January 11, 2006

Security through incorrect passwords

Posted in misc at 7:51 am by lugnuthorsefly

A couple of months back my wife was rung up by someone from her mobile phone provider offering her a free handset upgrade by virtue of being a long-time customer.

In order to confirm her identity etc. they asked her to provide the password she uses to confirm her identity when she rings them. Fair enough, I suppose – wouldn’t want to send a free handset to some imposter (hey – it could happen).

It only occurred to me afterwards that this could have been an elaborate sting in order to harvest people’s passwords and account details with the prospect of free goodies as bait.

It wasn’t, but an easy way to tell if it was would be to initially provide an incorrect password when asked. A fraudster wouldn’t know you’d given them the wrong password. If the person on the other end of the line starts complaining then there’s a good chance they’re legit.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: