Sunday, July 24, 2016

Hacking and Social Engineering

Recently NatWest customer Annette Jefferys from UK had got her bank account hacked and lost 17,500 sterling pounds. It's not because the online banking is not secure when it comes to technology but rather because of social engineering. It has always been a belief that no such system is totally secured. As long as humans are in control, there will always be a way to find a loop hole because after all humans always make mistakes.

What the hacker did was to make a call to Annette Jefferys acting that he is an employee of NatWest online banking. They told her that her account is under threat and being attacked by fraudsters. He advised her to transfer her money to another account. Like what a typical person would do, she doubted the caller so Annette Jefferys had to find a way to validate that he is an employee of NatWest. The hacker told Annette that if she look at the phone number at the back of the card it should match the same number of the current call. The phone numbers did match however Annette did not know that there are software nowadays to change the caller number on the other end just like how you see the video above. The hacker was then able to get Annette's trust. She cooperated and gave all the details the hacker needed to gain control of her account. NatWest on the other hand had no idea that this is happening since the system assumes that it is the account owner who is entering the personal details to recover an account.