|A project to make businesses more aware of their
customer experience, and how to fix it. By Mark Hurst.
|About Mark Hurst||Mark's Gel Conference||New York Times Story on This Is Broken||Newsletter: Subscribe||RSS Feed|
Search this site:
- Current Affairs
- Customer Service
- Food and Drink
- Just for Fun
- Not broken
- Product Design
December 27, 2005 12:03 AM
Broken: Orange Mobile customer call
I had a call on my mobile phone from a lady claiming to be from Orange, my mobile phone service provider here in the UK, who told me that my contract was about to expire. She then asked me for my password. Alarm bells instantly went off in my head, so I told her (truthfully as it happens) that I didn't know my password. Then, she asked for my postcode instead.
At this point I was pretty sure this was a social engineering attack, so I started to quiz her about why she needed the information. She said it was for a "security check." I told her I was uncomfortable giving out personal information to a cold caller over the phone. Then, she told me that it was nothing to worry about because it was all covered by "the data protection act."
I said that I would rather conduct my business in an Orange shop, and she told me that she would have to put a mark on my record that indicated I had failed a security check. I interpreted this as a threat, which convinced me that the call was an attempted con. I asked for her name and ended the call.
I e-mailed Orange customer support via their website with details of the call and the number it came from. I then received their reply - and it turns out that the call was really from Orange!
Banks and other online services have learned to repeatedly tell their customers that they will never contact them and ask for their account information like a password. Orange are leaving themselves wide open to social engineering attacks. This incredible lack of attention to basic security has given me serious second thoughts about trusting them with my business at all.
Comments on this entry are closed