Social Engineering: is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques…. In most cases the attacker never comes face-to-face with the victim (Wikipedia).
A very basic scenario – someone calls you, say’s they are from a ‘trusted’ organisation (like your bank) and asks you for your personal details – date of birth, residential address… sometimes they leave a message and ask you to call back and then ask for the details. The next thing you know, you have a big credit card bill or some other black mark against your name.
So, given the above scenario, why do financial institution employees get upset when you ask them to provide a little bit more information to identify themselves before you provide your information to them?
This happened to me today – I received a text message from my mortgage provider asking me to call. The person who answered the phone didn’t identify the company they were with, and didn’t provide a name. When I finally ascertained that they were the person I needed to speak with, I asked how I really knew they were with who they said they were – their response: “Why else would someone say they are with xxx company”?
Ummmm, I don’t know – why do I get email messages from my ‘bank’ telling me to change my password by clicking on this link? Maybe they want to hack my account or compromise my credit card. In the last 12 months, I’ve had to replace my credit card twice because it was compromised???
For my International readers, the privacy act in Australia basically says that a business can not provide personal information to anyone but the ‘account owner’ – there are some reasonable fines and penalties associated with breaching this act. All good – I GET that… and I love that my dealings can’t be made public.
I APPRECIATE that these staff can’t do anything to change the process – they’re just doing they’re job, but getting annoyed and being rude to the poor client who is just trying to make sure they protect themselves as best they can isn’t helping anything. I am amazed at the apparent naivety of the staff regarding our concern for our private information.
Wouldn’t it be refreshing if instead of us calling a phone number that may, or may not, be the correct number and giving away our private details to a faceless unknown, that they be required to ask a challenge question for us to answer? That way – we would know that we have the right company (the question would be set by agreement between the parties), they would know they have the right party because of our answer. No personal information required…
How many of you, get phone calls that you provide your information freely and willingly – do you feel a twinge of worry at all? Do you say anything to the caller about the process? Maybe if enough of us ‘say’ something, the process will change! What do you think?
Oh yes, I totally agree. I left my previous electricity company because they would continually call me and then ask me to “confirm” personal details (my address, phone number, DoB etc) before they’d talk to me about anything and I always refused. Their response to me refusing was always “please ring the customer call centre”. Mine was to tell them to “put it in writing”.
My bank always double checks with a password regardless of whether they ring me or I ring them. As much as I hate having a million passwords for different services, it does give me peace of mind.
Oh Sharyn – you made me smile! I also tell them that if it’s that urgent they should write to me too…. I had one company wanting to sell us stuff, and requiring authentication first – needless to say, they didn’t get to make their pitch!
Oh yes, I totally agree. I left my previous electricity company because they would continually call me and then ask me to “confirm” personal details (my address, phone number, DoB etc) before they’d talk to me about anything and I always refused. Their response to me refusing was always “please ring the customer call centre”. Mine was to tell them to “put it in writing”.
My bank always double checks with a password regardless of whether they ring me or I ring them. As much as I hate having a million passwords for different services, it does give me peace of mind.
Oh Sharyn – you made me smile! I also tell them that if it’s that urgent they should write to me too…. I had one company wanting to sell us stuff, and requiring authentication first – needless to say, they didn’t get to make their pitch!
Yes Charly I absolutely agree with you, the relentless questions and time involved when it could be such a simple exercise, I am so tired of it, the Privacy Act protects these companies more so than us the consumer, we have no idea who we are actually speaking with and providing personal information to. I was just speaking with a friend the other day about this very subject and I jokingly said next time I am going to ask for their name, address and DOB before I continue with the call, just to see what their reaction is….lol. Of course the only people we should blame are the scammers and con people who brought this about.
Hi Lesley – I have asked them for their personal details – didn’t go down real well….
Yes Charly I absolutely agree with you, the relentless questions and time involved when it could be such a simple exercise, I am so tired of it, the Privacy Act protects these companies more so than us the consumer, we have no idea who we are actually speaking with and providing personal information to. I was just speaking with a friend the other day about this very subject and I jokingly said next time I am going to ask for their name, address and DOB before I continue with the call, just to see what their reaction is….lol. Of course the only people we should blame are the scammers and con people who brought this about.
Hi Lesley – I have asked them for their personal details – didn’t go down real well….
I’m with Sharyn on this one too. I absolutely refuse to give any personal details to anyone who has called me! My bank also has a password system which I find reassuring. I moved from the UK to Australia in 2008 and have been astounded at the amount of calls I get from all sorts of institutions asking for personal information and also wanting me to purchase things from them there and then. I refused to purchase some raffle tickets from a very reputable charity the other day who ‘cold called’ and expected me to give them my credit details. The lady on the other end was astounded – she also did not know my home address to send me more information, and I refused to give her that too! Telstra yesterday called and asked me to confirm my address, DoB, phone number before they could fill me in on their latest deals …
I LOVE that I have to give them my personal details just so they’ll sell to me – not! Not that I like being sold to. It really cuts down on a heap of sales calls though, when you don’t provide your personal details…
I’m with Sharyn on this one too. I absolutely refuse to give any personal details to anyone who has called me! My bank also has a password system which I find reassuring. I moved from the UK to Australia in 2008 and have been astounded at the amount of calls I get from all sorts of institutions asking for personal information and also wanting me to purchase things from them there and then. I refused to purchase some raffle tickets from a very reputable charity the other day who ‘cold called’ and expected me to give them my credit details. The lady on the other end was astounded – she also did not know my home address to send me more information, and I refused to give her that too! Telstra yesterday called and asked me to confirm my address, DoB, phone number before they could fill me in on their latest deals …
I LOVE that I have to give them my personal details just so they’ll sell to me – not! Not that I like being sold to. It really cuts down on a heap of sales calls though, when you don’t provide your personal details…