Maybe it is because I write about the security industry that I have become either paranoid or just more careful. Whatever the reasons, when I get an e-mail from a financial institution, my best practice is not to open any attachments. I also do not follow any instructions regarding the divulging of personal information that require a visit to a website. I do so having been the victim of a phishing expedition that caused months of remediation, and because of all of the reports I receive regarding the growing sophistication of those with malicious intent.
The reason I bring all of this up is that the other day I received an e-mail from one of my financial institutions. It looked real and asked me to go to a page, click on my profile and update my security questions. My instant reaction was that somebody wishing to do me harm had gone “phishing.” In fact, since this is an institution from which I have never before gotten an e-mail notification after years of having a relationship, I was more than a bit skeptical.
Image via Shutterstock
Rather than call the 800 number in the e-mail, I went to this company’s website and used the number for customer service listed there, which fortunately was a match with the one in the e-mail. I was connected with an agent, after being validated that I was who I claimed to be, and the agent supplied me with the following information:
The agent then told me that the reason for this was that its IT department was concerned that generic security challenge questions like “What is your favorite color?” were too easily compromised. A new set of challenges were created that asked much more personal questions, in theory making it harder for hackers to gain account access.
While I did not expect an answer, I did ask whether this was a result of a data breach or just IT being cautious. The agent told me that it was his understanding that financial institutions around the world are or would soon be asking their customers to change their security challenge questions in apparent reaction to findings about how easily compromised existing ones were proving to be.
The moral of this story is that, along with getting peace of mind, my interaction highlighted the continuing value of speaking with an informed agent. It remains the best way to get answers, and not coincidently to my mind the preferred way to make sure your personal information is correct and handled in an appropriate manner.
I happen to be a huge proponent of self-service, but this was one of those all-too-frequent instances where getting a thorough explanation as to why was important and speaking with a human was the best way to get that explanation. Indeed, with all due respect, most websites frequently asked questions (FAQs) sections have a propensity to raise more questions than they answer—a topic for an entire new posting in the future. In addition, I knew I was speaking to a trustworthy source by making sure I was connected to a real company representative.
Whether you are as skeptical as I am, or just want more details when your inbox gets something for which you require more details, at a minimum you should be careful before you click. I now have new challenge questions and feel better about this company as a result of them upgrading their security. You might wish to investigate if your financial institutions are doing the same. In fact, why not give their contact centers a call. You hopefully will be glad you did.