BoA
"I can assure you they would not be able to do with the Bank of security in America." The Bank of America supervisor's words echoed in our heads as Bank of America automated phone system revealed our account information on a call we made via a Web-spoofing Caller ID site.
Bank of America is back. We really are not going out of our way to find problems with the security of Bank of America. They just happen to find a way to place these issues in front of us as we go about our usual business of running private Internet access, our VPN service.
This is a tough call, but we think that the issue that we discovered today is significantly worse than the previous one in which the name and account of the balance of a random client was displayed for us while making a funds transfer.
Social and phone number
of today's program simply requires SSN and a customer phone number Bank of America. How to get a person's phone number does not even warrant discussion. While SSN people usually do not float freely around on the Internet, there are certain situations where it is commonplace to give that information. For example, the W-4 employment and background checks both require a SSN. Imagine an employer who has paid into the bank accounts of prospective employees to check their balance before deciding to hire them. The IRS W-9 form, which includes your SSN, must be completed and given to any company that pays you more than $ 0 per year. This may include relations such as contracts, consulting, affiliate offers, and advertising, as Amazon Affiliates and Google AdSense. A company that pays a lot of people and / or companies probably would have both the VMS and number phone for all recipients, which is all that is required for phone access their bank account. Even if you are not in such a situation, once someone finds a way to get your SSN, get your phone number is probably trivial.
Bank of America has provided little to allay our concerns. "So, you mean that's how it's supposed to work?" ... "Yes sir". Then they told us that you he able to change your telephone access code to be anything but your SSN, we know the problems with opt-out and default values. They also said it would work when you call from your home phone. We raised the objection that the caller-id spoofing services were and were prevalent for years now. "I can assure you they would not be able to do with the Bank of security in America," the supervisor said.
Hearing this, we decided to really test using a website spoofing well-known fake our phone number and the call into the automated system of Bank of America. After entering in our NHS, bingo, we were in and had full access to account information and history of transactional accounts, or in other words, now we had access to a bank statement by phone.
We have provided a recording in detail how easy it was to get into our account and access our account information (we recorded most sensitive information in the call and changed some unnecessary phone navigation menu).
0 Komentar