The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.
You’re a call center representative for major telecommunications carrier. Days are pretty easy, you help customers troubleshoot problems and use KBAs to help identify customers to help them. Sometime in the afternoon you get a call from one of your co-workers who is having a technical issue. No worries, this sort of thing happens all the time. After verifying that he had his employee ID number, you help your fellow call center rep get an account number, PIN, email address, and other information to fix the issue. You pack your things up, turn off your computer, and head off. Another day’s work complete.
Here’s What Really Happened
Little did you know that co-worker of yours wasn’t actually an employee, he was a high school hacker, and that information you helped get belonged to a minor internet celebrity. From there the hacker got access to the victim’s email account and found numerous documents, including personal emails, contact lists, phone logs, and even social security numbers. So how did this happen?
- Social Engineering – The high schooler was able to trick several call center representatives into divulging sensitive information all by finding the victim’s phone number online and locating the provider associated with that number. He was able to pass several knowledge based authentication questions (KBAs) just by looking on the Internet.
- Reconnaissance – The caller knew that you would need his employee ID number to get him the information he needed. That means he’d already done his research, making test calls, or searching online, to learn what format to make his own fake id number believable.
- Cross-Enterprise Attacks – Wait – who got attacked here? You gave out the information, but the fraudster was actually hacking into an account at an entirely different company.
Employee Impersonation Scam Examples
The Employee Impersonation Scam can happen to anyone.
High school student uses social engineering to hack CIA Director’s personal AOL account
In September, the FBI arrested a man for calling Macy’s department stores and impersonating the “Director of Customer Service.” With a few phone calls, he was able to get refunds for products never actually purchased.
Anonymous hackers explain how they impersonate Tech Support agents to take over Xbox Live accounts.