
Ask HN: I found out a hacker's phone number. Now what? - throwawaySaaS1
Hi guys,<p>I run a SaaS business in Canada, and I had an individual attempting to gain access to one of our customer&#x27;s account illegally via social engineering (pretending that she&#x27;s an employee of the customer)
I asked for her phone number as a part of verification process (completely made up), and I was able to speak with her briefly. During our phone call, she blatantly lied about being my customer&#x27;s wife when I know for fact that he&#x27;s single.<p>I checked out the government&#x27;s website about reporting a cybercrime, but it seems to have very little resources available. Their office&#x27;s closed right now, so I&#x27;ll give them a call tomorrow.<p>Has anyone experienced a situation like this?
======
jhanschoo
I wouldn't follow the comments suggesting vigilante retaliation against the
hacker via the phone number. For all you know it belongs to a second victim
(e.g. hacked Skype number).

------
cbanek
While the crime is done using computers, it seems like it could be fraud, if
they are trying to use the access to spend money or steal information to do
something with?

Given the nature of the attack being aimed directly for one customer, if I
were you, I would possibly alert that customer that something funny is up.
That way they might be able to prevent the same thing happening at other
companies they use that might not be as careful.

As far as dealing with the police, if they didn't manage to get anything, I
wouldn't bother. Keep the info around just in case.

------
tlb
Make a note for the support people to ignore fraud attempts matching the
details.

Then move on.

~~~
markgamache1
DO NOT DO THIS. Having worked in customer care security, I can gaurantee that
the note will be missed or ignored.

------
geocrasher
Give her access to an empty account, then log everything she does. Block her
and report as necessary.

------
badrabbit
Let the actual victim(the customer) know and leave it at that. They can file a
criminal complaint or take further action as they see it fit.

Don't go about acting like a vigilante. What if she does get arrested but she
is the guy's gf/ex? What if she is a legit business partner? This things can
will often go south in differeny ways. You were not target,a victim or a
criminal detective.

------
bobosha
I think you should just report it to the RCMP and leave it be. Vigilante
action can have unforeseen consequences and since you are a business owner,
it's best avoided.

p.s. incorporate stronger authentication mechanisms (2FA) for your offering,
if not already.

------
MrWiffles
Definitely report it to the RCMP, but you can also report it to the US FBI via
[https://www.ic3.gov/default.aspx](https://www.ic3.gov/default.aspx). I'd
suggest not mentioning that you're a Canadian citizen; just let them assume
you're American so they don't use your citizenship as an excuse to just shut
down the case and ignore it. I'm not suggesting you lie of course, but let
them draw their own conclusions.

------
_nalply
It's most surely not the hacker's phone number.

~~~
sdan
Definitely: “hackers phone number” is an oxymoron, because no somewhat
experienced hacker would ever give out their personal number.

Don’t be shocked if it’s some twilio or google voice number

~~~
NikolaeVarius
It IS possible that they screwed up. But yeah, I doubt it

~~~
_nalply
If you attack the number you might hit an innocent bystander whose number as
been misused by the hacker.

------
ntnlabs
I would randomly send her made up verification codes :D

------
dorkwood
One thing that might ruffle their feathers a bit is if you figure out what
time zone they're in, and then give them a call in the middle of the night.

------
HegzOverflow
he might try doing it again, that's often called spear phishing in a more
nerdy manner, just let people around you know this happened and move on.

------
villgax
FCC has a page for this

~~~
oyebenny
Link please?

------
withinboredom
List the phone number on Craigslist for a free tv in several large cities.
(I’ve done this as pranks to friends, they’ll get several hundred texts and
phone calls)

~~~
hckr_news
Thats a bit scummy of you

------
RickJWagner
Give it to the 'Your auto warranty is about to expire' people. Can there be a
worse punishment?

