It is a common theme that when you receive a call from your bank or utility providers, for example, telling you that for your data protection you must be taken through security so they can identify you. Stop right there! They called you! Surely it is your duty to identify them. Most of these calls come from unknown numbers or where the number is identified, it a number from a pool of numbers which you would most likely not recognise. If they call you, how are you expected to know who they are if they won’t speak to you until you have confirmed your name and given them your date of birth, along with whatever information they ask for.
- You really have no idea who you are speaking to when they called you.
- The information provided for the purpose of identity confirmation can be used to impersonate you.
- If a fraudster has enough information to prove that they are you, they can do anything that you can ‘as you’.
Organisations are good at telling their customers they will never ask for passwords, but they are comfortable asking for all the information needed to have passwords reset. As long as organisations are calling members of the public in this way, fraudsters will be able to mimic that behaviour to steal enough information to act as if they are you.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.