We were privileged to host Tony Sales last week.
Tony is Britain’s Greatest Fraudster, according to the Sun …
… stealing over £30 million in a lengthy criminal spree of robbing cards and retailers of goods and services.
Easily done, as it turned out.
And you can see why when you listen to this phone call.
This is Tony pretending to be a bona fide customer sales person from a retailer who the customer visits regularly.
Tony’s got their details by using a man-in-the-middle attack.
This is pretty easy to do. For example, in Tony's presentation, he harvested this customer information by creating a wifi hotspot called “Starbucks wifi”.
The customer therefore thinks they’ve safely logged on to Starbucks wifi in their local café when, in reality, they’re logged onto Tony’s wifi hotspot.
As the customer entered their card details to the superstore, Tony stole them.
He also did a lot more that I could tell you about, but you need to join the Financial Services Club if you want to know about that.
What I will share with you is this phone call.
As mentioned, Tony knew the customer used this store for shopping and that they used a certain card regularly. So, here goes, this is Tony trying to get a little more out of the customer.
Shocking and sweet, and so easy and so true.
The thing is that Tony is using basic social engineering skills to achieve this and, as he pointed out regularly in his presentation, the problem we have is that most people believe people are honest.
Whether you are working in a bank or getting services from a bank, you think they and the people who work there are honest.
Not all of them are.
So Tony’s murky past and honest present – he advises banks and retailers on how to avoid fraud today – is all about preying upon people’s honest.
Then imagine if you had a hoard of people using such skills.
Oh! There are? OK.