If law enforcement is anonymous, then anyone anonymous is law enforcement.
I’ve had security discussions with people who should know better about similar stuff. When someone calls me, I have no idea if it’s you. Caller ID is insanely easy to spoof. I’ve had banks call me and demand I identify myself to them; how about you prove to me that you are who you say you are before I start handing out my personal information?
Interestingly, they don’t seem to get it. They just go “I’m from xyz bank” yeah… You say that… How do I know you’re not lying? “I’m not lying, I’m calling from xyz bank”
Dur. We go around a few times with this before they give up.
I usually call my bank using the number on the back of my card, then ask that person if I was called and why.
Now you want me to take it… On faith, and the word of the person who is concealing their identity, that they are who they say they are?
This is the entire fucking reason that LEOs carry badges. It’s so that the public can verify that they’re talking to someone who actually is who they say they are.
Anything less is just asking for people to impersonate a LEO or ICE agent in this case.
That’s piss poor performance from the bank. They obviously need a security audit.
My bank will sometimes call me if they want something, but it’s always just a voice message telling me to call the number on my card. They don’t even provide the number on the phone message, just to get the idea into people’s heads that they don’t provide phone numbers on the message so if a number starts being provided on the call, it’s immediately suspicious.
I told them as much. I spoke to a manager about it once on a call and I’m like, how the hell do I know you’re actually the bank? You’ve given me nothing. Then you’re asking for my uniquely identifying personal information via a voice prompt. Literally anyone could spoof all of this and you’re training your clients to just hand over the information when asked, not even by a person, but by a robocall.
Yeah, I got another a few months later, same shit.
I feel bad for the customers of that bank. They’re not my primary bank so I couldn’t give a shit. I’m also security focused enough to know better.
It’s simple.
If law enforcement is anonymous, then anyone anonymous is law enforcement.
I’ve had security discussions with people who should know better about similar stuff. When someone calls me, I have no idea if it’s you. Caller ID is insanely easy to spoof. I’ve had banks call me and demand I identify myself to them; how about you prove to me that you are who you say you are before I start handing out my personal information?
Interestingly, they don’t seem to get it. They just go “I’m from xyz bank” yeah… You say that… How do I know you’re not lying? “I’m not lying, I’m calling from xyz bank”
Dur. We go around a few times with this before they give up.
I usually call my bank using the number on the back of my card, then ask that person if I was called and why.
Now you want me to take it… On faith, and the word of the person who is concealing their identity, that they are who they say they are?
This is the entire fucking reason that LEOs carry badges. It’s so that the public can verify that they’re talking to someone who actually is who they say they are.
Anything less is just asking for people to impersonate a LEO or ICE agent in this case.
That’s piss poor performance from the bank. They obviously need a security audit.
My bank will sometimes call me if they want something, but it’s always just a voice message telling me to call the number on my card. They don’t even provide the number on the phone message, just to get the idea into people’s heads that they don’t provide phone numbers on the message so if a number starts being provided on the call, it’s immediately suspicious.
I told them as much. I spoke to a manager about it once on a call and I’m like, how the hell do I know you’re actually the bank? You’ve given me nothing. Then you’re asking for my uniquely identifying personal information via a voice prompt. Literally anyone could spoof all of this and you’re training your clients to just hand over the information when asked, not even by a person, but by a robocall.
Yeah, I got another a few months later, same shit.
I feel bad for the customers of that bank. They’re not my primary bank so I couldn’t give a shit. I’m also security focused enough to know better.