Chapter 3
Does anyone use caller ID these days? At this point in the book it seems to me that companies should invest in a caller ID system so their employees can see where a person is calling from. If a company had caller ID, one of these social engineering scams might go something like this: [con artist] “Hi this is Ted from billing, my computer crashed and I need to know client X’s social security number” [honest employee] “ Well Ted, my caller ID shows that you are calling from a pay phone” [con artist] “ugggghh….thats because my phone went down and I….” [honest employee] “ Have a nice day.” With caller ID, an employee would be able to see where a caller is calling from and can easily determine a fake. Managers could tell their employees to only disclose information to those calling from an office line or a line from another branch location.
This chapter further illustrated how con artists take advantage of employees helpfulness. Makes you wonder if a corporate attitude of selfishness and unhelpfulness would be a wise choice these days? After reading these stories it seems like CEO’s and managers have no choice but to put their employees on a zero information policy unless some technology (caller ID) can be used to verify identities of callers. I have often been frustrated in the past when calling companies, and they have told me “we cannot give that information over the phone”, however I now know why.
2 comments:
Eric, I was thinking the same thing you were about the caller ID. The last place I worked all the phones were connected (even with the branch in New Jersey) so that when they called you their extension number came up. You could tell immediately if the call was from someone in the company or not. That seems like a simple fix to the problem of people calling up and pretending to work in another department. Investing in that type of phone system seems to be an easy step to get around social engineers, it at least would make their job a little bit tougher.
Post a Comment