Provided herein is a holistic fraud cocoon that protects a user from incoming or outgoing fraud and phishing communications by capturing, analyzing and either altering, discarding or presenting communications to the user. For example, the holistic fraud cocoon captures all incoming sources (mail, in-person visits, phone, TV, radio, newspapers and internet) and the actions performed by the user, triggered by those sources. Certain actions are held in a queue to be reviewed, validated and acted upon by a third party before the actions are executed.

Method for detecting fraudulent or abusive use of telephone services comprising the following steps: collecting data on telephone communication exchanges carried out over a given study period from/to telephone numbers and involving roaming and/or interconnection; creating individual files for compiling exchange data for each studied number; revaluing communications based on pre-established revaluation rules to obtain a wholesale cost amount for each studied number; a step E4 of identifying suspicious numbers for which the amount of wholesale costs exceeds a predetermined threshold value over the study period; a step E7 of detecting fraudulent use by analysing exchange data compiled in the files associated with the identified numbers and/or the multiparametric indicators obtained from said data.

Methods for detecting fraudulent or abusive use of telephone services.

A computer-implemented method for correlating payment service submissions and data captured from a call stream is described herein. The method comprises receiving data captured from a call stream by a data capture device; receiving a payment service submission comprising an identifier; determining an association between the identifier and the call stream; and replacing the identifier in the payment service submission with the data captured from the call stream associated with the identifier.

The techniques herein are directed generally to methods and apparatus for automatically classifying interactions with contact center, identifying contacts as being initiated by one of a normal user, a malicious actor, an inexperienced user, or a new type of a user, and invoking mitigation actions such as forwarding the caller to a dedicated agent group based on the identification.

Embodiments described herein provide for performing a risk assessment using graph-derived features of a user interaction. A computer receives interaction information and infers information from the interaction based on information provided to the computer by a communication channel used in transmitting the interaction information. The computer may determine a claimed identity of the user associated with the user interaction. The computer may extract features from the inferred identity and claimed identity. The computer generates a graph representing the structural relationship between the communication channels and claimed identities associated with the inferred identity and claimed identity. The computer may extract additional features from the inferred identity and claimed identity using the graph. The computer may apply the features to a machine learning model to generate a risk score indicating the probability of a fraudulent interaction associated with the user interaction.

One example method may include identifying a call notification of a call intended for a mobile device, retrieving call data having a code object identifier with the call notification, forwarding the call data with a code object to the mobile device based on the code object identifier prior to forwarding the call, and forwarding the call to the mobile device.

An example method of operation may include one or more of identifying an inbound call intended for a mobile device subscribed to a protected carrier network, determining the inbound call is assigned an origination telephone number that is subscribed to the protected carrier network, determining whether an inbound call origination source location indicates the protected carrier network or an out-of-network carrier network based on one or more call parameters received with the inbound call, and determining whether to transmit an indication to the mobile device that the inbound call has an elevated likelihood of being a scam call based on the inbound call origination source location.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting spoof communications are disclosed. In one aspect, a method includes the actions of receiving data identifying a first computing device and a phone number of the first computing device. The actions further include generating an NFT that includes metadata that includes the data identifying the first computing device and the phone number of the first computing device. The actions further include receiving data indicating that a second computing device with the phone number is placing a telephone call and data identifying the second computing device. The actions further include accessing the NFT. The actions further include comparing the data identifying the second computing device to the data identifying the first computing device included in the metadata of the NFT. The actions further include determining whether the phone number is likely being spoofed.

Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Call spoofing can be mitigated by providing geolocation information to the called device. For example, when a call rings, a geolocator can be invoked and the incoming call display screen can show a carrier logo and/or a geolocator globe illustrating the location of the call originator. The geolocation session initiation protocol data can be confirmed by a network device and compared against carrier specific data of the calling device to authenticate voice calls for called devices. In one embodiment location data of the calling device can purposely be shared in order to facilitate the mitigation of call spoofing.