phishing, vishing, identity theft, social engineering, security questions
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


  Scott Wright's Security Views
Blog Entry

How should authorities prove they're legitimate when THEY call YOU?

Wednesday, January 21st 2009 @ 11:58 PM (not yet rated)    post viewed 7730 times

The other day I received a voicemail message from somebody claiming to be from the federal government, asking for me to call him back. All he wanted was to verify some statistical information about my business. It sounds innocent enough, right? 

But I became concerned because the person left a 1-800 phone number, and there was no way to verify that the caller's number actually belonged to a legitimate government organization. It could easily have been a fraudster, trying to collect personal information, or sensitive information about my business. Setting up a fake 1-800 number is pretty easy.

Sounds paranoid, I know. But what's the first thing an organization will do when you phone them about something personal or sensitive? They ask a few "security questions" to verify who you are.  This is fine, if YOU are calling THEM, based on a publicly verifiable phone number, listed in the phone book or on an official website.

But if THEY called YOU, and you thought they were a representative of a legitimate authority, they could easily collect your birthdate and social insurance number. So, in fact, YOU should be asking THEM a few "security questions". If somebody calls you from any organization, asking to verify their information, or for some urgent information to complete their records, first ask them to give you their PUBLICLY LISTED client service number.

Then, after they've given you the number, tell them you will call them back on that number. This way, if it is a fraudster, they will not be able to intercept your call to the legitimate organization's service line.

Sadly, it turns out that the call I received was actually legitimate. This is not the first time I've had calls from legitimate organizations that should know better, and did not provide a means of easily authenticating themselves to me.

Don't give any sensitive information to people who try to reach you by phone, email, fax, instant messaging, texting, etc. without first verifying exactly who they are. Ask them if you can get back to them through a publicized contact point. If they don't like it when you ask that, you should ignore them. No legitimate organization should handle sensitive information without being able to authenticate themselves.

If you have a comment on this article, please visit The Streetwise Security Zone, log in and let me know what you think.

Share

 

Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Scott Wright on LinkedIn 

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.

 

Site Meter

 rate this post: very bad poor average good fantastic!
Comments
Blog Entry

How to deal with weaknesses in Anti-Virus solutions

Sunday, January 4th 2009 @ 10:30 PM (not yet rated)    post viewed 3454 times

As most of us know, no Anti-Virus solutions catch 100% of the threats they face. Some don't even come close. I've heard that it can be a good strategy to use more than one anti-virus product. However, in my recent experience, it's hard to find any that will coexist on a system. Most of them usually want you to uninstall any other Anti-Virus solution before they will install themselves.

So, I have been rethinking my strategy for virus protection.

I posed the following question to the Linked In Q&A forums...

Do any antivirus programs work well together?

It's generally accepted that no single AV product is able to completely protect against all viruses. Some people say to use multiple A/V products simultaneously. Some won't work well, or won't install with others present.

Does anyone have good facts or references on how well different A/V products work to complement each other's strengths without interefering with each other?

Suggestions

Some of the good suggestions/comments I received included:

  1. Using a single primary A/V product for regular scanning and for automatic real-time protection, supplemented by web-based scanning on an occasional basis. For example, Symantec has a web-based scanner that you can use for free. This shouldn't conflict with any installed A/V products.
  2. If you are technically inclined, or are running an enterprise, you can put extra scanners in places like the firewall or email server, as well as end-user computers.
  3. It's not good to have more than one A/V product installed at the same time on the same computer, since just one can slow down all applications dramatically. More than one will just make it silly slow.

For the full set of responses posted on Linked In click HERE.

Share

 

Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Scott Wright on LinkedIn 

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.

 

Site Meter

 rate this post: very bad poor average good fantastic!
Comments

Copyright 2012. Security Perspectives Inc. All Rights Reserved.