A Social Engineering Afternoon

By | 02/07/2016

A few days ago I got a call from someone pretending to be from my bank (doesn’t matter which one, but out of a stroke of chance they did get my bank correctly). They claimed that I was recently in one of their branches and would like to get my feedback in relation to my visit. In order for the process to start, they asked me to validate my account details (account number and sort code) as well as validate my maiden name and my security PIN for phone banking. Hold on there… Maybe I should have asked them if they wanted my money right then on the spot in cash or would they prefer a check? Why is this picture wrong? For a million reasons… Let’s start with the basics. Guys, I didn’t call you, you called me. So am I really asked to provide account details and answers to my security questions? Seriously? Small points of attention:

  1. Don’t  reply to security questions or provide any personal data over the phone.
  2. Validate who is calling you (number and ID). If it’s from your bank or whatever, tell them you will call back later on and call the bank’s main number and ask for the individual that was supposed to have been calling you.
  3. Generically, if the subject seems irrelevant it probably isn’t a valid call. In my case, I wasn’t in the bank for anything so it doesn’t matter who called, since they asked about my recent visit I knew it was not legitimate.

Sometimes you wonder how they might have got your number? Well, make an effort in maintaining as small of a digital footprint as possible. Examples: Do you need all those profiles to various websites about renting a house if you’re not house hunting at this time? Similarly, do you need all those copies of your CV flowing online, if you’re not searching for a job at this moment in time? You get the drift… Not everyone that calls you is who they claim to be. The approach should be similar to people you meet at a bar. They might look nice and say they are rich and famous. However, that doesn’t make it real. Hence, tread carefully as in real life, a wrong answer might cost more than just a drink…



Leave a Reply