AUDIO: Comcast Easily Tricked Into Giving Your Personal Info To Wiseass Teenagers

Here’s a clip from the Cmd Radio show demonstrating how someone armed with only a phone number and address can social engineer your personal information out of Comcast.

Like many companies, Comcast doesn’t train its customer service reps enough in security verification. The result is that anyone can call up, pretend to be a service tech, and get your info. Criminals can pick up pieces from one company and use them to get more information out of another, and so on. They can use the end result to steal your identity, your bank account information, and other fell deeds.

Guess that’s what happens when you outsource staff all your customer service to facilities with incompetent and poorly trained employees. — BEN POPKEN

005 – Social Engineering [Cmd Radio] (Thanks to Rich!)
Download the clip (MP3)
Download the full show (MP3)

Comments

Edit Your Comment

  1. homerjay says:

    Ooh! Shock! Company tricked into giving out sensitive information!

    Next up- Man gets your money out of the bank simply by showing teller his gun!

    Sure this guy wasn’t all the bright- but really, do you expect him to be? He’s a call center rep not a hostage negotiator. He is dupable.

    This site seems to be losing its way…. Focus on issues that are controlable.

  2. Stepehn Colbert says:

    Uhh Homerjay, thats actually pretty bad.

  3. Untor says:

    This is very controllable. Comcast needs a simple but comprehensive security policy and employees that are trained to follow it. This call center rep obviously had no training what so ever on how to handle this situation. Responsible companies teach employees to be immediately suspicious of someone claiming to be an employee and how to verify it really is one.

    It’s not always possible to protect against this 100% but it can be dramatically decreased with a little effort.

    This sort of fraud is very common these days and by ignoring it, Comcast is just inviting trouble. And don’t forget they do have your social.

  4. timmus says:

    I’m thinking it would be better to call this “Comcast Pretexting”. We need to be doing all we can to blackball the legitimacy of pretexting, and this is pretty much what this is.

  5. homerjay says:

    Of course its pretty bad- but this could have happened to any company. You can’t forecast how every criminal is going to defraud people. You can blame Stop & Shop for letting criminals swap out their credit card terminals but who would have ever thought that was even a way to commit a crime?

    This is TOTALLY different than TJX being defrauded by thieves and not admitting to it for months.

    I HATE HATE HATE HATE ( I can’t stress that enough) Comcast and I’m sure they need to make some changes to their security based on this- but once they do, there will be a new way to defraud them.

    You can anticipate all criminal activity. Thats why the WTC no longer exists.

  6. OnceWasCool says:

    Wow, the Comcast Nazi’s work fast! The video has been removed from Youtube already.

  7. nickripley says:

    It doesn’t appear to be anywhere else, either!

  8. Kyle says:

    You can listen to the full episode here with even more calls http://media.podcastingmanager.com/73411-3512/Media/cmdrad

  9. Stepehn Colbert says:

    ya homerjay, any company could have done it, but that doesnt mean that any company should do it.

  10. Ben Popken says:

    Video back up.

  11. unwritten07 says:

    @Kyle:
    ‘The page cannot be found’ at the moment, I’ll try again later.

  12. 2Legit2Quit says:

    I’ve known this for a while. I was interested in upgrading my service, I just didn’t know what I wanted. I knew that my neighbors package was what I was looking for so I just called Comcast, gave them my neighbors number, address, and the dad’s name and they told me the price what features I have and were going to let me add/delete and change anything.

    Verizon at least asks for billing zip and social security.

  13. 2Legit2Quit says:

    Sorry the repost, but after listening to the clip, what was the big deal? Comcast doesn’t have you social security on file (I’ve checked) and they didn’t any information that a Verizon Phone Book couldn’t give you, besides the acct # which means jack shit.

  14. Buran says:

    @homerjay: When banks lose money due to robbery, you don’t personally lose any money. Your money is protected by FDIC.

    If your personal information is taken, that DOES affect you.

    It’s not the same.

