Pretexting and Social Engineering

Social engineering is a broader term used to manipulate people into divulging personal information usually associated with identity theft. It takes advantage of the vulnerability of people and ignorance. While pharming, and skimming the paper can be regarded as hacking, phishing and pretexting are more one on one. Pretexting is a technique of putting in a service company (i, e, cable, telephone, electricity, schools, etc. ..) so that they are giving out personal information on a selected target. A pretexter have made some pieces home and produced the first pieces of an identity and people, and then try to fill in the blanks. Once enough data are collected, can climb the ranks and get hold of a manager to make changes to the account are referred to as the transfer of funds, adding authorized users, issuing new cards ...

People first coined 'Pretexting' the phrase in 2006, after then-CEO of Hewlett Packard hired private investigators to impersonate members of the council with the telephone company to obtain telephone records because someone leaked boardroom disputes in progress the press. This has led to the intervention of the Federal Trade Commission. Two years later, in March of 2008 are implemented CPNI - "proprietary network information". In the past, the last 4 digits of your social security number, mothers maiden name ', place of birth or even the name of dogs were sufficient for identification.

Today I work for a nation wide cable / internet provider, and it became illegal for me to discuss cell phone records, email addresses, passwords, account balances and the like without an access code or PIN #. Or a random or that provide a (not least # 4 of SSN). The rules are quite simple, and fines are stiff ... As their service provider, at the request of the customer, I can send detailed information call to the address specified by the customer of record. In addition, service providers can call the telephone number of the disk and discuss the detailed information. So it is also illegal for me to give the access code or password, if a customer initiates the call to me.

Then there is the story of how social engineers used pretexting to take over and ruin the accounts of the rival Xbox Live. But that's for another time. The best way to avoid falling victim to deceptive tactics is to stay alert, be aware that they know much about you, and watch your back .......