Integrating notification practices with digital messaging (and other forms of social media) is receiving growing interest from emergency managers. However, a recent text-messaging scam highlights security and authentication problems associated with notifying the public through these means.
Officials in Nampa, Idaho are warning citizens about a text-messaging scam currently circulating in the area. Citizens receive an apparent "emergency notification" concerning their bank account, along with a callback number. When citizens call the number, they are solicited for detailed account information, or charged exorbitant fees for making the call itself.
It is not clear how criminals are obtaining cellular numbers to target residents, but they are apparently targeting specific banks--Mountain Gem Credit Union in this case.
The situation has implications for the alerts and warnings industry. Citizens face similar challenges in verifying whether or not an ENS message actually originated from public safety officials. It would not be difficult to imagine scammers or "hackers" mimicking a public warning for personal gain or for simple maliciousness.
We, as an industry, need to consider options for encryption, decryption and authentication of messages so the public can be certain information received is legitimate. A quick search of applications and patents show encryption solutions are available for email, SMS, SMS-CB and MMS-type messages (we'll talk more about the latter two message technologies in the future). We need integration with and further development of these applications.
As the "bad guys" get more sophisticated, so must our alerts and warnings methods. Security and authentication should be high on the list of concerns as technologies are pushed to their limits.
What do you think? What are you doing to secure and authenticate your public alerts? We'd love to hear from you.
All the best,
-Lorin
To receive a comprehensive white paper: "Notifications Alerts & Warnings, The Next Generation" go to http://galainsolutions.com/resources.html.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment