification APP Whoscall and the Criminal Investigation Bureau's 165 anti-fraud consultation hotline, in recent years, the types of malicious calls impersonating have spread from large targets such as banks, e-commerce platforms, and government agencies to public welfare organizations or micro e-commerce, leading to consumer complaints and distrust, affecting brand reputation and external perception.
According to the fraud methods, Gogolook categorizes the currently common spoofed calls in the country into two main types: "altered numbers" and "impersonated numbers." First, altered numbers often use cross-border VoIP calls, mimicking the numbers of specific operators, with common characteristics including starting with 0 or having a + sign (e.g., 0886, +886, etc.), and the purpose is often related to fraud, which has been a focus of Whoscall and long-term police advocacy and prevention. The other type is mainly referred to as impersonated numbers, where fraud groups or unscrupulous operators arbitrarily use general domestic telecom numbers and claim to represent specific enterprises and businesses, engaging in forced sales or fraud, leading to the public being deceived or insulted, causing misunderstandings for the original enterprises or units.
Identity theft phone calls cannot be ignored Gogolook statistics: Over a hundred businesses and institutions in Taiwan suspected of being impersonated within a year
According to Gogolook's further examination, impersonation calls have mainly appeared in large numbers since last year (110), precisely because they are not restricted by any equipment thresholds, leading many unscrupulous operators to take risks. For example, some high-interest loan operators have begun to impersonate well-known banks to lure the public into applying for loans. With the outbreak of a large number of familiar scam iMessage texts in July, the Securities and Futures Bureau's investigation indicated that in the first half of this year, as many as 9 brokerage firms were impersonated, along with 4 investment advisory firms, 3 investment trusts, and 1 financial holding company that were also impersonated by scam groups. In addition to financial operators, according to Whoscall's user number reporting records over the past year, there have been records of suspected impersonation involving over a hundred brands and units across Taiwan, including Chunghwa Telecom, Taiwan Mobile, National Electronics, the Ministry of Health and Welfare, Momo Shopping, and Taiwan Lottery, all listed as victims.
The Institute for Information Industry, which has just integrated into the Digital Development Department system, has long focused on the field of digital identity verification. Dr. Zhang Wencun, the technical director of the Institute's Cybersecurity Department, stated: "Not only is the situation of identity fraud rampant domestically, but it is also quite prevalent abroad. From the perspective of cybersecurity protection, how to effectively, quickly, and accurately conduct digital identity verification and authenticity assessment is a very important issue for individuals, businesses, enterprises, and public sectors."
Scam groups have many tricks! Whoscall blocked at least 500,000 impersonation calls and 850,000 impersonation messages
According to the number inquiry identification statistics, as of this year (111) in August, Whoscall has blocked 500,000 impersonation calls and 850,000 impersonation messages. Taking phone calls as an example, during January and February, fraud groups targeted domestic securities firms, such as Meihao Securities, Daqing Securities, and Xinguang Securities; starting in March, they began impersonating domestic social welfare units, affecting the fundraising effectiveness of related organizations. In terms of impersonation messages, in March and April, fraud groups massively impersonated virtual currency exchanges, reaching a peak, and continued to use pandemic-related topics to impersonate units such as the National Health Insurance Administration, the Ministry of Health and Welfare, and the Centers for Disease Control. Since July, fraud groups have expanded their use of the built-in iMessage communication software on iPhones to increase dissemination channels and penetration rates. The Criminal Investigation Bureau's 165 anti-fraud consultation hotline has strongly urged the public to directly disable the iMessage function to prevent similar fraud!
Impersonation must be taken seriously! KPMG: Brand reputation is not only a risk management issue but also a key competitive advantage for enterprises
Due to the large customer base of banks and e-commerce operators, they are most susceptible to impersonation by unscrupulous operators or fraud groups. Observing the reports from Whoscall users, it is found that most impersonation calls have a bad attitude, and even resort to abusive language after being rejected, indirectly damaging the image of the original operator. According to Deloitte's "Global Risk Management Survey" conducted during the pandemic, the growing risk management trends include credit risk, cybersecurity risk, ESG risk, and risks from third parties. The third-party relationships bring a series of unique risks, including data privacy and unethical behavior.
