Skip to main content

Credit Card Phone Policies, Social Engineering and You

I called my credit card company earlier this evening to either have my credit card discontinued or have my annual fee waived. Due to the problems I had with that company, it was not really my loss if they didn't waive my annual fee. Everything went smoothly and as the transaction completed, got home, started browsing, I came across this very nice article about cyber security (ironically) courtesy of Microsoft and (more ironically) released for free. 12.3MB downloadable here.


Then I thought, I think there's a bit of a security hole in those companies policies. I remember Kevin Mitnick and his book, The Art of Deception.


You see, banks asks about details which identity thieves could easily obtain. Take for example, I was asked for my credit card number and my full name. Credit card numbers could be easily listed down by some employee of a merchant you bought some goods on, so is your full name (its on the card Sherlock). Even that 3 digit CVV2 code behind the card. So make sure that you keep an eye on the person whom you hand your credit card to. But sometimes this is hard, take restaurants for example. When you ask for your bill, you drop your card on that black sleeve and wait for it to come back. You don't normally follow the waiter around to the cashier just to make sure that they don't do something funky with your card details.

Second, the card company normally asks for your mother's maiden name, your cellphone number and/or your home phone, and your birthday. Your phone number and birthday? Check your Facebook profile, you've might have given it away there. Home phone number? You might want to un-list yourself in next years Yellow Pages. Mother's maiden name? Someone pretending to be from a certain company calling your mothers secretary at her office could easily pry that information from that unsuspecting secretary. Heck, maybe even Google Search has those information about you.

But if you're pretending to be somebody else, even with those information, they could still trace your number! Sherlock, there's a thing called a payphone.

I don't know up to what extent one could exercise phone banking powers, in my phone conversation a while ago, just by saying yes to discontinue my credit card they would immediately process it. Now, use your imagination. What if someone who has a grudge on you, pretends to be you and calls your credit card company and right then and there terminated your card? Isn't that a pain in the ass?

Or what if that person, asks the bank on what current promos or bundled insurances they have? Then you'd just be surprised when you find out that you're already being charged for insurance payments which you never actually approved. The possibilities are endless.

I think banks and credit card companies should improve their identification or authentication techniques. If you watched the video with Leo Laporte and Kevin Mitnick, you'll be surprised on how easy it is for people to do those things.


The Art of Deception is available for purchase from Amazon or you could have it imported through your local book vendor.

Comments

Popular posts from this blog

Moving to a New Linux Web Based Torrent Client

For years, I have been using TorrentFlux (url here) as my primary torrent client situated in my Ubuntu download server. But as time went on, the developers completely abandoned the development of TorrentFlux which led to several forks which I think is still insufficient for my needs. Main GUI of TorrentFlux Ive checked several options which runs on a GUI-less environment. Since my Ubuntu server is just running on command line to save precious memory, I needed something bare, simple and is packed with features. Installing uTorrent Server is pretty straight forward. Download. Uncompress. Run. This is better than the approach of TorrentFlux which you need to setup LAMP server and create a database. More often than not, it happens to me that some of the data in the DB gets corrupted. I normally just reinstall the whole thing again. Main GUI of uTorrent Server To further elaborate on the setup process, I've gotten an excerpt from this thread which, quite simply discusses ho

LTE and the Unlocked iPhone 5

So heres the deal, theres a new iPhone out there and its got the new blazing LTE. If you're planning to get one buying from countries which have unlocked options (Canada, Singapore, Hong Kong) doesnt necessarily merit that you'll get LTE compatibility wherever you go. In the iPhone 5 website, theres a little asterisk there. Pretty sneaky if you ask me, that they have created 2 different models probably using 2 different LTE chips. GSM model A1428*: UMTS/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz); LTE (Bands 4 and 17)  GSM model A1429*: UMTS/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz); LTE (Bands 1, 3, 5) - From: http://www.apple.com/iphone/specs.html So what does this mean? If you're planning to get an unlocked unit from other country, LTE speeds might not be compatible with yours. From Wikpedia , theres a working list of LTE bands per country. With me residing in the Philippines it seems t

Ive Messed Up My Master Boot Record

I got too overly excited in refreshing my OS installation in my old Inspiron 640m that I just cleaned off the Linux partition through the Drive Management Snap-in of Microsoft while I was still booted in XP. I completely forgot that the GRUB was the bootloader managing my OS selection in the Master Boot Record of my drive. In plain English, I wanted to clear out my old Linux installation and merge the partition with the old XP partition when I run the Windows 7 install. It was a mistake to use the Drive Management Snap-in rather than having the Windows 7 installation take care of the partition clearing. This caused problems because the bootloader (GRUB) or the one which asks which OS are you going to boot is in the partition I wiped out. Therefore, I cannot go into the Linux partition (obviously, since it has already been wiped out) nor the Windows XP partition. There is a quick fix with this by using the XP install CD and fixing the MBR by going to the command prompt and typing fi