This site uses cookies to ensure the best viewing experience for our readers.
Two Phone Calls Are Not Enough to Verify a User’s Identity, Says Cyber Investor

Cyber 2020

Two Phone Calls Are Not Enough to Verify a User’s Identity, Says Cyber Investor

Mickey Boodaei, a veteran cyber investor and entrepreneur, spoke Monday at Calcalist’s Cyber 2020 conference

Naomi Zoref | 13:11, 17.12.19
Most cyberattacks are much less sophisticated than you would imagine, according to Mickey Boodaei, a veteran cyber investor and entrepreneur. Boodaei spoke Monday at Calcalist’s Cyber 2020 conference, held at shared office venture Labs at Tel Aviv’s Azrieli Sarona tower.

“Much like in the real world, to break into a house you don’t need to go through lasers or cut through bars. Typically, you just have to look for the key that is under the welcome mat,” Boodaei said.
Mickey Boodaei. Photo: Orel Cohen Mickey Boodaei. Photo: Orel Cohen Mickey Boodaei. Photo: Orel Cohen
“To steal a million dollars or organizational data worth tens of millions of dollars, you do not need any exceptional knowledge, just a day’s worth of work, and very basic technical capabilities,” Boodaei said. Using private information such as ID numbers, dates of birth, credit cards, or verification codes that you get in an email or a text message, cannot in itself prevent an attack, he added.

Related stories

“I recommend everyone takes a hard look at their organizations’ identification and data verification processes, whether they are dealing with clients, employees, or partners,” Boodaei said. It is imperative to see what happens when a user needs to recover their username or update a phone number, he said. “If the process requires no more than two phone calls. We may have a problem, and someone could easily take control of sensitive data or internal organization accounts.”
share on facebook share on twitter share on linkedin share on whatsapp share on mail

TAGS