This complicates protecting customer data, and companies need to be nimbler in spotting attempts to steal information, observers urge.
Two weeks ago, former Gizmodo writer Mat Honan discovered his Google, Twitter, and iCloud account breached within an hour.
The hacker sidestepped the usual password security by targeting Apple’s tech support instead, using “clever” social engineering to persuade staff he is the owner of the iCloud account and gaining access to the other passwords and deleting all of Honan’s data, according to his blog post.
On this, Mark Bower, vice president at Voltage Security, pointed out that social engineering has certainly moved from targeting end-users to companies’ IT administrators. This has been happening for the past few years now, he said.
As hackers become savvier, they realize that people are the weakest link in any organization’s IT security and conducting social engineering is an effective method in gaining access to customers’ data, Bower explained.
Joseph Steinberg, CEO of Green Armor, added that many questions used to “authenticate” customers during by call center staff can often be found rather quickly by hackers who do their research using Google’s search engine.