Jack Recider

You want to steal money out of customers' accounts?

You want to steal money out of customers' accounts?

Okay, so this company is a bank, and she's told that she can target customer support to see if she can access a customer's bank account. And she's given the options to use a phone call, email, or chat to get through.

Okay, so this company is a bank, and she's told that she can target customer support to see if she can access a customer's bank account. And she's given the options to use a phone call, email, or chat to get through.

Good for them. That's the protocol they're supposed to follow.

Good for them. That's the protocol they're supposed to follow.

Spoofing phone numbers. How is this still possible? You can download an app from the mobile app store, and within a few taps, you can change what phone number you're calling from to have any phone number you choose. So you can make it look like where you're calling from is not actually where you're calling from. Now, when I was young, I used to do this with emails.

Spoofing phone numbers. How is this still possible? You can download an app from the mobile app store, and within a few taps, you can change what phone number you're calling from to have any phone number you choose. So you can make it look like where you're calling from is not actually where you're calling from. Now, when I was young, I used to do this with emails.

I would love to send emails to my friends pretending to be from the FBI or the President of the United States. And I'd be like, Bill, you're in serious trouble.

I would love to send emails to my friends pretending to be from the FBI or the President of the United States. And I'd be like, Bill, you're in serious trouble.

But then the email protocol got updated. They implemented SPF records somewhere around 2006, and this ensures that the place you sent the emails from is where the emails are supposed to come from. This effectively put an end to email spoofing.

But then the email protocol got updated. They implemented SPF records somewhere around 2006, and this ensures that the place you sent the emails from is where the emails are supposed to come from. This effectively put an end to email spoofing.

Of course, not all companies configure their SPF records properly, and you can still spoof it, but at least the option is there if you want to block someone from spoofing your email. But for phones, which have been around a lot longer than email, it's an unpatched vulnerability in my opinion. You can still spoof phone numbers.

Of course, not all companies configure their SPF records properly, and you can still spoof it, but at least the option is there if you want to block someone from spoofing your email. But for phones, which have been around a lot longer than email, it's an unpatched vulnerability in my opinion. You can still spoof phone numbers.

Now, since phone companies refuse to fix this, their solution was to help pass a law making it illegal to spoof phone numbers. So for now, it just seems like telephone companies are just relying on the police to help keep people from doing this. But to me, this is an awful way to secure things. Telephone companies can fix this if they want.

Now, since phone companies refuse to fix this, their solution was to help pass a law making it illegal to spoof phone numbers. So for now, it just seems like telephone companies are just relying on the police to help keep people from doing this. But to me, this is an awful way to secure things. Telephone companies can fix this if they want.

But while I see this as a vulnerability, telephone companies have historically said, wait, why are you using telephone numbers as identifiers? They were never meant to be identifiers. And they put the blame on us for doing that because for a long time, our phones didn't have screens. So we never knew who was calling until you picked up the phone and said hello.

But while I see this as a vulnerability, telephone companies have historically said, wait, why are you using telephone numbers as identifiers? They were never meant to be identifiers. And they put the blame on us for doing that because for a long time, our phones didn't have screens. So we never knew who was calling until you picked up the phone and said hello.

But then telephone companies gave us caller ID where our phones would show who's calling. And so I do blame telephone companies for making us think it is an identifier since they were charging extra for that feature back in the 90s. And mobile phones today all come with this feature. So I say, phone companies, turn caller ID off if you don't want us to use it as an identifier.

But then telephone companies gave us caller ID where our phones would show who's calling. And so I do blame telephone companies for making us think it is an identifier since they were charging extra for that feature back in the 90s. And mobile phones today all come with this feature. So I say, phone companies, turn caller ID off if you don't want us to use it as an identifier.