Australian Bank Call Center Staff Easy to Socially Engineer

A study performed by a customer experience research firm revealed that many call center operators from Australian banks can be tricked into helping callers obtain information about other people's accounts.

For their benchmark, the company, called Global Reviews, made twenty calls to the customer service hotlines of eight Australian banks, including the largest ones.

The social engineering tricks used by the callers varied, but they generally posed as people who need to urgently access the account of their friend, partner, spouse or lover.

At first, their requests were declined, but when they insisted and explained the gravity of their supposed situation, many staffers loosened up and agreed to help to various extents.

"The callers would say things like, my girlfriend needs to transfer money today. She's gone to work. I have to do it for her. She'll kill me when I come home tonight," Global Reviews Managing Director Peter Grist told The Sydney Morning Herald.

"Half the time after saying no, the call centre staff would work with the caller to find out ways to do it," he added.

Sometimes this involved guiding them to access the account over the Internet and revealing details such as date of birth or account number.

According to the company, staffers from ANZ Bank, one of Australia's "big four," proved more reluctant to help callers than operators from other banks.

Taking this bank out of the equation, the percentage of call center operators ready to help people access someone else's account is around two thirds. The banks expressed surprise when seeing the results of the study.

"They weren't trying to be fraudulent. They knew the rules. But human beings like to help. And not just in banks. I think it would be the same in any industry," Mr. Grist concluded.

This is very true and can be seen each year during the Social Engineering Contest at the DEF CON hacking conference, where hackers fight over who can obtain more information about large companies by speaking on the phone with their employees.