The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [24]
Surprise, Dad
I once sat at a table in a restaurant with Henry and his father. In the course of conversation, Henry scolded his father for giving out his credit card number as if it were his phone number. “Sure, you have to give your card number when you buy something,” he said. “But giving it to a store that files your number in their records—that’s real dumb.”
“The only place I do that is at Studio Video,” Mr. Conklin said, naming the same chain of video stores. “But I go over my Visa bill every month. If they started running up charges, I’d know it.”
“Sure,” said Henry, “but once they have your number, it’s so easy for somebody to steal it.”
“You mean a crooked employee.”
“No, anybody—not just an employee. ”
“You’re talking through your hat,” Mr. Conklin said.
“I can call up right now and get them to tell me your Visa number,” Henry shot back.
“No, you can‘t, ”his father said.
“I can do it in five minutes, right here in front of you without ever leaving the table.”
Mr. Conklin looked tight around the eyes, the look of somebody feeling sure of himself, but not wanting to show it. “I say you don’t know what you’re talking about,” he barked, taking out his wallet and slapping a fifty dollar bill down on the table. “If you can do what you say, that’s yours.”
“I don’t want your money, Dad,” Henry said.
He pulled out his cell phone, asked his father which branch he used, and called Directory Assistance for the phone number, as well as the number of the store in nearby Sherman Oaks.
He then called the Sherman Oaks store. Using pretty much the same approach described in the previous story, he quickly got the manager’s name and the store number.
Then he called the store where his father had an account. He pulled the old impersonate-the-manager trick, using the manager’s name as his own and giving the store number he had just obtained. Then he used the same ruse: “Are your computers working okay? Ours have been up and down.” He listened to her reply and then said, “Well, look, I’ve got one of your customers here who wants to rent a video, but our computers are down right now. I need you to look up the customer account and make sure he’s a customer at your branch.”
Henry gave him his father’s name. Then, using only a slight variation in technique, he made the request to read off the account information: address, phone number, and date the account was opened. And then he said, “Hey, listen, I’m holding up a long line of customers here. What’s the credit card number and expiration date?”
Henry held the cell phone to his ear with one hand while he wrote on a paper napkin with the other. As he finished the call, he slid the napkin in front of his father, who stared at it with his mouth hanging open. The poor guy looked totally shocked, as if his whole system of trust had just gone down the drain.
Analyzing the Con
Think of your own attitude when somebody you don’t know asks you for something. If a shabby stranger comes to your door, you’re not likely to let him in; if a stranger comes to your door nicely dressed, shoes shined, hair perfect, with polite manner and a smile, you’re likely to be much less suspicious. Maybe he’s really Jason from the Friday the 13thmovies, but you’re willing to start out trusting that person as long as he looks normal and doesn’t have a carving knife in his hand.
What’s less obvious is that we judge people on the telephone the same way. Does this person sound like he’s trying to sell me something? Is he friendly and outgoing or do I sense some kind of hostility or pressure? Does he or she have the speech of an educated person? We judge these things and perhaps a dozen others unconsciously, in a flash, often in the first few moments of the conversation.
mitnick message
It’s human nature to think that it’s unlikely you’re being deceived in any particular transaction, at least until you have some reason to