My Telco Encourages Phishing and Identity Theft
Today I got another call from, ummm, supposedly my mobile phone provider.
It started like that: “Good morning, am I speaking with Ofer?” I replied “Yes”, then the next thing the guy said was:
“It’s regarding the *** you asked for in November, but first may I please have your full name, date of birth and address for security purposes?”
What. The. Fuck.
A guy is calling me to my personal mobile phone, and is asking me to identify myself by giving away personal details that might be easily used for identity theft, impersonation and what not. How am I supposed to know that he’s indeed from where he states he is?
On the other hand, if he is genuinely my telco’s representative (and in this case I was quite sure he was, but that’s not the point), then he has just called me to the same mobile phone number that’s registered with them. He is in a much better position to know that I am who he hopes I am, than me trying to figure out if he is indeed from my mobile phone company.
I insisted on not giving away my details, explaining to him exactly that (by the way, the information he wanted to tell me regarding my inquiry was not something that the wrong person supposedly answering the call would have been able to leverage from) and he said he’d need to ask his manager for a permission to give me this information without me giving my personal details. He couldn’t get his manager and said that instead he’ll send me an email detailing what he was about to tell me. Which he did.
But wait a second — is email more secure than my phone?
Oh, and he mentioned it’s a company’s policy to not give away details over the phone without the customer giving their identification details.
So to summarize:
This telco’s practice is to encourage phishing attacks by putting a policy in place that requires customers to give personal details over the phone for a stranger that’s calling them.
The Internet is full of horror stories about phishing and social engineering attacks, and this company encourages that as their policy.
Isn’t it a broken world?
