Threat: Customer support leaking customer data in social engineering attacks.
Solution: Reduce digital footprint of public personal information to limit access to information which can used with customer service.
This is an interesting article on how customer service can be targeted in social engineering attacks to give out your personal and financial information. In this case the individual was targeted multiple times through Amazon customer support. The attacker used information obtained about the individual online and after a series of online chats and phone calls built up more personal information about the victim and ultimately obtained his financial information.
This is a difficult attack to defend against. The first best defense is limiting the amount of online information available about yourself and your employees. As this victim did, it’s also important to follow up on any clues to potential breaches of your information. When a service allows it, using some form of two factor authentication is also highly advisable.
Who is Paul Darr?
Paul Darr has lived in California, Oregon, Colorado, and currently lives in San Antonio, Texas. Paul is also an Army Veteran, who has deployed to Iraq and Afghanistan. On the political spectrum Paul is a Libertarian that advocates fiscal responsibility and social tolerance. Paul is currently employed as an IT Manager and is a father of a handsome boy and beautiful daughter. In his free time Paul enjoys reading, using and modifying open source software, gaming, and several other geeky pursuits.