I think this may be the best yet… I’ve just had to call my cellphone provider, O2, about a fault on the account. After ten calls to different numbers (I’m not kidding - I counted them) I finally got through to a human. It went like this:

Yup, that’s right he asked me for my password and when I couldn’t remember it he immediately told me what it was. I’m obviously getting really l33t at this social engineering thing. So here’s an experiment we can all try at home: next time you have to speak to your bank, your credit card company, the telephone company, whoever, do a little probing to find out just what you can get them to reveal. Forget (temporarily) any passwords or security questions and confine yourself to information about yourself that’s public - name, address, postcode, maybe your phone number. Bear in mind that it’s not hard to find your mother’s maiden name or your date of birth either - these being matters of public record. Let me know how far you get.

This entry was posted on Thursday, October 6th, 2005 at 1:15 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.