Every day I read more and more about security online, encryption, 2 factor authentication and impacts of data theft, identify fraud etc.
But not enough attention is given to the basic confidence scams that happen every day, stretching back to well before the internet. (BTW, TCP/IP is 40 years old today)
Recently, I received a phone call from someone claiming to be from my credit-card company. The first thing they asked was for me to give answers to 2 security questions, and asked me the first. I paused, and asked how did I know I was speaking to someone from the company, to which i was told, I was. Wow, that reassured me !
So a little bit of to-ing and fro-ing ensued. I was told that I needed to verify my identity. I told them that THEY rang ME on my number, the one that they have on file for me, and I need to verify THEIR identity. The answer: well, yes we rang you, but it might not be you at the other end.
Stalemate continued.
As it became aware that there was no solution, I was then given a number to call and to ask if that person had actually called me. So I then had to look up their website and verify that it was their number I was calling back.
As it turned out, it was a legitimate call, but how was I to know? It could have been a scam, get all my answers, then use them in turn to clean out my card.
Considering that most calls from these Call-Centre setups are from a blocked number, there needs some thought put into how we authenticate incoming calls