Ask Charly Leetham

Online Business Implementation Expert - Helping Businesses Harness The Internet As A Channel To Market

Online Business Implementation | Website Design and Development | Web Hosting | Domain Names

  • Home
  • About
  • Our Services
    • Our Work
    • Nice Things People Say
  • Resources For Online Businesses
  • Shop
  • Blog
  • Contact Us
  • Legal Policies
  • My Account

Identify Yourself! Financial Institutions: Social Engineering At It’s Best???

September 8, 2011 by Charly Leetham 12 Comments

Social Engineering: is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques…. In most cases the attacker never comes face-to-face with the victim (Wikipedia).

A very basic scenario – someone calls you, say’s they are from a ‘trusted’ organisation (like your bank) and asks you for your personal details – date of birth, residential address… sometimes they leave a message and ask you to call back and then ask for the details.  The next thing you know, you have a big credit card bill or some other black mark against your name.

So, given the above scenario, why do financial institution employees get upset when you ask them to provide a little bit more information to identify themselves before you provide your information to them?

This happened to me today – I received a text message from my mortgage provider asking me to call.  The person who answered the phone didn’t identify the company they were with, and didn’t provide a name.  When I finally ascertained that they were the person I needed to speak with, I asked how I really knew they were with who they said they were – their response: “Why else would someone say they are with xxx company”?

Ummmm, I don’t know – why do I get email messages from my ‘bank’ telling me to change my password by clicking on this link?  Maybe they want to hack my account or compromise my credit card.  In the last 12 months, I’ve had to replace my credit card twice because it was compromised???

For my International readers, the privacy act in Australia basically says that a business can not provide personal information to anyone but the ‘account owner’ – there are some reasonable fines and penalties associated with breaching this act.  All good – I GET that… and I love that my dealings can’t be made public.

I APPRECIATE that these staff can’t do anything to change the process – they’re just doing they’re job, but getting annoyed and being rude to the poor client who is just trying to make sure they protect themselves as best they can isn’t helping anything.  I am amazed at the apparent naivety of the staff regarding our concern for our private information.

Wouldn’t it be refreshing if instead of us calling a phone number that may, or may not, be the correct number and giving away our private details to a faceless unknown, that they be required to ask a challenge question for us to answer?  That way – we would know that we have the right company (the question would be set by agreement between the parties), they would know they have the right party because of our answer.  No personal information required…

How many of you, get phone calls that you provide your information freely and willingly – do you feel a twinge of worry at all?  Do you say anything to the caller about the process?  Maybe if enough of us ‘say’ something, the process will change!  What do you think?

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to print (Opens in new window)
  • Click to email this to a friend (Opens in new window)

Filed Under: Security Tagged With: banks, financial institutions, privacy act, protecting your private information, social engineering

Want To Use This Article?

You can as long as you include the following (links must be active):

Charly Leetham, from Ask Charly Leetham, is an Online Business Implementation Expert who helps Small Businesses and Solopreneurs harness the power of the Internet as a Sales Channel or Channel To Market. Get your dose of business inspiration and motivation to help you along. Compiled from the generous contributions of over 79 authors. Grab a free copy today. Motivating Your Mind, Inspiring Your Spirit by visiting www.AskCharlyLeetham.com today

Comments

  1. SharynMunro says

    September 8, 2011 at 5:11 am

    Oh yes, I totally agree.  I left my previous electricity company because they would continually call me and then ask me to “confirm” personal details (my address, phone number, DoB etc) before they’d talk to me about anything and I always refused.   Their response to me refusing was always “please ring the customer call centre”.  Mine was to tell them to “put it in writing”.   

    My bank always double checks with a password regardless of whether they ring me or I ring them. As much as I hate having a million passwords for different services, it does give me peace of mind.

    Reply
    • Charly Leetham says

      September 8, 2011 at 10:09 am

      Oh Sharyn – you made me smile! I also tell them that if it’s that urgent they should write to me too…. I had one company wanting to sell us stuff, and requiring authentication first – needless to say, they didn’t get to make their pitch!

      Reply
  2. SharynMunro says

    September 8, 2011 at 3:11 pm

    Oh yes, I totally agree.  I left my previous electricity company because they would continually call me and then ask me to “confirm” personal details (my address, phone number, DoB etc) before they’d talk to me about anything and I always refused.   Their response to me refusing was always “please ring the customer call centre”.  Mine was to tell them to “put it in writing”.   

    My bank always double checks with a password regardless of whether they ring me or I ring them. As much as I hate having a million passwords for different services, it does give me peace of mind.

    Reply
    • Charly Leetham says

      September 8, 2011 at 8:09 pm

      Oh Sharyn – you made me smile! I also tell them that if it’s that urgent they should write to me too…. I had one company wanting to sell us stuff, and requiring authentication first – needless to say, they didn’t get to make their pitch!

      Reply
  3. Lesley Lindsay says

    September 8, 2011 at 10:02 am

    Yes Charly I absolutely agree with you, the relentless questions and time involved when it could be such a simple exercise, I am so tired of it, the Privacy Act protects these companies more so than us the consumer, we have no idea who we are actually speaking with and providing personal information to.  I was just speaking with a friend the other day about this very subject and I jokingly said next time I am going to ask for their name, address and DOB before I continue with the call, just to see what their reaction is….lol.  Of course the only people we should blame are the scammers and con people who brought this about.

    Reply
    • Charly Leetham says

      September 8, 2011 at 10:11 am

      Hi Lesley – I have asked them for their personal details – didn’t go down real well….

      Reply
  4. Lesley Lindsay says

    September 8, 2011 at 8:02 pm

    Yes Charly I absolutely agree with you, the relentless questions and time involved when it could be such a simple exercise, I am so tired of it, the Privacy Act protects these companies more so than us the consumer, we have no idea who we are actually speaking with and providing personal information to.  I was just speaking with a friend the other day about this very subject and I jokingly said next time I am going to ask for their name, address and DOB before I continue with the call, just to see what their reaction is….lol.  Of course the only people we should blame are the scammers and con people who brought this about.

    Reply
    • Charly Leetham says

      September 8, 2011 at 8:11 pm

      Hi Lesley – I have asked them for their personal details – didn’t go down real well….

      Reply
  5. Jane says

    September 9, 2011 at 2:25 am

    I’m with Sharyn on this one too. I absolutely refuse to give any personal details to anyone who has called me! My bank also has a password system which I find reassuring. I moved from the UK to Australia in 2008 and have been astounded at the amount of calls I get from all sorts of institutions asking for personal information and also wanting me to purchase things from them there and then. I refused to purchase some raffle tickets from a very reputable charity the other day who ‘cold called’ and expected me to give them my credit details. The lady on the other end was astounded – she also did not know my home address to send me more information, and I refused to give her that too! Telstra yesterday called and asked me to confirm my address, DoB, phone number before they could fill me in on their latest deals …

    Reply
    • Charly Leetham says

      September 9, 2011 at 3:12 am

      I LOVE that I have to give them my personal details just so they’ll sell to me – not!  Not that I like being sold to.  It really cuts down on a heap of sales calls though, when you don’t provide your personal details…

      Reply
  6. Jane says

    September 9, 2011 at 12:25 pm

    I’m with Sharyn on this one too. I absolutely refuse to give any personal details to anyone who has called me! My bank also has a password system which I find reassuring. I moved from the UK to Australia in 2008 and have been astounded at the amount of calls I get from all sorts of institutions asking for personal information and also wanting me to purchase things from them there and then. I refused to purchase some raffle tickets from a very reputable charity the other day who ‘cold called’ and expected me to give them my credit details. The lady on the other end was astounded – she also did not know my home address to send me more information, and I refused to give her that too! Telstra yesterday called and asked me to confirm my address, DoB, phone number before they could fill me in on their latest deals …

    Reply
    • Charly Leetham says

      September 9, 2011 at 1:12 pm

      I LOVE that I have to give them my personal details just so they’ll sell to me – not!  Not that I like being sold to.  It really cuts down on a heap of sales calls though, when you don’t provide your personal details…

      Reply

Leave a Reply Cancel reply

  • Home
  • About
  • Shop
  • Legal Policies
Help Yourself

I Want To Start Blogging

Improve Website Email Deliverability [Video]

Configure WordPress To Use SSL [Video]

Create And Install A SSL Certificate on CPanel [Video]

Optimize Your Images For Best Results [Video]

© Copyright Leetham Trust 2007 - 2017 | All prices quote are in Australian Dollars (AUD) and inclusive of GST unless otherwise stated

Business Website Designed by Ask Charly Leetham

eWAY Payment Gateway
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.