top | item 7477539

(no title)

mantrax3 | 12 years ago

In a nutshell, social engineering can be countered by proper software & processes engineering.

So if social engineering is possible, blame the software architects.

Maybe in extreme cases changing the email of an account might be needed, but there's no excuse a first level rep was able to do it. Least thing, he/she should've been forced by the system to escalate to someone above her, who has a much lesser chance to screw up.

discuss

danielweber|12 years ago

They didn't say it was first-level rep. Maybe the rep passed it up the chain.

This was a pretty weak request, though. This one should have been pretty easy to at least make some attempt to verify.

But as a human being I can verify how hard it is to not help the person crying on the other end of the phone because they need help RIGHT NOW. This didn't get to that level, but if you are designing a recovery process, you really need to think about how you handle that situation, and make sure the people making the call have the guts to say "I'm sorry but we need to do this one by the book."