Hacking isn’t all about some spotty dude in his dingy bedroom frantically tapping away at multiple computers and breaking into the Pentagon’s mainframe. Anyone with half-decent acting skills and a few fragments of your personal data could con your phone company or internet provider to hand over additional personal details.
They might then that extra information to escalate the social engineering to the next level. They might ultimately accumulate enough information – email, passwords, birthday, address, to break into your Facebook account, empty your bank account or even steal your whole identity. Given the potential gullibility of an honest and innocent staff member confronted by an agitated caller with a crying baby in earshot, what could you possibly do to protect against this kind of hack?
Complicated, hard to remember passwords, two-factor authentication and never telling anyone your pornstar name (Mother’s maiden name and name of first pet) isn’t sufficient to protect you against someone else’s gullibility to a vishing attack (voice phishing). Watch the video from about 2 minutes in for a classic bit of vishing.