Skip to main content
All CollectionsQuickstart
Customer Facing Communication - Adopting the Traceless Security Platform
Customer Facing Communication - Adopting the Traceless Security Platform

Tell your customers you are committing to securing their data with Traceless

G
Written by Gene Reich
Updated over 5 months ago

Hello!

On [determined date] we will start utilizing a new security platform called Traceless. We will use this to send all sensitive data to you and your team members. We will also be using this system to verify your identity when you make support requests to [Company Name].

We are very excited for these changes and look forward to providing a safer and better support experience for your technology here at [Company Name].

In general, to protect against phishing it's important to be cautious when responding to unsolicited requests for personal or sensitive information, to verify the identity of the person or organization making the request through independent means, and to use secure channels for communication.

Two new steps will take place when interacting with the support team now that we use Traceless.

  1. You will recieve "Traceless" links that allow us to send you sensitive data like passwords, in a manner that leaves nothing behind in email, chat, or our management system. When you receive a Trace (Traceless Link), the URL will have traceless.io in it.
    ​
    Here is an example Trace:
    ​https://traceless.io/retrieve/rckmjeco2zg78kg4jpie7upvq91lfl8
    ​
    Please note that each link has a time limit before it expires. Once it expires or is viewed (whichever comes first), the data will be removed from our systems, thus ensuring that your sensitive information is never stored anywhere it shouldn't be like email.
    ​

  2. You will receive push notifications to verify your identity when requesting support from us. These may take the form of an email, SMS notification or Duo or Microsoft Authenticattor Push notification. We will review with you beforehand so you know what to expect. Please remember that we will never request sensitive data over the phone that you do not expect.

Other things to note:

  1. We will not be saving your account passwords in our systems so please make sure to take note (not a Stickie Note!)

  2. If you need help with storing multiple account passwords securely, please inquire to speak further about password management best practices.

  3. You can only view the data in the links one time so please take note.

If you have any questions about this upcoming transition, please let us know at support@companyname.com.

Finally, you might be asking yourself why we are taking these steps. Traditionally, phishing scams target individuals. Often trying to convince the victim that the scammer is a part of a support desk, or IT Staff that needs to upgrade something on the victim's computer.

In the last few years, threat actors have started attacking from the opposite direction. When an IT Team or a Managed Service Provider receives a call or email from a client needing help, that call is often routed to a dispatcher or level 1 technician, who is responsible for understanding how to direct support. Many times this person will not have an easy way to verify the identity of the person calling.

From this point, if an attacker is persuasive or pushy enough, they can convince the support staff to provide credentials or reset a password, leading to an account takeover and eventually a breach of your companies data.

We are stopping these attacks in their tracks by adopting tools to help prevent your accounts from being taken over and your data from being stolen.

Did this answer your question?