Cracking Physical Identity TheftJuly 1, 2008 – 5:58 AM
A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate.
Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, says organizations typically are focused on online identity theft from their data resources, and don’t think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman. He once walked out of a client site carrying their U.S. mail tray with 500 customer statements inside it, he says.
“This is the forgotten and overlooked” security risk for identity theft, Perrymon says. “That’s why the first time we show [our clients] what we can do, it blows them away.” But with the Federal Trade Commission’s (FTC) new identity theft regulations requiring banks, mortgage firms, credit unions, automobile dealerships, and other companies that provide credit to assess identity theft risks as well as add policies and procedures to pinpoint any “red flags” as of this November, Perrymon and his team are in hot demand to perform undercover social engineering exploits for banks and other firms to test their ID theft vulnerabilities.