Recently I needed to call the FedLoan support line to discuss the terms of my repayment. Big surprise, I know. I have student loan debt. I’m one of the many. However, that’s not the point of this article. The point is what I discovered when I called.
The man on the other end was more helpful than I could have ever hoped for. He was surprisingly nice and made it very easy to verify my identity over the phone. Too easy. Usually companies ask you for your name, address, phone number and all identification points they have to verify and update.
Instead, this man repeated them back to me to verify. I had simply entered my account number, which can be found if my records were hacked in a variety of ways, into the automated system. Then I only told him my name.
After he heard my name, the man repeated back to me my physical address, phone number and email address. My heart dropped. What if I’d been someone else vishing for more information on a person, like where they lived or their cell phone number to track via GPS? I felt like my physical and financial security were never really there.
What is Vishing?
Vishing is the vocal version of phishing. It’s voice elicitation. Generally vishing is used to compromise an organization or business. It’s a low budget, easy to use way of gaining information without ever needing to hack any electronic system. It can also be used to gain information about an individual, should someone have a stalker or a jilted relationship of some kind.
Until I began working in this industry, I had no idea vishing even existed. Once I learned about social engineering and vishing, I realized how many times my personal information had been compromised. The only companies to ever fully protect my info had been my health insurance company and my cell phone provider, although that wasn’t always the case. My cell phone company only recently started to have elaborate phone security protocols.
Even if I hadn’t entered my account number on the automated portion of the FedLoan call, would the man have known not to repeat my personal details? For some reason, I think he would not.
How do You Protect Yourself?
Unfortunately, there is not much you can do about company policies except make a formal complaint when you feel their security is too lax. However, you can develop a security posture to apply to your own life. Even if a company has wonderful policies that do protect your information, someone could always call you with false motives. In this case, they’d call with a ruse and ask you for your own personal information. Whatever the case may be, there are some things we can all do to protect ourselves and our identities.
The main idea is to create a mindset that will ensure the safety of both your personal information and your psychical being. In our article on overthinking and situational awareness, we established that “overthinking” is actually a good first step.
I asked our team expert on social engineering and intelligent communication for a little input on this topic. He said,
“When I was active in the intelligence/
It Starts with “Overthinking”
It takes some effort, but protecting yourself from identity theft and other threats really does require a bit more thinking than the average person would like to do.
[Tweet “Protecting yourself from identity theft and other threats really does require a bit more thinking.”]Begin to consciously take note of your surroundings, including people and their interests in your information. There are a lot of harmful tactics out there, including social engineering, elicitation, vishing and a variety of other dangers in this world that most people are generally unaware of. It seems like a lot of effort, but develop an awareness of the information you leave laying around, what you choose to tell people and who you tell it to.