Can I get your Username and Password ?

A while back, I got a call from someone claiming to be from a major benefits provider and said “Hello Sir. We noticed that you have a security flag on your account. Could you please give us your username and password to reset the flag.?”

“Wow!” I almost yelled in excitement “A real live telephone scammer!” I quickly noted the possibly-fake telephone number (yeah – Nitesh alerted me about a long time ago!) and attempted to get a number where I could call him back. Surprisingly – he was fine with letting me call him back at the number list on my callerID – and he told me to ask for helpdesk/customerservice/security desk something.. I forget.. I said “Sure – Let me call you right back”.

I quickly looked up the benefit provider’s number on the internet intending to alert them of this scam – guess what ? It was the same number. I called that number and explained that they probably have a scammer on the inside asking for userids and passwords – On explaining in detail what happened – the girl at the other end was perplexed on how I could jump to that conclusion and exclaimed that that was the only way they could clear these security flags. They login as the user and clear it out. !!!

So much for expecting a little security from a company that was managing my 401k, pension plan and other benefits!

*** This is a Security Bloggers Network syndicated blog from Security Coin authored by Unknown. Read the original post at: