About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

13 April 2007

Phone Spoofing

Finally, the plebs have woken up! In this week's Mail and Guardian, there is a story about phone spoofing. It is about time really ...

How many times have you got a call, from some one telling you that they are from the bank or from a company XYZ ... how do you authenticate them? Phishing is too easy, as most people don't both ... just phone up some one and tell them that you are verifying their identity by checking their bank account number.

I remember, when I turned the tables and asked a bank clerk who phoned me to authenticate themselves. They seemed so surprised ... I take it most people don't do that from their response. But the biggest problem facing the consumer is, what do you use to authenticate a bank (or similar institution)? They do have public identifiers (company registration numbers etc) but those are public anyway. That, in the end is the biggest problem - how do you create mutual authentication without a predetermined code and without revealing any secrets? I sense a research topic ...

2 comments:

Ciaa said...

i have thought about that and the solution i came up with was to try and get these consultants to give me about 2/3 of the information they are requesting from me. i would ask them to give me certain numbers of my ID, my branch code if it's a bank, etc. just so i feel better about giving them information...

tricky indeed.

Anonymous said...

A fairly easy way to verify them is to get their details and call them back. If you call the switchboard and the person that called you doesn't exist then what more can you do?

Although you are then racking up your phone bill on them.