Enquiries
+44 (0)20 8336 4900

Customer Support
+44 (0)20 8336 4999
9am to 9pm every day (except Christmas Day)

How do you know that I am REALLY who I claim to be?

Sunday 7th March 2010

Impersonation comes in many forms

Actors, after all, are basically impersonators, in that they are pretending to be someone else.  However, this is perfectly acceptable because we all understand that they are portraying a character purely for entertainment purposes.  On the other hand, impersonation may be used for malicious purposes.  The doorstep caller pretending that "he has come to read the gas/electricity meter", "he needs to check the water pipes", "he is a Council Inspector checking something-or-other" etc etc all fall into this category.  Having gained access, the bogus caller will endeavour to steal any items of value he can find.  Modern variations on this technique include the telephone caller purporting to be from "the Bank" and, on the pretext of some security problem or other, requesting account details and passwords.  The well-known email "phishing" scams use a similar technique.  before the rise in popularity of email, letters were also a popular medium for this type of crime.

There is only one way to be sure that any form of communication, whether by email, telephone or letter, is indeed genuine.  It is to obtain verification from a known and trusted source, not the email address, telephone number or postal address in the communication.  Send an email, make a telephone call or write to a known and trusted destination, not using any of the contact details so thoughtfully provided in the suspect email, telephone call or letter etc. 

Until broadband becaome readily available, remote network access was typically provided by a dial-up modem connection.  In order to increase security, the connection software would normally be configured as
"dial-back".  The network server would answering an incoming call, verify the username and password, then drop the line.  It would then call back the remote user's system at a predefined telephone number.  This ensured that, even if the username and password were to be compromised, no security breach would occur. 

This, of course, is merely the principle of "By default, trust noone", on which all security measures should be founded.