How can you protect yourself from hackers? An IBM social engineer offers advice
Stephanie “Snow” Carruthers, Chief People Hacker at IBM, gives advice about protecting yourself online. She also explains how the robocalls and spoofing process works.
CNET and CBS News Senior Producer Dan Patterson and CBS Investigative Reporter Graham Kates spoke with Stephanie “Snow” Carruthers, chief people hacker for IBM’s X-Force Red team, about how to protect yourself from cybercrime.
This is part four in a four-part series. Download the entire series: How an IBM social engineer hacked two CBS reporters–and then revealed the tricks behind her phishing and spoofing attacks (free PDF).
See part one, IBM social engineer easily hacked two journalists’ information; part two, How cybercriminals trick you into giving your information over the phone; and part three, How a hacker at IBM uses disguises and devices to steal private information.
Dan Patterson: All right, Stephanie, a large part of your job requires that you build trust, build a rapport, and you do that often by spoofing a phone number to appear as though it’s coming from a trusted source. It could be a friend; it could be a family member; it could be a bank. All of us have seen these spam robocalls on our . Sometimes the robocalls that get me look as though they’re coming from my number or a very similar number. You can even spoof how two different contacts could look like each other. Tell me how this process works, and can you show us?
Stephanie Carruthers: Yes, absolutely. You need a mobile app, and I’m not going to tell you which one, but you put in the phone number that you want to call.
Dan Patterson: In this case, it would be, if I were calling Graham, or you want to look…