The Weak Link

Weak Link

You’re cautious. You use long, complicated passwords. You never click on links from sources you are unfamiliar with. You never respond to suspicious emails. You don’t reuse passwords and even use 2-factor authentication for your online accounts when it’s available.
No fraudster is going to break through your defenses and steal your personal information!

But what if the weak link in your security is someone else, someone who legitimately has access to much of your vital account information? Someone who’s just trying to help.

An organization’s customer service department can sometimes be the weakest link in your security.

It might happen something like this:

The fraudster calls Acme Production, from which you’ve just ordered a gizmo. Using information that they’ve gathered from your Facebook account (full name, city where you live, employer, etc.), they claim that there’s been a mistake in the order and it’s headed to the wrong place. They ask to double check the shipping address and provide a made up address but from the same city/zip as your real address. When it’s confirmed that this isn’t correct, they get the customer service rep to provide them with the address where the gizmo is headed (your real address, which they now have to use as authentication for other services – think how many phone conversations you have with businesses, doctors, etc. who use your address as a primary form of identification). Then, through some smooth talking (maybe they even play a recording of a crying baby in the background to add tension and pressure the customer service rep to hurry), they get the rep to send them an invoice for the purchase. Now they have the last four digits of your credit card as well.

And so on. Sound far fetched? Not at all. Here’s one real life example: How Amazon Customer Service was the Weak Link that Spilled My Data. Here’s another: We Take Your Privacy and Security. Seriously.

So how does PSMail’s customer service guard against being the “weak link” in your security?

First, PSMail will never hand out password information or even reset a password, unless you specifically confirm it. And since we only provide password information to a registered email or phone number (that you’ve given us) or in lieu of a payment receipt (that only you have access to), scammers are prevented from impersonating you from an outside source. Further, almost all of our customer service communication is done via email which prevents many of the social engineering tactics used by fraudsters (see here for examples).

In addition to these defensive measures, our customer service department can also take positive action to protect you. Our system automatically creates a helpdesk request to flag an account that is showing unusual activity (such as repeated password failures or a login from an unknown or unseen location). Our customer service representatives can then check with you to make sure these activities aren’t signs of fraudulent activity.

In today’s cyber driven world, PSMail believes that good customer service is integral to the secure communication services we offer. At every turn, whether it be technical details or person-to-person interactions, we want to make sure you are covered with the best possible support and security we can offer.

Have questions? Well…our customer service representatives are ready to answer!

The Weak Link