This article describes an attack on the author's bank and mobile phone accounts. It goes to show that no matter how strong your electronic security is, the human in the middle is usually the weak link.
My digital security is good; unique strong passwords, held in a secure password store behind another strong password. It would be hard to compromise. However, this attacker had only a bunch of data that you could hoover up from any online store order.
It's unclear what else an account holder can do if companies allow social engineering attacks to get through. The criminals behind this sort of attack are going to be good at what they do and are going to learn how these security systems work and how they can be circumvented.
However, I've tried to contact the tax department and a bank (neither of which I contact often), and struggled to get any useful information because I couldn't remember addresses or passwords so there needs to be some leniency. It's a difficult situation for a company.
With the ability to launch these sorts of attacks from anywhere in the world and with little ability to track down the thieves, this is going to become a significant problem over the next few years. I doubt there is going to be any easy solution.
via Charles Arthur