For a while I’ve been running a mobile contract with O2 for my mum, who’s now taken a new deal with EE. She asked me to get a PAC and cancel her O2 contract, which is fair enough.
I took to the O2 website, hunted out contact information, and was informed by the site that a live web chat was the best way to deal with my query (go here > It’s about my account > Prefer to speak to someone > Start live chat).
After being passed from one agent to another, I managed to get the PAC from the agent by confirming only the phone number for the account and the name on it. At no point was I asked to confirm details from my password, or any other security details.
The transcript is below, with personal details removed. The question is, how feasible an attack vector is this? If you’re on O2 and I know your name, I could just transfer your number to another SIM easily it seems. You could cause some serious frustration at least, and potentially hijack phone calls if your target doesn’t realise their handset has stopped working (probably less likely, but still).
The exam question: I would like to use an image as the background for this site, I would like it to scale up or down appropriately for the viewport or device looking at it, and I would like it to be static (ie. when the content scrolls, the image remains in place).
Today I received a phone call from my mother, frustrated that she keeps missing calls to her mobile. She isn’t the speediest at getting around and at the moment her phone is ringing only three times before the call is forwarded to voicemail.
On O2 you can easily increase the length of time the phone will ring before diverting.