So an insurance salesperson (via a cold call over the phone) conned me into connecting in a Zoom call in which I revealed personal connections and email addresses.
Now, I'm actually NOT a complete idiot. The salesperson (and her higher-pressure sales manager) not only were pretty good at the act (a sort of HR upper managerial style of behavior) but they had an interesting bit of inside information: they worked for an insurance company that was the provider of a free benefit from my current employer, so they were able to pretend to be legit, and to have a need to update information on beneficiaries and so forth. They were just trying to upsell, not to steal. Clever, huh?
I still consider the call a kind of breach, although not the sort we're most fearful of. And the salesgirl was actually what she claimed to be (local), which I determined by her geographical references, slang, dress and accent. The AI that can fake all that stuff has to be two or three years away. Okay, maybe one.
It was my first "insider threat" experience in years. It was fascinating. More of an invasion of privacy than a perimeter breach, but a reminder that, shall we say, rust never sleeps.
