Check for readable phone numbers
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
|Result positive||No phone numbers were found.|
|Result negativ||Phone number found.|
|Description||A phone number was found. An attacker could use this information to manipulate employees and to gain information that should remain secret.|
|Background||Phone numbers are usually made public to allow customers to communicate directly with employees. However, if the customer is an attacker who uses social manipulation, this can lead to confidential information being revealed.|
|Consequence||social Engineering attacks are often carried out by phone. This type of attack is fast and efficient because there is often no awareness of the methods of social engineers. For example, in 2015 an American student managed to access the private email account of a CIA director by manipulating the employees at an internet service provider, who then revealed sensitive information about the CIA director to him.|
|Solution/Tips||The published phone numbers should be limited to those which are actually intended for communication with customers. Also, an employee who uses the phone should be aware of the dangers of social engineering attacks and should know the methods of social engineers.|