Youāre cautious. You use long, complicated passwords. You never click on links from sources you are unfamiliar with. You never respond to suspicious emails. You donāt reuse passwords and even use 2-factor authentication for your online accounts when itās available.
No fraudster is going to break through your defenses and stealĀ yourĀ personal information!
But what if the weak link in your security isĀ someone else, someone who legitimately has access to much of your vital account information? Someone whoās just trying to help.
An organizationās customer service department can sometimes be the weakest link in your security.
It might happen something like this:
The fraudster calls Acme Production, from which youāve just ordered a gizmo. Using information that theyāve gathered from your Facebook account (full name, city where you live, employer, etc.), they claim that thereās been a mistake in the order and itās headed to the wrong place. They ask to double check the shipping address and provide a made up address but from the same city/zip as your real address. When itās confirmed that this isnāt correct, they get the customer service rep to provide them with the address where the gizmo is headed (your real address, which they now have to use as authentication for other services – think how many phone conversations you have with businesses, doctors, etc. who use your address as a primary form of identification). Then, through some smooth talking (maybe they even play a recording of a crying baby in the background to add tension and pressure the customer service rep to hurry), they get the rep to send them an invoice for the purchase. Now they have the last four digits of your credit card as well.
And so on. Sound far fetched? Not at all. Hereās one real life example: How Amazon Customer Service was the Weak Link that Spilled My Data. Hereās another:Ā We Take Your Privacy and Security. Seriously.
So how doesĀ PSMailās customer service guard against being the āweak linkā in your security?
First, PSMail will never hand out password information or even reset a password, unless you specifically confirm it. And since we only provide password information toĀ a registered email or phone number (that youāve given us) or in lieu ofĀ a payment receipt (that only you have access to), scammers are prevented from impersonating you from an outside source. Further, almost all of our customer service communication is done via email which prevents many of the social engineering tactics used by fraudsters (see here for examples).
In addition to these defensive measures, our customer service department can also take positive action to protect you. Our system automatically creates a helpdesk request to flag an account that is showing unusual activity (such as repeated password failures or a login from an unknown or unseen location). Our customer service representativesĀ can then check with you to make sure these activities arenāt signs of fraudulent activity.
In today’s cyber driven world, PSMail believes that good customer service is integral to the secure communication services we offer. At every turn, whether it be technical details or person-to-person interactions, we want to make sure you are covered with the best possible support and security we can offer.
Have questions? Well…our customer service representatives are ready to answer!