It is a common theme that when you receive a call from your bank or utility providers, for example, telling you that for your data protection they must take you through security so they can identify you. Stop right there! They called you! It is your responsibility to identify them.
Most of these calls come from unknown or blocked numbers. Where you can identify the number, it is often from a pool of numbers which you would most likely not recognise. If they call you, how are you expected to identify them if they refuse to speak with you until you have confirmed your name and given them your date of birth, along with whatever information they require?
- When someone calls you, you often have no way to verify their identity
- Fraudsters can use the information provided for identity confirmation to impersonate you
Organisations are good at telling their customers they will never ask for passwords, but they are comfortable asking for all the information needed to have passwords reset. As long as organisations are calling members of the public in this way, fraudsters will be able to mimic that behaviour to steal enough information to act as if they are you.
Robert is an information security consultant with over 20 years of experience across various organisations, both in the United Kingdom and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Contact Robert directly through Linked In.