It is a common theme that when you receive a call from your bank or utility providers, for example, telling you that for your data protection they must take you through security so they can identify you. Stop right there! They called you! It is your responsibility to identify them.
Most of these calls come from unknown or blocked numbers. Where you can identify the number, it is often from a pool of numbers which you would most likely not recognise. If they call you, how are you expected to identify them if they refuse to speak with you until you have confirmed your name and given them your date of birth, along with whatever information they require?
- When someone calls you, you often have no way to verify their identity
- Fraudsters can use the information provided for identity confirmation to impersonate you
Organisations are good at telling their customers they will never ask for passwords, but they are comfortable asking for all the information needed to have passwords reset. As long as organisations are calling members of the public in this way, fraudsters will be able to mimic that behaviour to steal enough information to act as if they are you.
Information security, risk management, internal audit, and governance professional with over 25 years of post-graduate experience gained across a diverse range of private and public sector projects in banking, insurance, telecommunications, health services, charities and more, both in the UK and internationally – MORE