Security blogs

Who is actually calling you

A couple of days ago I got a call from a local motor vehicle Insurance company, asking me to discuss some matters with them. I am a customer of this company so I was curious as to what they wanted to talk about.

I asked them how I could be sure that it was actually the company that they were claiming to be calling me from. I advised them that anyone could claim to be from that company and I asked them how they could verify that they were actually from the company. They couldn’t give me a satisfactory answer (because there isn’t one), so I told them I’d have to take them through my security verification process and asked what my birthday was. They couldn’t answer and I told them to write to me or email me, you should have those details on my records if you are, who you claim to be, which is my default position on incoming calls from any business.

The point is, you can absolutely no longer take phone calls from anyone you don’t know. It’s too risky. If you can’t recognise their voice, or number, don’t trust them.

One Call Centre person got quite upset when I said “any of your customers who would take this call are idiots and you should get rid of them as they put your employer’s business at risk”.

Would you deal with a company that treated their customer’s details in this manner?

You may also like
Security Awareness Training is ineffective!
Get the budget you need, not the one you deserve.
Here’s how to defend yourself online
Conscious vs. Unconscious – the determinants of security behaviour