Social Engineering 101 – how customer service does more harm than good

Less is more? It turns out that both in Twitter accounts names and security breaches it is true. Recent post by Naoki Hiroshima gained already a lot if attention equally because of quite daring reveals of the attacker and utter incompetence on the side of PayPal and GoDaddy security and client data protection policies. As Naoki presents the case, it all started with a message from GoDaddy informing about change in account information. Unfortunately due to changes made by attacker it was already impossible to log into the account, furthermore because of changed credit card number customer service was unable to positively verify Naoki and failed to return the account. The attacker then tried to reset twitter password which failed, due to time required to update mail exchange record. Finally he contacted Naoki informing about his interest in @N account and threatened with making GoDaddy retake domain. Soon after GoDaddy replied to earlier filled case report. However they were not able to help, due to the fact that domain registrant have to be verified in order to proceed (you can almost see how things are getting sillier with every step). As a result Naoki decide to comply to the demands and release the @N address.

Continue reading “Social Engineering 101 – how customer service does more harm than good”