Editor's take: As businesses increasingly rely on outsourced tech support to cut costs, the risks associated with these operations are coming into sharper focus. The threat is no longer just about technical vulnerabilities; it's about the people behind the screens, and the growing pressure they face from both economic hardship and sophisticated cybercriminals.
Hackers are increasingly turning the very systems designed to help customers – outsourced tech support and call centers – into powerful tools for cybercrime. Recent incidents in the US and UK reveal a troubling trend: attackers are exploiting the human element within these support operations to bypass sophisticated security measures and gain access to sensitive information.
In one of the most significant breaches to date, criminals targeted overseas call center workers employed by major American companies, including the cryptocurrency giant Coinbase. The attackers' methods were varied, but they shared a common thread: leveraging the access and authority of low-level support staff, who often earn modest wages and handle sensitive customer data.
According to Coinbase, hackers bribed customer support agents working for TaskUs and other support-desk companies, offering payments of $2,500 or more for insider help. "You're working with a low-paid labor market," Isaac Schloss, chief product officer at Contact Center Compliance, told the Wall Street Journal. "These people are in a position of poverty more often than not. So if the right opportunity comes for the right person, people are willing to look the other way."
The consequences have been severe. At Coinbase, the breach exposed data belonging to as many as 97,000 customers and could cost the company up to $400 million in reimbursements. Attackers used the stolen information to pose as legitimate Coinbase representatives, contacting victims with details about their accounts and convincing them to transfer cryptocurrency to wallets controlled by the criminals.
"Every other day a new case would come in, and it would be, 'I got called by Coinbase, and I lost all my money because it wasn't Coinbase,'" Josh Cooper-Duckett, director of investigations at Cryptoforensic Investigators, told the publication.
This approach isn't limited to the cryptocurrency sector. Retailers in the UK, including Marks & Spencer and Harrods, have also been targeted. Hackers impersonated senior executives to pressure tech-support workers into granting access to corporate networks, a tactic similar to the one used in the 2023 MGM Resorts breach.
The vulnerabilities of call centers extend beyond bribery and corruption. In some cases, hackers deployed malicious software to exfiltrate data in bulk. They began by asking insiders to describe the software running on their computers, eventually discovering a browser extension with a security flaw. By exploiting this vulnerability, the attackers injected their code, allowing them to collect and store large volumes of customer information.
The global nature of outsourcing complicates enforcement. In some countries, workers face few legal repercussions for their involvement in cyber breaches. "We've seen relatively limited consequences, in those regions, for perpetrators," Philip Martin, Coinbase's chief security officer, said. Even when employees are dismissed, "It's a relatively straightforward thing for them to go get a new one," he said.
Companies have invested billions in advanced cybersecurity defenses, but hackers continue to exploit the weakest link: human interaction. "Consistently, the human interaction has proven to be a weak link," Michael McPherson, a senior vice president with the cybersecurity company ReliaQuest, said.