[TriLUG] OT: lack of security at BofA
Steve Litt
slitt at troubleshooters.com
Sun Dec 21 16:38:06 EST 2014
On Sun, 21 Dec 2014 11:22:09 -0800 (PST)
Joseph Mack NA3T <jmack at austintek.com> wrote:
> On Sun, 21 Dec 2014, Steve Litt wrote:
>
> > You're right, Michael. But as a nation it's our fault. We didn't
> > give BofA enough bailout money to do security right!
>
> :-)
>
> I was in at the Durham Intrex a few minutes ago and mentioned the
> events this morning to the friendly manager, Tim, to get a vendor-eye
> view of the matter.
>
> He says when you get a phone call like this, it is from the bank and
> they won't ask you any PII. You just talk and if they ask anything
> they shouldn't already know, they're fraud.
>
> So if they ask me for my passwd/securty_string (eg mother's maiden
> name), am I supposed to give it? Not till I know that they're BofA.
>
> Tim's method fails. I would have to sit there on guard with every
> question. If I make a mistake, I've been phished. I get about half a
> dozen phone calls a day from people who have no business calling me;
> they're just scams. I get spam all day. I'm not interested in having
> a battle of wits every time. I only have to slip-up once and I'm
> hosed.
>
> In response to my "hello", I regard it as the callers obligation to
> tell me who they are and why I should listen to them.
>
> Joe
When I get a call like this, I say "Oh, listen, I can't talk right
now", hang up, and dial a known good number for the entity. Like the
number on the back of my credit card, or the one in the bank statement.
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
More information about the TriLUG
mailing list