Social engineering and Orange
9th November 2005
I had a call on my mobile earlier today from a lady claiming to be from Orange (my phone service provider) who told me that my contract was about to expire. She asked me for my password.
Alarm bells instantly went off in my head, so I told her (truthfully as it happens) that I didn’t know my password. Then she asked for my postcode instead.
At this point I was pretty sure this was a social engineering attack, so I started to quiz her about why she needed the information. She said it was for a “security check”. I told her I was uncomfortable giving out information like this to a cold caller over the phone and she said it was nothing to worry about because it was all covered by “the data protection act”.
I said that I would rather conduct my business in an Orange shop, and she told me that she would have to put a mark on my record that I had failed a security check. I interpreted this as a threat, which convinced me that the call was an attempted con. I asked for her name and ended the call.
I e-mailed Orange customer support via their website with details of the call and the number it came from (07973 100 194, which looked like a mobile number to me and had further fuelled my suspicions). I just received their reply—the call really was from them!
Banks and other online services have learnt to repeatedly tell their customers that they will never contact them and ask for their password. Orange are leaving themselves wide open to social engineering attacks. This incredible lack of attention to basic security has given me serious second thoughts about trusting them with my business at all.
More recent articles
- Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
- llamafile is the new best way to run a LLM on your own computer - 29th November 2023
- Prompt injection explained, November 2023 edition - 27th November 2023
- I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
- Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023
- Deciphering clues in a news article to understand how it was reported - 22nd November 2023
- Exploring GPTs: ChatGPT in a trench coat? - 15th November 2023
- Financial sustainability for open source projects at GitHub Universe - 10th November 2023
- ospeak: a CLI tool for speaking text in the terminal via OpenAI - 7th November 2023
- DALL-E 3, GPT4All, PMTiles, sqlite-migrate, datasette-edit-schema - 30th October 2023