  15. 2Legit2Quit says:

    Ahh FDIC, see the Great Depression and President Franklin D. Roosevelt’s term (besides the embezzlement scam with Leo) weren’t all bad :)

  16. dscosson says:

    For what it’s worth — not all companies are this ridiculously irresponsible. Cox Communications, for instance… first of all, Cox where I live doesn’t outsource except for six hours in the late night/early AM; secondly, a caller can’t get anything from an account, phone number, account balance, service subscribed to, work orders, nothing, without verifying the last four of the SSN of the accountholder. This situation could never have happened with Cox.

  17. garf12 says:

    @blankfaze

    are you sure about that? I’m sure comcast asks for the last 4 of your social also, but this guy wasnt calling as a customer he was calling as a tech.

  18. kuipo says:

    @blankfaze

    HEY! ahaha im an outsourced rep for comcast :) im on mexico hahahha and well.. honestly i normaly don’t check ssn, were suppossed to but 90% of the accts don’t have it. Also, to make changes is as easy as giving the name of the acct holder, you need to tell that you are that person and the billing address, but besides, im from billing so the most harm someone can do to an acct on my department.

  19. 2Legit2Quit says:

    Yea, comcast for me at least, doesn’t have a ssn. I’d rather not have a company who has my ssn available to anyone then a company who doesn’t.

    And what malicious intent is this person going to have once again? There really isn’t ALL that much they can do that can’t just easily be reversed.

  20. homerjay says:

    Okay, I have to apologize. Last night when I wrote those two comments, I was a little… oh…. boozed up. The fact that I even considered Comcast to be not at fault is just unconscionable.

    HOWEVER, I still stand behind my other comment about people who write checks in retail stores, Kerry. It just ain’t right! :)

  21. Stepehn Colbert says:

    were you drinking Duff or Fudd?

  22. homerjay says:

    Düff… Its imported.

  23. Loker says:

    1st I would like to say Comcast’s support staff is not outsourced they are almost all based in America (with the exception of one call center in Canada).

    2nd this is a bad thing definitely….but I am betting you could do this with 90% of companies and get the same result not just Comcast…..

  24. Brad B says:

    What needs to happen here is forbid any call center rep from speaking to a tech out on a job at all. In our market the techs call a special group of people to do anything that relates to a customer and their account. That would stop this issue at the source.

  25. attackgypsy says:

    The company I work for, Cablevision, would NEVER release that kind of info. We’d make them go back to dispatch and get the info. We’d never even give that info to our field techs without speaking to the subscriber first, and we have other ways of verifying that the subscriber is who they say they are.

  26. Warbeast says:

    When you address poorly trained employees, remember that most of these people are told on the one hand they are supposed to offer you the best help and experience possible. Sometimes its not just poor training but no training thats at heart leaving the agent on the phone completely helpless as to what to do. Instead, they rely on L2 agents who have been there for a while to come over and answer their questions while the agent learns on the job.

    Then there is the confusion caused by companys that hire management out of college who learned marketting but know absolutely nothing about the product they oversee. So please don’t make it sound as if the phone agents are the ones to blame! They are hired to help you and placed under the guidence of college graduates who know nothing about the interaction between agent and customer let alone the foggiest idea about developing products or fixing them! They just know how to market them so they cut corners on development to save money and are constantly changing the rules for tech support whom they wisely allocate no time or resources to train.

    I get furious when I see people making fun of phone agents or even use putdowns about them when they do the best they can under the circumstances. What these companies need to do is stop hiring college grads to run things, start promoting from within those who know what they are doing and if you hire college grads…start them out on the bottom and promote them when they prove they understand what they are doing. You can’t learn that in college and people like Michael Dell found out the hard way but still have lessons to learn about the damage these hiring practices have done to their companys.

  27. demnwzrd says:

    Just to clarify on this…Im in one of the MANY outsourced call centresin canada, and thre are more then one! About 8 so far each housing HUNDREDS of service reps!. We have the SSN’s on mostly all accounts and also are trained to verify 3 account details BEFORE we continue Troubleshooting, but things like account changes, billing info, and offering any info like acct#, rates, and making changes to the account MUST be verified (by law!) with a 4tyh identifier. Yes I know there are people that DONT do there job right, but not all of us are that inept!

  28. demnwzrd says:

    @loker:There are about 8 different call centres in Canada ( I work in one!) each housing a few hundred operators in each!