My bank just called me. And for the first time they've let me down.
Their first question was: "Can you let me know the first and third digits from your pass code?"
I glanced at my phone. The caller's number had been withheld. I had no reason to believe I was talking to a representative of the bank. There's no way I was about to give out that sort of information blindly.
"I'm sorry, no."
I had good reason. Each day I receive three or four 'phishing' emails - emails made to look as though they've come from a bank asking for my card number and PIN. It's a well-known scam on the Internet these days, but for some reason banks still haven't figured out how to respond. (I know this from first-hand experience, having run the odd presentation at work for finance institutions.)
Nowhere is this more clear than in the cold call.
I called the bank back. It turns out the call had come from them. They were calling to offer me a loan. I guess I won both ways: I safeguarded my security, and saved myself a sales pitch.
So tonight I'm passing a note on to the bank requesting that they change the way they contact customers. This, in my opinion, is one sure step they can take to close down the threat of phishing.
All contents copyright © 1999-2010 Paul and Emma Bennett