> He then called Amazon with what little information he had gained and cried that he had lost his password and didn’t have access to that email address anymore. The representative caved and reset the password over the phone giving him full access to my Amazon account. His plan was to then gain as much information he could with Amazon (last four of credit card numbers, current and previous addresses, etc…) and use that as ammunition to do the same thing with Apple. And it worked. He had an email in his gmail inbox with instructions on how to reset my iCloud account.
Whatever you think of the state of cybersecurity in terms of encryption, implementation, and user-interface (including 2-factor authentication)...it doesn't seem that the protections against social engineering have developed at the same pace as the increasing ease of accessing public records
>Whatever you think of the state of cybersecurity in terms of encryption, implementation, and user-interface (including 2-factor authentication)...it doesn't seem that the protections against social engineering have developed at the same pace as the increasing ease of accessing public records
Yep. Around the same time I started using a randomly generated 24 digit alphanumeric password generated with an offline computer, I noticed a twin person who looked nearly the same as me nearly started living in my apartment, and asking an awful lot of questions about our supposedly shared childhood, wanting to "catch up".
It was certainly nice suddenly having a twin, but it wasn't until he suddenly disappeared three years later that I realized I should have been just as wary about social engineering as I was about my encryption.
third (sarcasm). I don't think the bar with social engineering has moved NEARLY as much as cyber security has. It's practically impossible to keep a computer secure, but very easy not to be duped by strangers on a social level.
What if the people getting duped to give away your account are minimum wage call centre workers who'd probably like you off the phone ASAP? You're a genius who'd never get scammed like this, fine, but you're not the weakest link here.
People get duped by strangers all the time. It's much easier to find out someone's childhood pet name than to, say, break TLS. A lot faster and usually less conspicuous too.
Hell, getting the last four digits of someone's credit card number might be as simple as pulling a receipt they threw away out of the trash.
Whatever you think of the state of cybersecurity in terms of encryption, implementation, and user-interface (including 2-factor authentication)...it doesn't seem that the protections against social engineering have developed at the same pace as the increasing ease of accessing public records