Posted: 22nd Feb, 2008 By: MarkJ
The Guardian journalist Scott Colvey has criticised
Virgin Media for calling customers to request personal details, including passwords and home addresses. Most businesses, especially banks, will NEVER call to request such information because it could easily be exploited by fraudsters.
Naturally if you call them it's a different matter because hopefully you've used a pre-identified and legitimate number as the contact source, such as from the top of a bill. In those situations you may be required to answer such questions but not the other way around:
The company says that it has indeed been calling customers and asking them to confirm their identities by giving up their passwords and home addresses in order to comply with the Data Protection Act. Which, of course, is the kind of thing a company says when it doesn't have a proper grasp of Data Protection Act compliance.
So what's going on? If you're a
Virgin Media customer then you may recently have received a call from someone claiming to be a
Virgin Media employee conducting a customer services review on behalf of the company. So far, so believable. Then, this unexpected caller will have asked you to confirm your identity by revealing your password. Or your home address. Or both. How do we know? They called me.
At this point, your identity-theft alarm bell may have sounded at the possibility that you were being phone-phished, socially engineered or otherwise being taken for a berk by someone from Nigeria with 419 similar calls already under their belt. Ringing up and asking for such details is a classic scam.
Virgin Media claims that many major organisations call customers and ask them to confirm their passwords as part of Data Protection Act compliance procedures, citing NatWest as an example; something NatWest denies.
The best advice is to follow common sense and simply ignore such calls and refuse to give the requested information; if in doubt you can always call them back using a legitimate contact number.