The kind of thing only your grandparents would fall for
But evidently not.
Last week I helped someone navigate their bank’s tech support to regain access to an account they’d been locked out of. I believe the bank was having some technical difficulties that they weren’t admitting to (or which the support people weren’t even aware of). Many standard approaches did not work, and we kept getting escalated. The top person we talked to eventually asked for some information that didn’t conform to the usual security question / answer format (“What year what the account opened?” for a ~50 year old account that had been opened many bank mergers ago) and wound up reading us a new password over the phone.
This approach alarmed me, it seemed to violate some security rules of thumb that I thought I understood. But this is what the bank does, sometimes. Given the sort of nonsense that goes on legitimately sometimes, expecting the general public to understand which information flows to be suspicious of – expecting them to think in terms of information flows at all – may be asking too much. We’d all hope journalists would be more savvy, I guess, but “government officials?” Nope. I used to think “Oh, I wouldn’t fall for that” when I read stories like these, but now I’m less sure.
But evidently not.
Last week I helped someone navigate their bank’s tech support to regain access to an account they’d been locked out of. I believe the bank was having some technical difficulties that they weren’t admitting to (or which the support people weren’t even aware of). Many standard approaches did not work, and we kept getting escalated. The top person we talked to eventually asked for some information that didn’t conform to the usual security question / answer format (“What year what the account opened?” for a ~50 year old account that had been opened many bank mergers ago) and wound up reading us a new password over the phone.
This approach alarmed me, it seemed to violate some security rules of thumb that I thought I understood. But this is what the bank does, sometimes. Given the sort of nonsense that goes on legitimately sometimes, expecting the general public to understand which information flows to be suspicious of – expecting them to think in terms of information flows at all – may be asking too much. We’d all hope journalists would be more savvy, I guess, but “government officials?” Nope. I used to think “Oh, I wouldn’t fall for that” when I read stories like these, but now I’m less sure.