Spam was never done with “burner phones” in the first place, it’s mostly done via VoIP through shady telecoms companies that can’t be bothered to validate their customers. Due to the age of the phone system it’s incredibly easy to spoof phone numbers because it’s essentially a trust system. Phone exchange A talks to exchange B and says phone number 123 is calling number 456. How does exchange B know that it’s actually 123 calling? They don’t at all, they just trust that exchange A is telling the truth. It’s really hard to get into the system, but once you’re there you essentially have unlimited power with virtually no safeguards in place.
Basically from a security perspective the phone system looks a lot like the 1980s internet, there is technically some security in place, but significantly less than there actually should be.
One of the things that surprised me the most when I started working on vishings for a Cybersecurity Red Team was how extremely easy it is to spoof any phone number.
It’s the nunber one tip I give to anyone who asks about security, a lot of people don’t know that, and spear-vishings are extremely effective.
People have learned to mostly not trust Microsoft Support numbers asking for your CC, but when an internal company number that your phone matches to your bosses boss calls you, a lot of people fall for that.
Spam was never done with “burner phones” in the first place, it’s mostly done via VoIP through shady telecoms companies that can’t be bothered to validate their customers. Due to the age of the phone system it’s incredibly easy to spoof phone numbers because it’s essentially a trust system. Phone exchange A talks to exchange B and says phone number 123 is calling number 456. How does exchange B know that it’s actually 123 calling? They don’t at all, they just trust that exchange A is telling the truth. It’s really hard to get into the system, but once you’re there you essentially have unlimited power with virtually no safeguards in place.
Basically from a security perspective the phone system looks a lot like the 1980s internet, there is technically some security in place, but significantly less than there actually should be.
One of the things that surprised me the most when I started working on vishings for a Cybersecurity Red Team was how extremely easy it is to spoof any phone number.
It’s the nunber one tip I give to anyone who asks about security, a lot of people don’t know that, and spear-vishings are extremely effective.
People have learned to mostly not trust Microsoft Support numbers asking for your CC, but when an internal company number that your phone matches to your bosses boss calls you, a lot of people fall for that.