Thursday, September 06, 2007

Early morning kvetch

In response to an enquiry regarding my wireless account, I received the following from my provider

Dear Paul Madsen,

Thank you for taking the time to write to us, we appreciate your use of online customer service.

In your recent email, you have informed us that you would like to know when your current commitment expires.

We do apologize but we are unable to locate your account with the
information provided. To answer your question more precisely please reply to this e-mail with your account/wireless number, date of birth and full billing address including the postal code. Please note if there is a password on your account you will need to provide it or we will not be able to access your account. Once we are able to locate and access your account and provide you with the information requested. We will reply within 24 hours.

Some phisher either lucked out on timing, or Rogers is incredibly blind & obtuse on the issue of identity theft.

My response

Dear Rogers,

Thank you for taking the time to canvass me to send personal information & account details over an insecure network to a possibly malicious email address.

I will NOT be sending my personal information and account password over email.

I am surprised and disappointed that, in today's reality of ID theft, Rogers would encourage me to do so. Had I not actually sent the enquiry about my existing account, I would have automatically categorized this mail as a phishing attempt.

I read with interest https://www.shoprogers.com/store/cable/email_fraud.asp. Perhaps Rogers should alert its customers that they themselves will occasionally send emails with some of the patterns associated with a phish.

I have cc'd Rogers Privacy Officer in order to hilite for that office this unacceptable privacy & security practice.

No comments: