Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

The support phone call that brought down MGM in Vegas

Started by petewhatshisname , Today, 01:01 PM

  • Please log in to reply
3 replies to this topic

#1 petewhatshisname

petewhatshisname

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:09:14 PM

Posted Today, 01:01 PM

I wonder if the audio from that phone call will ever be released. That would be a great teachable moment on what to do and what not to do when performing employee verification over the phone.


BC AdBot (Login to Remove)

 

#2 hamluis

hamluis

    Moderator


  • Avatar image
  • Moderator
  • 63,372 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:14 PM

Posted Today, 03:19 PM

Employee verification should not be employed over the phone.  Granting access to institutional/security info via phone is an extremely bad institution practice.

 

The explanation sounds rather shoddy for the security breech, IMO.

 

Louis


BC Malware Forum

#3 petewhatshisname

petewhatshisname
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:09:14 PM

Posted Today, 03:26 PM

Totally agree. Like it's been said online plenty of times in recent weeks, a three-billion dollar company was taken down by a ten-minute phone call.

 

Here's a question: what's a secure way to verify an employee's identity under these circumstances? Seems like the last four of the SSN isn't really a solution anymore.


#4 mjd420nova

mjd420nova

  • Avatar image
  • Members
  • 3,145 posts
  • ONLINE
    •  
  • Gender:Male
  • Local time:06:14 PM

Posted Today, 07:46 PM

The crooks are coming up with new approaches to gaining access to otherwise secure networks.  The weakest link in the security chain is the user.  Convincing them to click on a link or divulge some personal bit of info.  A little bit here and bit there and you could create a convincing story to feed an unsuspecting user to allow entry through their or another users passwords.  Over the phone is just as un-secure as an e-mail or text.  You have no idea who the other person really is and should not disclose any personal info via that media.


Back to General Chat


7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users


  1. BleepingComputer.com
  2. General Topics
  3. General Chat
  4. Privacy Policy
  5. Rules ·