Let’s face it, our mobile phones have become an extension of ourselves, with their whereabouts always within arms reach. The personal information that our smartphones contain goes beyond our own memory, which is exactly why criminals are so keen on targeting our phones, the data they contain and what they can unlock.
Knowing this, it continues to blow my mind when I come across articles like last week’s “Facebook lists user phone numbers for all to see.” In the article, the world’s leading social network still makes available users’ mobile phone numbers for anyone to access. With a little bit of ingenuity, security researcher, Suriya Prakash, said anyone can gain access to the one device that connects our personal and online information.
“I would consider my most ‘personal’ data saved on Facebook to be my mobile number as it is somewhat of a bridge interlinking both my personal and online life. I would not like people I don’t want getting a hold of it.”
With one billion Facebook users out there, this is a treasure trove of personal information for crooks. By collecting something as simple as a mobile phone number, a motivated criminal can begin creating a profile for purpose of social engineering an individual, as well as committing bank fraud if they can match that individual to a bank.
Yet, this is only the tip of the iceberg when it comes to gathering personal information from social websites.
Not quite easily understood are the apps that ask you questions like, “How well do you know John Doe?” Or, run you through a series of personal questions such as, “What is your favorite color?” “We’re was John Doe born?” or “What was John’s first car?” that are answers to many knowledge-based authentication (KBA) solutions.
With a website like Facebook sharing personal identifiable information (PII) with the rest of the world, financial institutions need to have a customer authentication strategy in place that identifies customers over multiple channels, including the telephone channel. Using powerful, real-time telephone network forensics, the TRUSTID® Physical Caller Authentication solution validates the Caller ID and ANI before the telephone is answered. Within seconds, banking institutions can determine if the call is authentic or identify that it is a spoofed call. At that point, the bank can route the call based on risk to the appropriate contact center agent or IVR for processing.
Either way, leveraging TRUSTID’s effective telephone authentication tool can play an important role in preventing social engineering attempts against today’s banking institutions and achieving optimal efficiency.