From an alert reader:
I don’t know whether to tell you, or RISKS, or the cops, but I just received an automated call on my cellphone that asked for the last four digits of my Social Security number. The script went:
Hello! This is not a solicitation! We have an important message for J-O-H-N DOE (my first name was spelled out, but the last name was pronounced). If this is J-O-H-N Doe, Press 1 now!
(after pressing 1:)
For your security, please enter the last four digits of your Social Security Number!
I have no idea who it was, because I’ll be — damned — if I’d give out ANY digits of my SSN to an unidentified party. My cell’s display is broken so I’m not sure whether there was any caller ID information on it, but I also know that can be forged. What company expects its customers to give up critical data like that during an unidentified, unsolicited call?
Sadly, there probably are well-meaning people writing automatic telephone scripts that ask this sort of question. But this could very well be a phishing scheme: someone trying to trick the listener into divulging personal information.
In general, my advice is to not divulge this sort of information when you are called. There’s simply no way to verify who the caller is. Far safer is for you to make the call.
For example, I regularly receive calls from the anti-fraud division of my credit card company checking up on particular charges. I always hang up on them and call them back, using the phone number on the back of my card. That gives me more confidence that I’m speaking to a legitimate representative of my credit card company.
Posted on December 7, 2004 at 1:58 PM •
Here’s a good idea:
ASB and Bank Direct’s internet banking customers will need to have their cellphone close to hand if they want to use the net to transfer more than $2500 into another account from December.
ASB technology and operations group general manager Clayton Wakefield announced the banks would be the first in New Zealand to implement a “two factor authentication” system to shut out online fraudsters, unveiling details of the service on Friday.
After logging on to internet banking, customers who want to remit more than $2500 into a third party account will receive an eight-digit text message to their cellphone, which they will need to enter online within three minutes to complete the transaction.
It’s more secure than a simple username and password. It’s easy to implement, with no extra hardware required (assuming your customers already have cellphones). It’s easy for the customers to understand and to do. What’s not to like?
Posted on November 23, 2004 at 9:41 AM •
High school kids are sneaking cell phones past metal detectors.
From the New York Post:
Savvy students are figuring out all kinds of ways to get their cell phones past metal-detectors and school-security staff at city high schools, where the devices are banned.
Kids at Martin Luther King Jr. HS on the Upper West Side put the phones behind a belt buckle — and blame the buckle for the beeping metal-detector.
Some girls hide the phones where security guards won’t look — in their bras or between their legs.
Note that they’re not fooling the metal detectors; they’re fooling the people staffing the metal detectors.
Posted on October 27, 2004 at 1:44 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.