There MUST be some sort of ISO certification for support people.
Giving first line, poorly trained support people access to people's PII and the ability to change passwords is something that needs to be stopped. Social engineers are completely exploiting poorly trained, minimum wage workers for huge gains.
We need to have some sort of ISO certification so that front line support people must hand over any security information to highly trained second-tier staff. If EVERY company used the same subset of information to verify, under the guidance of well-trained staff with a consistent methodology across all companies, and didn't expose various bits and pieces of info (some use last for of SSN, some use credit card info, address, date of birth, etc) then it would extremely hard for social engineers to do hacks like this.
Yes. If there was some uniform standard on how support workers were trained, what data they have access to, then social engineering attacks would drop dramatically. The leaking of data would not be as prevalent and it would be standardized.
Giving first line, poorly trained support people access to people's PII and the ability to change passwords is something that needs to be stopped. Social engineers are completely exploiting poorly trained, minimum wage workers for huge gains.
We need to have some sort of ISO certification so that front line support people must hand over any security information to highly trained second-tier staff. If EVERY company used the same subset of information to verify, under the guidance of well-trained staff with a consistent methodology across all companies, and didn't expose various bits and pieces of info (some use last for of SSN, some use credit card info, address, date of birth, etc) then it would extremely hard for social engineers to do hacks like this.