Nov 042009
 November 4, 2009  Posted by  Breaches, Business

I saw this social engineering demonstration on YouTube today. Stick with it it although you may find much of it sophomoric and/or annoying. What it demonstrates is that a collection agency, given a phone number by someone who calls in to them, then gives a caller the address and credit information to go with the phone number instead of asking the caller to provide that information. The callers say they were “punking” the credit agency, but there is a serious point to it all when you realize that the collection agency employee did not appreciate that by giving the caller the name and address and asking him to confirm it instead of asking the caller to provide the name and address, that collection agency is not engaging in good privacy and security practices.

Sorry, the comment form is closed at this time.