Tell me the 6 digit number that you have just received on your mobile phone
“Tell me the 6 digit number you have just received on your mobile phone”
Any time if someone asks you; just say “No”
Your bank account may show zero balance just after sharing the 6 digit number, if that is not the case, then be prepared for something worse.
The job of social engineers is getting easy with increasing value-added services offered electronically and where mobile phones are being used as an authentication device and that’s it. Social engineering is the psychological manipulation of people into performing actions or divulging confidential information and people innocently divulging their critical information to help others or gain some benefits.
Corporates that are providing multifactor authentication to their customers pretend that their customers are safe, though their customers are not trained to not to disclose their confidential data and continue to lose their lifelong savings by providing OTP (the one time pin or on time password) to strangers on just a phone call.
I have reviewed the authentication and online transaction processes of many Internet banking websites. My neighbor recently lost all the money from her bank account and the internet-banking website involved was the one I found with the strongest security controls compare to the other websites.
Was it the bank’s fault or the victim’s who provided all the critical information along with OTP to the hackers. Just like her, many of the victims are not aware of social engineering tactics because they are not trained to handle internet banking; even not trained for their online presence. The pretexting and quid pro quo attacks are the common tricks that one can learn without being a victim first. All we need to create awareness before the damage.
The service activation processes may demand fundamental knowledge about information security and privacy. The corporates can provide a link to online training videos to watch before signing the service activation request.
Messages with OTP should start with “DO NOT SHARE” to remind valued customers the criticality of the OTP and a few related measures can save people and make the internet a safe place to be. Providing awareness is as important as implementing high-tech security controls and security teams mostly overlook end-user awareness. “Be Aware – Be Safe”