“Could you give me the answer to your secret question?”

In the past couple of weeks I have been contacted by companies I do business with.  The first was 24 Hour Fitness.  The second was Sprint.  In both cases, I could not really tell if they were legit telephone calls.  I’m pretty sure they were, but in both cases there were concerns raised that I think we should all be well aware of.

Let me start with the call from Sprint today.  I was already on a phone call when the call waiting beeps.  I look at the caller ID and it says TOLL FREE CALL and the telephone number.  I am wrapping my call so I click over to see who the latest “DO NOT CALL LIST” lawbreaker is.  The nice lady on the other end says something like, “Is this the Sprint/Nextel business customer?”  Odd I thought.  I replied we have three Sprint accounts and who is she looking for?  She then says my first name.  Not my full name.  Not my middle name which is the one I go by.  I reply, “Speaking.”  She then informs me she would like to ask me some questions.  I informed her I didn’t know if I would answer any.

The next question was, “Could you give me the answer to your secret question? ”  I just about fell out of my chair.  I told her I am definitely not answering that.  I informed her I didn’t know her from Adam and that I am not about to answer any more questions along these lines.  She tells me I can contact her at a telephone number.  I inform her that proves nothing.  I then inform her my account is fine and billing me correctly, my Sprint website ID works fine, and my Sprint phone works to my satisfaction.  She responds that is all she really is calling about so we conclude the call. 

Legit or not?

The 24 Hour Fitness call wasn’t much different.  They start off the call asking me questions to try and figure out if they have the right person.  The problem is that right away in that call they indicate my credit card isn’t working and want to know if I would like them to renew my membership with a different credit card number.  Ha!  Yea, I’ll be happy to give an unknown person in some part of the world my credit card and authorize a charge.

Not happening.  I simply couldn’t believe in this day and age companies are outsourcing their customer service operations and allowing question like this to take place without proper security measures.  But what is the proper way to handle this?  I’m inclined to think that most customers are pretty aware of their account status and renewal periods and will take measures to fix things.  I certainly did.

Social Engineering

This is exactly the type of social engineering that real criminals use.  In both cases there is no way for me to know for sure the person on the other end is legitimately working for the company they claim to work for. Reminder: don’t give out your personal information. 

Even if you think the call is legit, what purpose does it serve?  Let’s recap.  In both cases my account is in good standing and I am satisfied with the services I am purchasing.  So the phone calls are interrupting a current customer to what, offer me a discount?  Why is it we never get those calls?

Ok, off my soapbox.  I just wanted to remind everyone to please teach your family and friends what to look for and what not to say.  I know you folks are probably already the CTO’s of your family, friend’s family’s and whole neighborhoods or regions.  Security is still important.  Keep reminding people you care about.