Who are you?

I received a telephone call yesterday on my mobile (cell) phone.  The display showed that the incoming number was withheld.  I answered the call and the lady on the other end explained that she was from the credit card company.  She went on to explain that for her to continue I had to answer some security questions.  ‘Was that OK?’ she asked.  I paused and then replied ‘I am afraid not.  Can you prove who you are and where you are calling from?’.  Why would I present an unknown party with information relating to my identity and possible financial issues?  The caller explained that she could not but went offline to identify with someone else what could be done to continue.


About a minute later she returned and explained that they would just like to know my DOB and postcode and then they would be able to update me on a number of transactions that they wanted to check.  As both of these pieces of information are already in the public domain I agreed and we continued.  The result of the telephone call was that I became reassured that they were paying attention to my account activities and they had provided me with a good service.


There is a straight forward expectation among many organisations and service providers that as they are contacting you, the customer, you should authenticate to them the unknown.  I have seen the same thing when working with clients and conducting exercises on social engineering to review security policies.


Remember ‘Who are you?’  and ‘Can you prove that?’ otherwise it might cost you or your organisation more than you expected.

~ by Simon Hancock on June 19, 2008.

One Response to “Who are you?”

  1. I must say this is a great article i enjoyed reading it keep the good work 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: