January 24, 2019

Thank You for Your Assistance – WST

A nice young man approaches you in the lobby and says he is interested in your bank’s services.  After explaining to him the features of checking accounts and answering questions about where ATMs are located, he thanks you for your time and assistance and asks one last thing: “Could you go to a website for me and see what their business hours are please?  I need to stop there next and I am not sure if they are open.”  You’ve never heard of the company or website the man is indicating, so what would you do?

Ask yourself a different question: “Is the risk the same as clicking on a link in an email?”  In this case, the answer is “yes.”  The request may be legitimate and innocent, or, the man may have other intentions.  If you type in the website (or URL) that he provides it is truly no different than clicking on a link within an email, and maybe worse since it avoids the security controls that likely exist on your email system.

So how can you provide good customer service without putting your bank at risk?  You could instead go to Google Maps and look up the company name in the search field, and if it exists there is a good chance there will be information about the business, including business hours.  Or, you could go to your favorite search engine site (Google.com, Bing.com, DuckDuckGo.com, etc.) and enter the name of the company and see if information is available.  In short, do searches for the information but do NOT go to the website the customer provides.

You can be helpful and provide good customer service, but no matter how innocent the person appears you should not visit the website address they provide.  Otherwise, you may find you have “clicked on” a human phishing email.

Past Weekly Security Tips – WST