Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process

Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]

# Inside Caller-as-a-Service Fraud: How Cybercriminals Built a Legitimate-Looking Business Model

The fraud economy has professionalized. Security researchers at Flare have uncovered a disturbing reality: criminal operations running "Caller-as-a-Service" (CaaS) fraud schemes now operate with the management structures of legitimate businesses—complete with hiring processes, employee training programs, performance metrics, and quality assurance. What was once ad-hoc scam work has evolved into a streamlined, scalable criminal enterprise that rivals traditional call center operations.

## The Threat: Fraud as a Professional Operation

Caller-as-a-Service represents a significant evolution in how fraud is organized and executed. Rather than individual scammers making unsolicited calls, CaaS platforms operate as outsourced fraud factories. Threat actors hire, train, and deploy teams of callers to target victims across multiple countries, manage call queues, track conversion rates, and enforce performance standards—all while maintaining operational security to evade law enforcement.

The service model is simple but effective: criminals pay a fee to rent access to trained callers, scripted campaigns, and infrastructure. They provide target lists and desired messaging, and the CaaS operator handles the rest. From the perspective of a criminal purchasing the service, it's frictionless fraud—no hiring headaches, no training burden, no infrastructure to maintain.

What makes CaaS distinct:

Scalability: Operations can handle hundreds of simultaneous campaigns

Specialization: Different "teams" are trained for specific fraud types (romance scams, tech support fraud, impersonation)

Professionalization: Documented procedures, quality control, and performance tracking

Low barrier to entry: Purchasing fraud-as-a-service is cheaper than building in-house capabilities

## Background and Context: The Evolution of Fraud Infrastructure

Fraud has always had an infrastructure, but the industrial organization is new. Five years ago, most fraud operations were loosely coordinated networks of individuals working semi-independently. Today's landscape is different.

The shift parallels the broader professionalization of the cybercriminal economy. As organizations improved their defenses against traditional phishing and malware, scammers adapted. They recognized that human-operated fraud—especially through voice calls—bypasses many technical controls. A person calling from a spoofed number can be remarkably convincing, especially when following a tested script refined through thousands of interactions.

CaaS platforms emerged to capitalize on this advantage. They solved the coordination problem at scale. Why should individual scammers waste time recruiting, training, and managing other scammers when they could simply purchase a service?

The economics are compelling. A single CaaS operator might maintain 50-200 trained callers, operate 24/7 across time zones, and serve dozens of criminal clients simultaneously. The operator captures margin on each transaction, while fraud purchasers get professional-quality execution without bearing operational costs.

## Technical Details: How CaaS Operations Function

Flare's research reveals the operational structure underlying these fraud factories:

Recruitment and Onboarding

Criminal operators post job listings on dark web forums and messaging platforms, advertising positions like "Remote Call Center Representative" or "Customer Service Agent." They typically target individuals in developing economies where wages are low and financial incentives are high. Compensation is offered per successful fraud attempt—a commission structure not unlike legitimate sales organizations.

Training Programs

Newly hired callers receive scripted materials tailored to specific fraud types. Training covers:

Call pacing and timing

Objection handling ("Why should I trust you?")

Social engineering techniques

Use of spoofed caller IDs and VoIP services

Cryptocurrency wallet setup for victims

How to escalate "difficult" targets

Training materials are detailed and tested, often with performance metrics tracked against benchmarks.

Infrastructure

CaaS platforms provide:

VoIP systems with spoofing capabilities, often exploiting legitimate VoIP services with fraudulent accounts

Dialer technology for managing call queues and recording statistics

CRM systems to track victim interactions, conversion rates, and attempt history

Payment infrastructure to receive stolen funds and launder proceeds

Performance Management

Like any business, fraud operations track metrics:

Conversion rates: Percentage of calls that result in money transfers

Average handle time: How long callers keep victims on the line

Revenue per caller: Total fraud amount per employee per day

Quality scores: Adherence to scripts and organizational standards

Poor performers are retrained or removed. Top performers may be promoted to team lead or supervisor roles.

## Implications for Organizations and Individuals

The professionalization of CaaS fraud has serious consequences:

Volume and Scale

A single CaaS operation can execute thousands of fraud attempts daily across multiple campaigns. This means organizations face an unprecedented volume of coordinated, professional social engineering attacks.

Sophistication

Trained callers are more convincing than amateur fraudsters. They know how to build rapport, overcome skepticism, and exploit psychological vulnerabilities. They're coached on industry terminology, company structures, and common objections.

Targeting Precision

CaaS operators use purchased data lists that include names, phone numbers, email addresses, and sometimes financial information. Calls feel personalized and credible. They often impersonate trusted entities—banks, government agencies, tech support vendors—making victims more likely to comply.

Financial and Reputational Damage

Organizations experience losses through:

Direct theft from employee or customer accounts

Credential compromise leading to system breaches

Fraudulent transactions and chargebacks

Reputational damage when employees or customers become victims

## Recommendations: Defending Against CaaS Fraud

For Organizations:

1. Implement robust call verification: Train employees to independently verify caller identity through official channels. Never rely on caller ID alone.

2. Deploy advanced threat detection: Use AI systems to identify fraud patterns in call data—unusual volumes, spoofed numbers, script-like phrasing.

3. Establish clear verification procedures: Require multi-factor authentication for sensitive transactions, even when "verified" via phone.

4. Monitor for breaches: Regularly check if your organization's data appears on dark web marketplaces where CaaS operators source victim lists.

5. Educate staff and customers: Regular training on social engineering tactics, red flags, and proper escalation procedures.

For Individuals:

Treat unexpected calls from financial institutions as suspicious; hang up and call the official number instead

Never provide personal information, credentials, or account details over the phone

Be skeptical of urgency and fear-based pressure

Report suspicious calls to authorities and the impersonated organization

Use call filtering services on personal devices

For Policymakers:

Increase enforcement against VoIP services and payment processors enabling fraud

Require carriers to implement stronger caller ID authentication (STIR/SHAKEN)

Pursue international cooperation to disrupt major CaaS operations

Create incentives for reporting fraud infrastructure

## Conclusion

The industrialization of fraud represents a fundamental shift in the threat landscape. When scammers operate with professional management structures and economies of scale, the impact grows exponentially. Organizations can no longer rely on simple awareness training or basic call screening. The battle against CaaS fraud requires layered defenses, employee vigilance, and policy-level interventions.

As Flare's research demonstrates, cybercriminals are not lone wolves—they're running businesses. Understanding that business model is the first step toward disrupting it.