Author Topic: "New FCC regulation" (Read 1814 times)

Derek Xero · « **on:** April 10, 2009, 07:30:54 PM »

In my recent attempts to social engineer information from wireless companies, I've been asked to supply a 4 digit account password. According to a verizon/page plus customer service representative, the FCC is requiring this code to be supplied before any account information is given whatsoever. This doesn't make social engineering impossible, just harder and incredibly tedious for those like me who are relatively new to it. The passcode is even required for supposed employees from other departments. Can anyone offer insight into this?

rbcp · « **Reply #1 on:** April 10, 2009, 08:32:31 PM »

It's harder now than it was just a couple years ago, but it's still relatively easy as long as you're pretending to be an employee. Just keep trying and you'll end up with one who doesn't ask for their password. Pretending to be the customer sucks, especially compared to 10 years ago. Customers are stupid, though, and will forget their passwords so they'll need another way to verify themselves. A lot of times it's a personal question, like "What was your favorite teacher." But what do they do if that's wrong too? Seems like they'd be forced to revert back to asking you for your SSN or DOB or other things.

Guess they could offer to send the secret code to their phone's handset, but you could counter that with something like, "I lost my phone's handset and that's the reason I'm calling in." You could even add to that, that that's where you store your secret codes and passwords on your phone. Why don't you know who your favorite teacher was? Because you're an avid blogger and all your readers know who your favorite teacher was.

Did you see how I used 3 that's in a row in that one sentence? Holy crap, I am awesome!

Derek Xero · « **Reply #2 on:** April 11, 2009, 11:44:13 AM »

Quote from: rbcp on April 10, 2009, 08:32:31 PM

It's harder now than it was just a couple years ago, but it's still relatively easy as long as you're pretending to be an employee. Just keep trying and you'll end up with one who doesn't ask for their password. Pretending to be the customer sucks, especially compared to 10 years ago. Customers are stupid, though, and will forget their passwords so they'll need another way to verify themselves. A lot of times it's a personal question, like "What was your favorite teacher." But what do they do if that's wrong too? Seems like they'd be forced to revert back to asking you for your SSN or DOB or other things.

Guess they could offer to send the secret code to their phone's handset, but you could counter that with something like, "I lost my phone's handset and that's the reason I'm calling in." You could even add to that, that that's where you store your secret codes and passwords on your phone. Why don't you know who your favorite teacher was? Because you're an avid blogger and all your readers know who your favorite teacher was.

Did you see how I used 3 that's in a row in that one sentence? Holy crap, I am awesome!

Thanks man.

News:

Author Topic: "New FCC regulation" (Read 1814 times)

Derek Xero

"New FCC regulation"

rbcp

Re: "New FCC regulation"

Derek Xero

Re: "New FCC regulation"