Monday, July 10, 2006

CallerID scams: the perils of flawed trust mechanisms

As Schneier repeatedly tells us, there's a big risk to a trusted identity mechanism. For example, expedited airport security checks based on special IDs increases the risks of a flaw in the ID mechanism. That's what's happened to caller ID, with unsurprising consequences: - Caller ID scammers plan to do a number on you:

...The AARP Bulletin recently reported a scam in which people received fraudulent calls claiming they missed jury duty and asking for their Social Security number. The calls seemed legitimate because the telephone number of the localcourthouse showed up on caller ID.

In Pennsylvania, constituents of Republican Rep. Tim Murphy were flooded with bogus calls from someone purporting to be from Murphy's office.

The primary worry for consumers is that if a call appears to be coming from their bank, credit card company or a government agency, they could be persuaded to give up financial data a thief could use to open new bank accounts or apply for loans and credit cards.

'It's a new way to scam people, because people rely on caller ID,' says Sid Kirchheimer, author of 'Scam-Proof Your Life' and the AARP Bulletin's Scam Watch columnist."
Sigh. This one came out shortly after I posted my essay on the threats ahead. Not far ahead evidently. The USA today article comes with a set of recommended safeguards; they remind me of the 'duck and cover' recommendations for nuclear attack ...

No comments: