Comments on: Telecoms feel the pretexting heat

As Congress calls telecom CEOs on the carpet, CNET News.com takes a look at how well the phone companies protect your privacy.

[Too Old For IT]

This is exactly what happens

This is exactly what happens when your frontline customer service people are the cheapest available; unable to adhere to even the simplest standards for security, and are lead by CxO's who are not qualified to pour rainwater out of a boot with instructions written on the sole.
Congress needs to make pretexting a felony, and not exempt government agencies or their sock-puppet contractors. Further, the penalty has to make the practice not worthwhile. Perhaps, if convicted, one should have to register with the local authorities as a privacy predator, a security-oriented offender or some such.

[patruga]

You got it....for the most part

I think you have hit the nail on the head, in stating that pretexting should be made a felony. Take the profit out of it, and you just might be able to drive the right behaviour.

With regards to the frontline reps being the cheapest available, you may be right to a point. Just remember "you get what you pay for". Everybody wants cheaper rates and expect premium service, it doesn't work that way.

[Dragon Forge]

Nothing so remarkable at all

While the acts outlined do fall within the context of "social Engineering" the public would be best advised that there is nothing so "ingenious" about the methodologies applied at all!

The successes are merely due to the money hungry, overly competitive service providers bending common sense, and in some cases their own rules and the laws, to please everyone/anyone.

The businesses that are customers of the comm services, paying for employee accounts, expect to be able to do whatever they want, whenever they want. Of course personal and private rights are heedlessly trampled to appease any request, whether they appear to putting safeguards or security proceedures in place or making that big generalized statement about all that they do (lol), they do nothing serious or carefully. This is knowing where the almighty buck comes from and nothing more. Ingenious social engineering is creating the expectaions that you have no rights or alternatives. Who are you to be asking about their policies, processes and standards?

While for the sake of the common good and security there should be unfettered access to say an employees desk drawers, in so much as in the case of a dangerous substance or article, known or unbeknownst to the desk's resident, so that we may all be protected. Rifling through a desk drawer to ascertain if an employee has money problems for the sake of an "investigation" in to some fraud, is definitely not!

Our businesses are unable to make reasonable quality distinctions and what should be obvious is that they absolutely need to be controlled, regulated and monitored. They have shown remarkable vindictive, malicious and dictorial proclavities in the past, the present and, even if regulations are imposed some years hence [after years of debate and readings in the House, etc etc etc,] the future.

No there is nothing so "ingenious" in all this at all and any good investigator will tell you as much. Ingenious is how, year after year, nothing is really done to get a handle on business practices, while the rest of the world laughs at the antics of politicians and businesses a like. We think we are the international trade and commerce powerhouses but are more likened to school yard bullies globally.

There are far more realistically Social Engineering techniques - one of them is deluding employees into imagining that businesses have their best interests at heart.

The only reason there is security and the pretense to privacy is that it is just another marketing ploy, a bullet on their brocher.

All businesses, whether it be the vast, nefariously gleaned informational 'tanks' in level 3c at HP, their chattle's personal information, or the the private customer accounts at a comm service, manage their informational holdings in a set of self serving "policies" skipping the philosophies in a 'duty of care'.

Best be aware what ingenious is.

[itango]

We already have an easy solution......

Force companies not to keep customer data longer than 3 days. That way, even if the account is accessed, not much damage can be done. And it can provide a benefit to the company, by optimizing server and storage space. I know that law enforcement agencies will howl, but if they are able to obtain a warrant, then the company could store informaiton on that person to satisfy the warrant. Otherwise, everone's information gets deleted!

[itango]

We already have an easy solution......

Force companies not to keep customer data longer than 3 days. That way, even if the account is accessed, not much damage can be done. And it can provide a benefit to the company, by optimizing server and storage space. I know that law enforcement agencies will howl, but if they are able to obtain a warrant, then the company could store information on that person to satisfy the warrant. Otherwise, everone's information gets deleted!

[Zeno77]

Congress "Investigates" pretexting???

Is this congressional Investigation good or is it a case of kettle calling pot black; how about the tactics of opposition research investigators; how about the tctics of investigative reportors, which always involvle some of lying, or pretending or pretextng??? Perhaps the telecoms should only mail out "reqests for records" replies to an accounts billing address, not just hand them out willy-nillly.

[wbenton]

Congresional Investigation a Waste of Money

Handing out one's personal phone call records to somebody else is a definate breach of privacy. No investigation required.

Walt

[wbenton]

Call Back confirmation

Or is that beyond comprehension?

Walt

[DaClyde]

It's just wire fraud, nothing new

Why all this noise over "pretexting"? It's just run of the mill wire fraud. Charge them, prosecute them and penalize them. The laws and infrastructure for this already exist. This shouldn't be an issue. It's the same old story, the government won't enforce the laws they have, so they need to pass more?