Call centre falls victim to impostor

If it wasn’t for people, some wag once said, IT systems would be secure.

Proof is in the number of data breaches caused by staff who use insecure passwords on their desktop PCs and mobile devices and who carelessly click on email attachments. There are also contact centre employees who are too forgiving to callers asking for password resets.

That’s what CSO Online writer Steve Ragan found when he allowed a security consultant to try and take over his account at domain registrar GoDaddy.

Like most organizations that allow external and internal customers to reset settings, GoDaddy has a set of procedures to authenticate users, including phone verification and, if necessary, having the caller fax a copy of an ID. Here’s where the breakdown happened — a case of social engineering.

“Armed with only basic information and no access to the account’s primary email address,” writes Ragan, the impostor “should have failed. Yet, the exact opposite happened; he succeeded despite GoDaddy’s layered protections.”

The call centre accepted the explanation that “there were a lot of office politics at the moment” as an explanation for the lack of some details. The impostor said he couldn’t provide the PIN number or credit card used to set up the account because his assistant had done that.

So he had to provide government-issued ID — and did by creating one with Photoshop.

Unfortunately there are still holes today in call centre authentication policies that allow attackers can take advantage of. It’s a vulnerability that every organization needs to pay attention to.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web