jump to navigation

successful social engineering? (2) February 2, 2007

Posted by TSAI HONG-BIN in Diary.

erh, I found that this title may mislead readers to think that I successfully “engineered” something… well, I did NOT. I’m sorry for that if all you expected is ways to do social engineering, I believe there is a book giving much better examples and techinches than I do. “The Art of Deception: Controlling the Human Element of Security” (駭客大騙局) available at Amazon and 博客來.

All right, then, after I faxed what the credit-verification guy asked to the customer-service guy, I got a call later. “Mr. Tsai, the data you faxed is insufficient, please send a copy of …. as well.” oh no.. that’s awkward, the way that folks doing customer-service know your information (and application status) is through what so called “e-business system,” so that all your status is marked as a number, such as from 1 to 10. Without any further remark, few numbers obviously cannot enumerate the possible situtaion of application status. So I just replied, “dude, just pass to the bank ok?” and refused to send anything.

That’s kindda stupid (or pathetic? because I no longer trust someone unacquainted called me is the person who he claimed) that with information system’s help they still cannot overcome the inefficiency of inter-communication. What matters to the efficiency is no longer the speed, but the information significance (maybe the mutual authentication? because I don’t trust ….. blah blah). From certain aspect of view, the CS-guy was trying to be consideration, he checked the system and it only says the information I offered is insufficient for credit-checking process, but it doesn’t say “which part” of the information. So what the CS-guy can do is to take it as a whole and remind the customer, me, to supply all documents “required by the book”. Could this “semi-disclosure” or “miss-disclosure” do any benefit to social engineering? I got no answer. (if I do I cannot tell you either) But that’s really inconvenient to me and something that should be done in 2 phone calls and 1 fax now costs 4 calls and 1 fax. And you know what really concerns me? the way I apply to the credit card, is by going to the bank counter and giving them everything needed in application, including 2 IDs, credit information and application form. The bank guys did the copy thing, I just did my signing job. So, eventually, who was missing what? …



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: