CNET and CBS News Senior Producer Dan Patterson and CBS Investigative Reporter Graham Kates spoke with Stephanie “Snow” Carruthers, chief people hacker for IBM’s X-Force Red team, about how hackers steal your information over the phone. The following is an edited transcript of their interview.
Dan Patterson: Stephanie, much of your skill lies in being able to trick people or to extract information from people over the telephone or even in person. How do you get information from people just by asking for it?
Stephanie Carruthers: One of the things I like to do with phone calls is I will do caller ID spoofing. I’ll make my phone number appear as it is someone that you know or trust. Maybe it could be your bank or a relative, something where you would know that that connection is real. And once we have that connection, I go further, and I’ll ask you questions and sensitive information.
- TikTok removed nearly 90 million videos globally in the second half of 2020In total, from July 1 to December 31 last year, the company said it removed 89,132,938 videos globally, with 11,775,777 of those being removed in the United States. … Read More
- Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyMastercard and MTN announced a strategic partnership to enable millions of consumers in 16 countries across Africa to make global e-commerce payments safely and securely. Through a Mastercard virtual payment solution linked to … Read More
- Using lessons learnt in 2020 to combat the security threats in 20212020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus pandemic and lockdown to stage ransomware campaigns, deploy malware, exploit vulnerabilities and commit data breaches. … Read More
Graham Kates: Can you explain how exactly you would do caller ID spoofing?
Stephanie Carruthers: There are a number of applications that allow you to spoof your phone number, and what that does is I can pick any phone number I want my number to appear to be from, whether it’s your bank, or your boss, or someone in your company. And once I’m able to call you, and my number appears like that, you have automatic trust because it appears legitimate. If I called pretending to be a bank, I would first ask you to verify your account because, unfortunately, that’s something banks still do, but I would ask you to confirm your address and your phone number. And without thinking and because you see the phone number coming from your bank, you would trust that, and you would most likely provide that information.
Source: techrepublic.com: Dan Patterson