IBM’s Chief People Hacker Stephanie “Snow” Carruthers describes how criminals use caller ID spoofing to get your private data. – Must Read!

CNET and CBS News Senior Producer Dan Patterson and CBS Investigative Reporter Graham Kates spoke with Stephanie “Snow” Carruthers, chief people hacker for IBM’s X-Force Red team, about how hackers steal your information over the phone. The following is an edited transcript of their interview.

Dan Patterson: Stephanie, much of your skill lies in being able to trick people or to extract information from people over the telephone or even in person. How do you get information from people just by asking for it?

Stephanie Carruthers: One of the things I like to do with phone calls is I will do caller ID spoofing. I’ll make my phone number appear as it is someone that you know or trust. Maybe it could be your bank or a relative, something where you would know that that connection is real. And once we have that connection, I go further, and I’ll ask you questions and sensitive information.

Graham Kates: Can you explain how exactly you would do caller ID spoofing?

Stephanie Carruthers: There are a number of applications that allow you to spoof your phone number, and what that does is I can pick any phone number I want my number to appear to be from, whether it’s your bank, or your boss, or someone in your company. And once I’m able to call you, and my number appears like that, you have automatic trust because it appears legitimate. If I called pretending to be a bank, I would first ask you to verify your account because, unfortunately, that’s something banks still do, but I would ask you to confirm your address and your phone number. And without thinking and because you see the phone number coming from your bank, you would trust that, and you would most likely provide that information.

Source: Dan Patterson
Spread the love

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: