Gregory's Server@simonwood @Edent
I regularly have a little dance with people who phone me asking me to prove who I am before they will continue. I try to get them to confirm something that only the true caller would know but sometimes just have to give up and end the call.
|
Top-level
 2 comments
@ErikvanStraten @simonwood @Edent (ps Just the one 'L' thanks) |
@AlisonW : that's usually fine, but may not help during a "live" AitM (Attacker in the Middle) conversation - that is, if you don't notice the extra delays (or the attacker uses social engineering to somehow justify those delays to both sides - which may not be hard; a recording of a crying baby heard by Chase and construction noises sent to you may fool both sides - "sorry, I did not understand you because ...").
Step 1:
[Allison]
^
| "I'm a Chase employee"
|
[AitM]
|
| "I'm Allison"
v
[Chase]
Step 2:
[Allison]
|
| "What's my date of birth?"
v
[AitM]
|
| "What's my date of birth?"
v
[Chase]
Step 3 (I changed the order):
[Chase]
|
| "Feb 29, 2000"
v
[AitM]
|
| "Feb 29, 2000"
v
[Allison]
@simonwood @Edent
@AlisonW : that's usually fine, but may not help during a "live" AitM (Attacker in the Middle) conversation - that is, if you don't notice the extra delays (or the attacker uses social engineering to somehow justify those delays to both sides - which may not be hard; a recording of a crying baby heard by Chase and construction noises sent to you may fool both sides - "sorry, I did not understand you because ...").