About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch » The Technological » Hall of Monkeys


Catherine's going to have to be careful.

Get It

Try It

The following can be left without comment. Aviram Jenik of SecuriTeam tells the story.

'As I'm waiting to board a flight, my phone rings and someone claiming to be a T-Mobile rep is on the other side.'

'You've been using your phone a lot.'

'Yes, I spent a week in China and the roaming charges are especially high there.'

'Well you're over $2,000 in your phone bill.'

'Well, thanks for letting me know. When the bill comes I will be happy to pay it.'

'No, you need to pay it now; it's higher than your monthly average and we need to collect the payment outside your monthly billing cycle.'

'Fine. I will call the billing center once I get back to the office tomorrow.'

'No, you need to pay it now.'

'I'm just about to board the plane. Call me in 3 hours when I land.'

'Sorry, I need to collect a payment or we'll suspend the account.'

'Fine. Bill me. You have my credit card details on file.'

'No, we need you to provide them again as proof that you are okaying the billing.'

'You need my credit card details? Now? Can't wait? OK. Give me your number and I'll call you right back and give you my CC.'

'This line is for outbound calls only. There's no direct number back to me.'

'No problem - I'll call the T-Mobile 800 number and ask for your department.'

'They can't transfer you to me.'

'Then how do I know you're a real T-Mobile rep and not someone out to get my credit card number?'

'Well how else would I have known your charges this month were especially high?'

'At this point I burst out laughing and since boarding is about to end I give her my full credit card details', continues Jenik. 'VISA will take the loss on that one, but who will save me from the embarrassment of 'SecuriTeam blogger falls victim to the most amateurish phishing attack in history'? I land and log online in to my T-Mobile account and am shocked to see a bill of $2,500 that is marked as paid. It really was T-Mobile.'

'Somewhere in Eastern Europe some guy is telling his boss: Sergei, you'll never believe this. The fake training materials we planted at T-Mobile are actually being used. They're teaching their customers to be phished!'

See Also
SecuriTeam Blogs: T-Mobile Phishing Camp

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.