It is all too easy for call-centre workers or HR professionals to forget to confirm the identities of callers before handing over sensitive information. Attackers may pretend to be customers requesting their own personal information, for example, a common tactic that employees should be made aware of.











