Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy

Telemarketing Security Threats? 10

Posted by Cliff from the social-engineering-on-a-large-scale dept.
Phanophish asks: "I'm the IS manager for the branch office of a large publisher. Recently one of our users received a telemarketing call at home from a person who claimed to be with an independent research company. The caller asked a number of questions regarding the software installed on both her home and work machines. After gathering the info, the user was offered $25 to run a program contained on a disk on her work PC. Needless to say the security threat is huge. Thankfully she asked the caller to send the disk to her work address and promptly informed me of the call. As of today, we still have not received the disk to look a little deeper in to the situation and I suspect we never will. My question is, have any of you ever heard or seen anything like this?" Personally, I'd never trust software obtained from a telemarketer. Anyone out there receive calls like this? It would be interesting to see if this is an isolated incident or the start of something fairly widespread.
This discussion has been archived. No new comments can be posted.

Telemarketing Security Threats? More

Telemarketing Security Threats?

Comments Filter:
  • This is probably a threat to your security, but not as big as email attachments and users running them.

    If I wanted to target an attack agaist a certain company, rather than posting a disk, it would be more simple to just mass email the trojan to certain users. It's not hard to find out email address etc, so I think that this would be more effective

    Or am I missing the point? Sorry If I have, rather tired :)

  • first, there's a big difference between a telemarketer and a market researcher. telemarketers are almost always sleazy, and from having worked for a market research company i can tell you that most of them aren't. not all of them, but most of them.

    market researchers (the guys who call you on the phone to do surveys) are NOT trying to sell you ANYTHING. they want you to answer a few questions that their client is interested in. these are the same people who call you and ask you if you're going to vote and who you're going to vote for.

    while i believe the client (the one who hired the research company in the first place) shouldn't have asked to you to run a program they send you, i can almost positively assure you that they mean no harm. to be on the safe side, mailing the disk to your office was a smart idea, but if you want to look into it further, check your phone book. if they aren't a local company (most are in the central time zone) look on the web, there's an association of market research companies, here [mra-net.org] that will give you a list of members.
    "Leave the gun, take the canoli."
  • I have heard of such a program called "PC RATINGS" (now they have changed their name to e-Trends [pcratings.com])...

    I am not sure if this is the way the company recruits people to run their program (described by them as "Nielsen ratings for personal computers") but I do know that when you agree to do it, they send you a program on disk and ask you to always have it running.

    My father used to run this years ago, but there was never really any reward for doing so, so he quit.
  • there's an association of market research companies, here that will give you a list of members

    As far as i could tell their list is available to members only, and membership is not free (and presumably only for marketing research companies anyway). You can complain about a company not upholding their standards, but only if that company is a member---i don't see anywhere on their site where you can query whether a company is a member or not.

    Perhaps they are helpful via email, but their website seems of little value.

  • sorry, that was the first link i could find...i'm sure google could help you there. there's a bigger assiciation that has contact lists of it's members that used to be available to the public, but i forgot the name..sorry.

    "Leave the gun, take the canoli."
  • It's a disk you put in your system and it kind of inventories to see which software you run for statistical and marketing tracking. They offer $50 to return it.

    I declined...No way I'm putting some unknown disk in one of our PCs like that.
  • If it was a legitimate market researcher sending legitimate software that performs a legitimate task, all is well in the world.

    But if everyone was who they said they were, social engineers like Kevin Mitnick wouldn't have gotten nearly as far as they did. Just because you're paranoid doesn't mean that they aren't trying to get you. Remember, the recent MSFT hack was done with a trojan.
    --
  • ...was social engineering at work.

    Think about it - if the guy calling was a cracker, and had a good script - he could get a bit of info, have a good starting point...

    Inept employee installs the software (maybe some cheesy VB screensaver, with BO on the backend or something) - bammo! - instant access (to possibly very sensitive data).

    Alright - maybe this isn't what is happening here - but if this kind of "marketing" takes off, you can bet there will be a few crack attempts along that line...

    I support the EFF [eff.org] - do you?
  • I think it was last summer, although it was a bit of a variant. Some random publishing house (no, not Random House) sent an envelope with a SASE and a floppy, which contained a survey application. The intent was to complete the survey, return the disk, and claim some kind of $$ reward. Needless to say, the disk was harmless, but I've no clue as to whar my money could be...
  • I never trust software from microsoft or telemarketers. Never gotten a software call though. About once a day someone tries to sell me long distance.

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close