Zimbos are a pretty relaxed bunch when it comes to guarding our privacy on the internet. I got a gentle and unwelcome reminder of that a few hours ago.
What happened?
A ZOL staffer or someone with access to an official ZOL support line initiated a call to one of my colleagues. On the call, they requested that my colleague send a copy of her ID as the ISP was collecting the data to ensure that the account details are correct on behalf of POTRAZ
More peculiar was the fact that this ZOL employee requested that the copy of the ID be sent on WhatsApp to a personal number – this sent alarm bells ringing for us here at Techzim.
Another thing that raised eyebrows is the fact that POTRAZ doesn’t regulate internet service providers (ISPs) such as ZOL but instead regulates IAPs (think Liquid). So why would ZOL be collecting this information for POTRAZ?
I got in touch with both POTRAZ and ZOL representatives to confirm whether or not this so-called data collection exercise is actually taking place.
POTRAZ reps we spoke to denied that such an exercise is taking place whilst ZOL is yet to respond to request for comment.
Update: ZOL confirmed that this exercise was indeed being conducted internally.
What’s the issue here?
If ZOL did actually choose to use this method to collect data for their own purposes there are two issues. First of all, they lied and said they’re collecting the data on behalf of POTRAZ which doesn’t seem to be the case.
Secondly, collecting data in this way desensitizes customers to following proper security procedures. If a phishing attack is then initiated and customers are asked to send data to irregular and personal channels, they will do so willingly because that’s what they’ve become accustomed to.
If you get a call from a ZOL number and a ZOL staffer asking you to send personal information to a private WhatsApp number or to share identifying information over the phone it might not be in your best interests to do so.
What’s your take? Cancel reply