Wen Shaoqun, Senior Executive Vice President of Risk Consulting Services at KPMG, pointed out that third parties impersonating large enterprises or organizations to communicate false information to the public or potential targets will affect the public's trust in the enterprise, increase the communication and maintenance costs of the public relations department, and may lead to public complaints due to similar incidents, resulting in damage to the company's reputation. If the market is flooded with indistinguishable true and false information, such as marketing messages from financial advisors and messages from brokerage salespeople, if the public cannot identify the authenticity of the information source, it will lead to a decrease in the channels and opportunities that truly reach customers, resulting in business losses, while also affecting shareholder rights, and customers may miss out on useful solutions or information for themselves. Wen Shaoqun added that in a rapidly changing macro environment, corporate leaders should not only view data privacy and security as risk management issues but should see them as potential sources of competitive advantage, as they may be core elements in building corporate brands and corporate reputation. Having a trustworthy corporate brand and reputation will help enterprises build stronger resilience to cope with future changes and challenges in an environment full of high uncertainty.
Gogolook released the top 4 types of impersonation messages in the first half of the year, significantly impacting logistics, banking, and cryptocurrency exchanges.
Analyzing the user reports of phishing SMS scams in the first half of this year, Gogolook and the Criminal Investigation Bureau's 165 anti-fraud consultation hotline categorized the content into four types: package delivery, stock investment, loan schemes, and account abnormality notifications. Firstly, "package delivery" belongs to the early replication methods of scam SMS, and in March and June of this year, it was intensively sent under the names of Chunghwa Post and DHL. However, due to the use of simplified Chinese characters, it was easier for the public to identify and less likely to fall for. According to statistics from the Criminal Investigation Bureau, the "stock investment" scam, which caused a total financial loss of 5 billion NT dollars last year (110), continues to impersonate business representatives from Yuanta, Taishin, and KGI, asking the public to add them as friends on messaging apps to initiate a series of investment fraud tactics. The SMS of the "loan schemes" type mostly claim to be from Citibank, Cathay United Bank, and Mega International Commercial Bank, while simultaneously using fake Line accounts and websites to enhance the authenticity of the impersonation. The phishing SMS for "account abnormality notifications" this year has targeted virtual currency operators, especially with a significant number of messages impersonating Binance in April. Gogolook recommends that if brands regularly use SMS to send notifications to consumers, they should use a fixed sending number and register a Whoscall certified number, along with internal platform systems or community channels to remind consumers to recognize the designated number, to avoid becoming victims of fraud.
Gogolook creates Watchmen reputation protection service to help enterprises solve the threats of impersonation calls and text messages**
In order to reduce the impact of counterfeit fraud on business operations, Gogolook utilizes frontline anti-fraud experience and technical accumulation to develop the "Watchmen Reputation Protection Service," equipping businesses with a dedicated system and team using the "Whoscall Certified Number" in conjunction with the "Counterfeit Detection System" to detect counterfeit information in text messages and phone calls in real-time, helping brand merchants activate anti-fraud mechanisms at the first moment. In addition, Watchmen also offers an upgraded version, adding domain and social media counterfeit detection services to the existing communication protection mechanism, providing comprehensive protection for the digital reputation of enterprises. Wen Shaoqun pointed out that businesses can continuously detect public perception of the brand and use advanced reputation risk perception technology to grasp potential threats before a crisis occurs, through proactive and effective risk management, eliminating and responding to crisis management and protecting the brand reputation of enterprises, thereby reducing the impact of potential brand and reputation threats.
Watchmen service was favored by e-commerce brands when it went live. The Taiwanese design brand 印花樂 was briefly affected in the past due to an external ERP system vendor being hacked, but has now been using Watchmen service for over 9 months. 印花樂's Executive Director 蔡玟卉 stated: "We place great importance on our customers' consumption experience and strive to curb fraud groups from harassing or scamming customers under the guise of our brand. Watchmen service allows us to register our official number under a designated name, while also adding information such as our logo; in the event of impersonation, our dedicated team will provide immediate handling suggestions, protecting the corporate image while also preventing customers from being scammed."
「Watchmen Trademark Protection Service」3 Major Fraud Barriers:
- Real-time detection and protection: Through a merchant-exclusive system and team, real-time detection of counterfeit information; combined with the only solution in Taiwan, Whoscall, providing real-time protection for 7 million end users in Taiwan, avoiding the risk of fraud.
- Quick response and marking: Provide merchants with one-click reporting and marking, synchronously update the blacklist, and block the possibility of being misused again.
- Cross-domain fraud tracking: In addition to accurately detecting attack vectors such as phone calls and text messages, it also provides Watchmen Enterprise Edition upgrade services, incorporating domains, URLs, and social media into the detection scope, expanding the defense range.
