Home Tell a Friend! Contact ICFE Link Exchange Search ICFE Subscribe ICFE About the ICFE
ICFE News Releases ICFE in the News Children and Money Financial Education Personal Financial Counseling with Paul S. Richard, RFC Credit Card Tips Credit File Correction Mending Spending Links and Resources Order Options
 

ICFE
ICFE eNEWS #18-18 - August  2018

Social Engineering - Exploiting the Human Factor
By Yan Ross, Director of Special Projects, ICFE

With thanks and acknowledgement for the good works of the Herjavec Group on cybersecurity challenges, we report this week on a verified case of social engineering. The incident was carried out on a "white hat" basis against a leading cell phone company. The video of the event is posted here.

In less than 2 minutes into a phone call to customer service, the hacker is able to secure sensitive information about the real account holder. Even worse, the hacker adds herself and another family member to the authorized user profile on the account.

Note the posted comment from the real owner of the phone account: "It's amazing how quickly you can 'hack' into someone's accounts without touching code. No amount of technology is going to stop this."
It's worth noting the techniques of adding urgency to the call: they include time constraints on the caller's end, and the emotionally charged recording of a crying baby. It's all calculated to distract the customer service representative from the unauthorized nature of the call and emphasize how much the caller needs help.

From the identity theft and cybersecurity side, several questions arise, such as:
• What training did (or did not) the customer service representative receive in order to avoid falling for this manipulation?
• What cybersecurity or programming defense could be used to intervene?
• What other activities or industries are subject to this same type of social engineering?
• What training programs are available to help employees avoid this scam?
From the individual company perspective, several more questions arise, including:
• What training and educational resources do we provide to our employees?
• How do we coordinate between the IT and security departments of our organization?
• How often do we conduct training exercises for employees who have access to the company servers and/or receive outside calls and visits?
• What outside resources do we call upon to assist in setting up defenses against this type of exploit?

Any responses that rely on "It can't happen here," or "Our IT office has that under control" are simply inadequate. Statistics from various studies have consistently shown that the majority of data breaches are rooted in human vulnerabilities and human failure to institute and enforce appropriate training and compliance procedures.

The takeaway: It's incumbent upon all elements of the organization to participate actively in defending against identity theft and cyber attacks. Human resources, for instance, can't just rely on the IT office to solve the problem, especially when social engineering is the method and no code or computer programs are involved in the exploit.

Only a baseline training program, with frequent updates, can provide a defense adequate to avoid social engineering and individual manipulation scams like this one.

Yan Ross Bio PhotoYan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info


Paul S Richard PhotoICFE eNEWS is available FREE upon request by visiting our Web site and filling out the contact form, and selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

About the ICFE:

The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation).  The ICFE is dedicated to helping consumers of all ages to improve their spending, increase savings and use credit more wisely. 
The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its education programs and Resources. It publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.

The ICFE became an official partner with the Department of Defense/Financial Readiness Campaign in June of 2004.The ICFE was an active partner in the California Student Debt Resource Awareness Project (CASDRAP) which resulted in a new web site: (studentdebthelp.org).  CASDRAP disbanded in 2010, shortly after the web site project was completed.  In 2011 the ICFE assumed the single sponsorship of the (studentdebthelp.org) web site and is now responsible for its content and operation.

The ICFE is also an on-line help for consumers who spend too much.  ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.

Visit the ICFE's other web sites at: www.financial-education-icfe.org and studentdebthelp.org.  Both sites helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G,  a free eNews, and an online resource center for students, parents and educators, plus financial education learning tools and a book store.

Home ] ICFE News Releases ] ICFE in the News ] Children and Money ] Financial Education ] Resource Center ] Credit Card Tips ][ Credit File Correction ] Mending Spending ] Links and Resources ]  [ Online Store ]

 

Copyright ©  1997 - by Paul S. Richard
and the Institute of Consumer Financial Education, All Rights Reserved.
View our
Privacy Policy Our Terms and Conditions

Institute of Consumer Financial Education
PO Box 34070
San Diego, Ca 92163
Paul S. Richard, Executive Director
Phone 619-239-1401

FAX 619-923-3284

Questions for www.financial-education-icfe.org Click to go to Website Contact Us or 
Website Design Donated by Desgn School Programs

Please Tell An Associate, Friend or Family Member About the ICFE