I've heard of this happening from time to time but I've never experienced it myself until just now... I received a telephone call from a Bank with whom I have an account - they asked me to tell them two digits from my security code so that they could authenticate me. I refused to do so as I had no way of verifying THEIR identity. It just made me wonder how often such requests are made and how many people (outside the security industry) freely divulged such information without question?
Social engineering IMHO is the oldest form of hacking and is likely to remain so. How can we ensure that our friends family and customers are aware of how to protect themselves from such attacks?
Initiatives such as GetSafeOnline aim to increase the level of security awareness of the general public. What can we do above and beyond existing schemes to get the word out to those at risk?