Social Engineering Used to Beat Telephone Verification
A recent inquiry was sent to us with the following:
“I think I am the target of fraud. I was instant messaging with a lady. She said I was going to receive a call with a 4 digit code. She said to tell her the code so she would know it was ok to call me and i had not given her a bogus phone number. After I gave her the 4 digit code from the call she stopped talking to me.”
Unfortunately, it appears likely this person was indeed the target of fraud. It’s a classic case of social engineering. In this case, the fraudster befriended the victim to gain enough trust to get their telephone number. The fraudster then used the victim’s telephone number during the telephone verification process to whatever application they were trying to gain access to. When the verification process was activated, the victim answered their phone, noted the PIN code and released the PIN code to the fraudster. Once the PIN was verified, the fraudster had no more use for the victim, thus stopped communicating with them.
Some people are desperately looking for ways to beat the telephone verification process and have resorted to using genuine phone numbers of unsuspecting people who they meet in various Internet chat rooms or social networking sites like MySpace and Facebook, just to name a few. You might think it’s quite a bit of work to do this, and you’re right, it is, but to the fraudster, the effort depends on what’s at stake.
Bottom line is always beware of anyone you meet online who you don’t know and don’t have a trusting relationship with. Never reveal any personal information when communicating via email or instant message - especially if the recipient is someone you don’t know and trust. Personal information that should never be shared includes, but is not limited to:
- Phone Numbers
- Email Addresses
- Passwords
- Usernames
- Credit Card Information
- Social Security Number
- CVV/CVC Codes
- Physical Address
- Zip Code
If you suspect someone is trying to get information from you, stop the communication immediately. If chatting, turn your chat program off. If via email, simply stop responding. If you suspect that you may already be the victim of identity theft, check out this site on what to do, http://www.privacyrights.org/fs/fs17a.htm.
Here are some additional resources:
http://www.ftc.gov/bcp/edu/microsites/idtheft/
http://en.wikipedia.org/wiki/Identity_theft
http://www.identitytheft.org/
http://www.privacyrights.org/identity.htm
http://www.idtheftcenter.org/
http://www.lifelock.com/
Got something to say?
Recent News
- Telecentrex To Help Showcase FreedomIQ at ITEXPO West
- Telecentrex To Help Showcase FreedomIQ at Channel Partners Boston
- Telecentrex and GameQuestDirect Team Up to Serve Gamers
- Telecentrex Helps Conservation International Save The Planet
- Small Businesses Get Free Help with Internet Marketing
Most Read...
- Phone Verification Cancels Craigslist Boycott
- Craigslist Deploys Phone Verification
- 7 Questions You Must Ask Your Virtual Phone Service Provider
- 8 Ways To Develop Trust Online
- A Telework Program For Your Small Business: The Why And The How
- Duplicate And Automate Your Way To A More Productive Downline
- eBusiness Launch: Tips To Get You Started
- Home Sweet Home Office
- Get Out Of Your Own Way To Increase Your PPC Conversions
- Google Protects Adsense with Telephone Verification