Totally agree that it’s a social problem. But it’s getting worse, not better.
There are hard security rules that you should always follow, for example, never click on links from an unknown sender. In the last five years I’ve noticed a trend of bureaucracies in every institution now want you to violate generally accepted security rules for their own convenience.
For example, I got a text from a new number saying (sic) “we’re your dentist office and we’ve changed over to a new system, please click this link and provide some sensitive PII for us ahead of your visit.” Although I had a dentist appointment coming up in a week, I called their office to confirm the appointment, no one over the phone asked me to do anything different, so I ignored the text.
When I got into the office, the receptionist politely told me that I did not fill out the patient forms ahead of my visit, and that I should have received a text message, and now they had to print the forms, which is a problem for them because they’re trying to go paperless. It was a very polite interaction, but the subtext was that I violated an implied contract with their office to engage regularly with them.
As members of the public, we’re asked to click on links from places we don’t recognize, to support the functioning of bureaucracies. Everyone engages in this behavior. I’ve found financial and insurance companies to be the worst offenders.
Regardless, institutions in authoritative positions are opening up massive avenues for social engineering by requiring the general public to ignore security best practices to interact with them. It succeeds in reducing administrative costs from them, but introduces systemic risk that the public is paying for in the form of security breaches.
Did you try getting your government to prosecute those scammers? I'm always confused by Americans inventing 100 different software ways to try to lockout people from their devices for "security", but noone wonders why exactly this kind of egregious scammage isn't actually punished and money retured?
There are hard security rules that you should always follow, for example, never click on links from an unknown sender. In the last five years I’ve noticed a trend of bureaucracies in every institution now want you to violate generally accepted security rules for their own convenience.
For example, I got a text from a new number saying (sic) “we’re your dentist office and we’ve changed over to a new system, please click this link and provide some sensitive PII for us ahead of your visit.” Although I had a dentist appointment coming up in a week, I called their office to confirm the appointment, no one over the phone asked me to do anything different, so I ignored the text.
When I got into the office, the receptionist politely told me that I did not fill out the patient forms ahead of my visit, and that I should have received a text message, and now they had to print the forms, which is a problem for them because they’re trying to go paperless. It was a very polite interaction, but the subtext was that I violated an implied contract with their office to engage regularly with them.
As members of the public, we’re asked to click on links from places we don’t recognize, to support the functioning of bureaucracies. Everyone engages in this behavior. I’ve found financial and insurance companies to be the worst offenders.
Regardless, institutions in authoritative positions are opening up massive avenues for social engineering by requiring the general public to ignore security best practices to interact with them. It succeeds in reducing administrative costs from them, but introduces systemic risk that the public is paying for in the form of security breaches.