{"id":2143,"date":"2016-12-29T18:39:10","date_gmt":"2016-12-29T17:39:10","guid":{"rendered":"https:\/\/www.rsconnect.net\/en\/?post_type=article&#038;p=2143"},"modified":"2024-02-11T11:23:54","modified_gmt":"2024-02-11T10:23:54","slug":"social-engineering-using-caller-id","status":"publish","type":"article","link":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/","title":{"rendered":"Social engineering using caller ID"},"content":{"rendered":"<p>In a previous blog, we showed the potential risk of <a href=\"https:\/\/www.rsconnect.net\/en\/articles\/prevent-callerid-spoofing-callerid-abuse\/\">Caller ID Spoofing<\/a>. The Caller ID (Calling Line Identification is the official term) is for many people a proof of someone&#8217;s identity. When they receive a call from a number they recognize, they tend to trust the calling party.<\/p>\n<p style=\"text-align: center\"><a class=\"cta__button button\" href=\"https:\/\/www.rsconnect.net\/en\/support\/download-alm-trial\/\">Free Trial: Auto-Login for Desk Phones<\/a><\/p>\n<h2>Social Engineering skills<\/h2>\n<p>But what is then the next step? What can a hacker do with this trust? It is just a telephone call, isn&#8217;t it? Well, being trusted allows him to leverage his <strong>social engineering skills<\/strong>. He can manipulate the called party at the other side of the line. He can ask for information he normally wouldn&#8217;t receive. And he can make the called party do things they normally wouldn&#8217;t do.<\/p>\n<h2>Social engineering at the company helpdesk<\/h2>\n<p>Let&#8217;s look at the example given in the CNN item below. Here it is shown how a hacker is calling from a known company Caller ID to the company&#8217;s helpdesk. They recognize his call as an internal company call and are therefore less cautious. On the contrary, they are very willing to help him. After all, customer satisfaction is the most important metric for many helpdesks. Using his social engineering skills, he manipulates the helpdesk agent to click on a link with malware which &#8211; just an example &#8211; gives the hacker immediate access to the company&#8217;s IT network.<\/p>\n<p>The helpdesk agent wouldn&#8217;t have done this if some stranger was calling from an outside line. But this was an internal call from a colleague, so why not trust him? One telephone call with a fake CallerID is all the social engineer needs to get access.<\/p>\n<p><iframe loading=\"lazy\" title=\"Watch this hacker break into a company\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/PWVN3Rq4gzw?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h2>Social Engineering at a call center<\/h2>\n<p>A second example is perhaps even more frightening, at least from a consumer point-of-view. Find out how a caller can take over someone&#8217;s cell phone account by a combination of her excellent social skills and her crying baby in the background.<\/p>\n<p><iframe loading=\"lazy\" title=\"This is how hackers hack you using simple social engineering\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/lc7scxvKQOo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h2>So, Caller ID Spoofing and Social Engineering are all a hacker needs?<\/h2>\n<p>Not always. Specifically, in inter-company or intra-company scenarios, Caller ID spoofing often won&#8217;t do the job. Internal calls have specific call characteristics (quality, echo, delay etc.) which differ from external calls. And in fraud-sensitive environments like banks, insurance companies or public services, advanced techniques (so-called audio fingerprinting or phone fingerprinting) are available to verify whether a call indeed originates from the network and location which the Caller ID suggests.<\/p>\n<h2>Social Engineering from a real Caller ID<\/h2>\n<p>So, in these situations, it may be critical for the hacker that the call really can be made from an internal business telephone, not from some Caller ID spoofer.<\/p>\n<p>In such cases, the flex-office is the best friend of any hacker. In general, these offices are not the most challenging objects to enter without permission. Once you are in, you can pick a desk, grab the phone and start making internal phone calls. To the help desk for changing a password. To the finance department for some budget details. Or to the HR department to ask for some staff information.<\/p>\n<h2>Prevent hackers <span class=\"btn-r first-replacement\">from accessing<\/span> VoIP telephones<\/h2>\n<p>But how can a hacker have direct access to a company telephone? This requires that all VoIP telephones have open access and are not protected via usernames and PIN codes. A situation we often see in business environments for the simple reason that using usernames and PIN codes for desktop phones is far from easy. So, people don&#8217;t use it at all, use standard credentials or stay logged in forever. Very user-friendly for the end-user. But also very user-friendly for any hacker who has access to a desktop phone.