Tony Wright wrote:
I seem to get calls from large corporate like Telstra, Big Bank, Big
Insurance suggesting they can do me a better deal etc. Then they ask
you to verify your identity. I hate this, and refuse to do it.
I usually say, give me your extension and I will call the switch and
get put through to you. The funny thing is, they usually complain
about this, although it usually turns out that they are legitimate.
The scary thing is, anyone could call you with the same spiel and many
people would gladly give up their details, including passwords!
But the important thing is to find out the phone number independently
of the person calling, then call their switch and get put through –
otherwise you have no idea who you are talking to.
T.
Every now and then various organisations that I have accounts with will
ring me up trying to sell me some new 'fantastic' product, but before
they can reveal said product they forcefully ask for the verification of
personal details. I love revealing private details before I can hear a
sales pitch.
Although I am somewhat security conscious (can hack gibsons via TCP139
BSOD), I'm generally just as lazy/vulnerable as most. Dependant on how I
am feeling about the call I sometimes ask the caller to validate who
they are before I hand over my precious details. Usually this request is
met with absolute confusion by the other party which is further
increased by my stipulation that they could be an organised gang of
international digital thieves wanting information in order to transfer
my far-superior Farmville assets to their flailing and baron
agricultural endeavour. All they wanted to do was upgrade my credit card.
I once had someone from AMEX ask me to validate the phone number that
they just called me on. What is the expected result? "Yes, you caught me
out, I actually robbed Les, stole his phone and still have it turned on.
I would have also enrolled him in your extended insurance plan had you
not foiled me with your infallible test tripping me on my ability to
work out caller ID."
Anyway, the point of this rant is to show that most organisations still
are not well equiped when it comes to security, and Joe Citizen hasn't
progressed much either. While we as a populace have mostly built up
resistance to Nigerian Princes contacting you because it's easier to
give you $10 million than to deal with the banks, your average scam has
progressed perhaps at a better pace than user education or technological
counter-measures. One scenario could be where they already obtained
enough of your details to convince you of their identity, another could
be where they have put in great efforts to make their spoof attempts to
look legit sometimes even taking advantage of XSS to give you an almost
100% genuine experience.
I'm an IT professional and sometimes find it hard to tell the difference
between the legit and the not so much. The hinderance of watching my
details to be frustrating at the best of times especially given the lack
of detail-request-protocols from businesses, so what hope is there for
others?
The whole thing is just another 'pro' on my list for becoming Amish.
--
Les Hughes
l...@datarev.com.au