If you think the British tabloid phone-hacking scandal has nothing to do with your personal financial information, think again. A consumer advocate savvy in high-tech financial security discovered that similar tricks used by hackers to break into people’s voicemail accounts could also be exploited to gain access to confidential credit card information.
As described by the The New York Times, the hacking works like this: A person can use a legal service that makes a call from another number seem as if it’s coming from a different number. ”When the receiver of the phone call looks at the caller ID, it has our phone number, and as far as the receiver is concerned, it’s really us calling,” says Mike Paquette, chief strategy officer at Corero Network Security.
While this is alarming enough, a consumer advocate discovered something even worse. From the Times: “[S]omeone armed with just a bit of personal information about a target can also gain access to the automated phone systems for Bank of America and Chase credit card holders.” There isn’t any evidence that a hacker could fraudulently use your credit card or steal your identity, but they’d have access to an alarming amount of highly personal data: How much you owe, what your credit limit is and where you’ve used the card. According to the consumer advocate’s investigation, Chase gives the caller access to previous transaction information by category while Bank of America lists merchant names; both would reveal to a hacker how much you spent.