<\/p>\n<h2>Prevent unauthorized access to your VoIP phones<\/h2>\n<p>Therefore, more and more our software assists companies in their attempts to minimize the risks of hackers accessing their VoIP networks. Our Active Login Manager only provides access to IP Telephones in case a user also logged into the computer network via his computer or laptop. Since that access is highly secure, the telephone access is secure as well. And every secured telephone is one telephone less that can be abused for social engineering tricks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Caller ID of a telephone is a powerful identification mechanism. And also often used by hackers for social engineering tricks. How hackers abuse your unprotected desktop telephone.<\/p>\n","protected":false},"featured_media":5902,"menu_order":0,"template":"","categories":[27],"tags":[7,24],"class_list":["post-2143","article","type-article","status-publish","has-post-thumbnail","hentry","category-articles","tag-privacy","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Social engineering using caller ID - RSconnect<\/title>\n<meta name=\"description\" content=\"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Social engineering using caller ID - RSconnect\" \/>\n<meta property=\"og:description\" content=\"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/\" \/>\n<meta property=\"og:site_name\" content=\"RSconnect\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-11T10:23:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"5184\" \/>\n\t<meta property=\"og:image:height\" content=\"3456\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/\",\"url\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/\",\"name\":\"Social engineering using caller ID - RSconnect\",\"isPartOf\":{\"@id\":\"https:\/\/www.rsconnect.net\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg\",\"datePublished\":\"2016-12-29T17:39:10+00:00\",\"dateModified\":\"2024-02-11T10:23:54+00:00\",\"description\":\"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage\",\"url\":\"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg\",\"contentUrl\":\"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg\",\"width\":5184,\"height\":3456},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rsconnect.net\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Articles\",\"item\":\"https:\/\/www.rsconnect.net\/en\/articles\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Social engineering using caller ID\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rsconnect.net\/en\/#website\",\"url\":\"https:\/\/www.rsconnect.net\/en\/\",\"name\":\"RSconnect\",\"description\":\"UC Security Solutions\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rsconnect.net\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Social engineering using caller ID - RSconnect","description":"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/","og_locale":"en_GB","og_type":"article","og_title":"Social engineering using caller ID - RSconnect","og_description":"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this","og_url":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/","og_site_name":"RSconnect","article_modified_time":"2024-02-11T10:23:54+00:00","og_image":[{"width":5184,"height":3456,"url":"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/","url":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/","name":"Social engineering using caller ID - RSconnect","isPartOf":{"@id":"https:\/\/www.rsconnect.net\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage"},"image":{"@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg","datePublished":"2016-12-29T17:39:10+00:00","dateModified":"2024-02-11T10:23:54+00:00","description":"Check here how hackers use Caller ID spoofing and social engineering to get access to sensitive data. And how the Active Login Manager prevents this","breadcrumb":{"@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#primaryimage","url":"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg","contentUrl":"https:\/\/www.rsconnect.net\/en\/wp-content\/uploads\/2021\/11\/giorgio-trovato-_geAgtjqLzY-unsplash.jpg","width":5184,"height":3456},{"@type":"BreadcrumbList","@id":"https:\/\/www.rsconnect.net\/en\/articles\/social-engineering-using-caller-id\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rsconnect.net\/en\/"},{"@type":"ListItem","position":2,"name":"Articles","item":"https:\/\/www.rsconnect.net\/en\/articles\/"},{"@type":"ListItem","position":3,"name":"Social engineering using caller ID"}]},{"@type":"WebSite","@id":"https:\/\/www.rsconnect.net\/en\/#website","url":"https:\/\/www.rsconnect.net\/en\/","name":"RSconnect","description":"UC Security Solutions","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rsconnect.net\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/article\/2143"}],"collection":[{"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/article"}],"about":[{"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/types\/article"}],"version-history":[{"count":10,"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/article\/2143\/revisions"}],"predecessor-version":[{"id":7188,"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/article\/2143\/revisions\/7188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/media\/5902"}],"wp:attachment":[{"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/media?parent=2143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/categories?post=2143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rsconnect.net\/en\/wp-json\/wp\/v2\/tags?post=2143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}