Another scary presentation coming to this Thursday's Black Hat conference in Las Vegas is a study by Pindrop Security about the different ways that hackers are exploiting the phone lines. Hackers use social media and publicly available Web information to target specific industries.
From there, they'll hijack a call center's phone line so that an employee might think they're talking to a customer about his or her personal information, but they're actually talking to the thief.
“They try to get information on an account, change personal information on the account like an email address, physical address or telephone number,” explained Pindrop founder, CEO and CTO Vijay Balasubramaniyan. “That way any time the organization tries to contact me, it goes instead to the fraudster and customer is cut out of the loop. It leads to complete account takeover.”
I've heard many listeners complain about the security questions that financial institutions ask. Pindrop's discovery that one out of every 2,900 phone calls to support lines is a fraudster trying to "case" your account means that these security confirmation codes are more than necessary.
Even with these large-scale security measures, hackers use social media and other information available about you online to try to figure out what your security question might be. Although hackers might already have your information, click here to find out if they do.
While the full results of Pindrop's study into how hackers are using the telephone won't be available until the Black Hat Convention on Thursday, the company's initial findings are much more terrifying than I first expected.