The Employee Phishing Test

Phishing is where you receive an email that appears to be from a trusted organisation but is designed to get your personal information such as login and password or credit card details.

Q. Would your employees fall for such a phishing email?

Usecure Ltd carry out phishing simulations on behalf of their client companies in order to see what the level of response would be and hence what actions need to be taken.

https://blog.getusecure.com/post/holiday-phishing-simulation

Follow this.

It’s half past four on a Thursday afternoon. You’re getting through your last tasks of the day, when you receive a new email. It has an alluring title:

“Holiday Policy Change – Action Required”

When an email with this title was sent out to the employees of one of Usecure’s clients, 78% of them opened it. The email, however, was a phishing scam: By the end of the day, 39% of the recipients had been duped into giving up their email passwords.

Luckily for the client, the email was only a simulation.

That’s a frighteningly high message open rate and response rate and shows how dangerous phishing emails can be.

Q. What is simulated phishing – and how does it help?

Simulated phishing means sending out ‘fake’ phishing emails. These are often modelled after real-world phishing emails and use similar techniques to catch the target’s attention, but are intended to educate the target on the risks of phishing rather than to trick them into giving up their details.

While training end-users on the risks of phishing and the common telling signs of phishing emails is essential, simulated phishing allows employees to put what they’ve learned into a real-world test. This helps raise awareness about phishing – employees that do fall for simulated phishing are sure to remember how easy it is to fall for a phishing scam – and the results are recorded for you to see how your employees fare in the simulation. This data can then be used to provide additional training and guidance to employees most at risk, helping you secure the organisation.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

The Extent of Robocalls

Robocalls are the automated calls we all get from scammers and spammers – about car accidents we didn’t have, pension investments, PPI, fake lottery wins, cyber currency investments etc.

It is estimated that around 85 billion robocalls were placed last year and that number rises every year.

Why?

Simply, because using computers to dial people and play back a message to them is cheaper than employing criminals to make the calls.

When people are dumb enough to respond as requested e.g. press button 1 then they are put through to a human being in a criminal call centre to push whatever the scam is.

The graph below the countries most affected by worldwide robocalls. (It shows the percentage of calls per country that are robocalls)

(Statistics from Global Robocall Radar).

Is there an answer to this?

No.

It is illegal in the UK for companies to make automatic calls without the recipients permission but most of these companies operate outside of the UK or simply shutdown when the authorities get close.

Always ignore such automated calls – put the phone down and in time they will stop calling.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

How to Check a Financial Web Site is Genuine

Imagine you want to find the best place for your savings or the best place to invest a windfall or the best pension scheme available, for example.

You might go to a professional financial advisor or to your bank or other finance organisation you know.

But if you don’t have the money for an advisor then it might be a case of asking friends and relatives for their opinions or just using a search engine.

However, when you get to searching online, there is a huge number of finance organisations online and many criminals create fake websites that sometimes look exactly like the ones for genuine businesses.

Q. How do you tell which websites are genuine and which are fake?

The starting point is to ignore unsolicited emails, text messages, calls etc. – these are very likely to be fake and should be ignored.

Things to Look For

  1. Check the message and website looking for mistakes
    • Correct URL e.g. Barclays Bank rather than Baclays Bank
    • Use of broken English
    • Simple spelling mistakes or serious grammatical errors
    • The content on the website doesn’t make sense
    • Pictures, diagrams etc. that fit in with the rest of the site and haven’t just been added at random to fill space.

2. Open the Google Transparency Report webpage.

https://transparencyreport.google.com/safe-browsing/search?hl=en_GB

Click the “Search by URL” field in the middle of the page and type in the Internet address for the website you want to check. Google will tell you if it can find anything dodgy about the website.

  1. Check the company on the Companies House website at https://www.gov.uk/get-information-about-a-company
  2. Check for reviews online about the business and check anti-scam websites

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

CLC World Free Holidays

We all remember the Timeshare explosion in the 70s with millions of phone calls, endless adverts and more to entice you into signing up for a Timeshare i.e. to buy a share of a holiday home, typically for one or two weeks per year.

The idea being that only paying for a couple of weeks must be a lot cheaper than buying your own holiday home and maybe cheaper than hotels and villas etc.

But, for whatever reason, Timeshare sellers went for the hard sell but combined it with getting people into a situation where they found it difficult to say no. They often gave people a free evening somewhere nice or even free holidays in sunshine resorts. However, the pressure to buy was relentless and many people ended up buying a timeshare just to stop the salesmen bothering them.

That all came to an end as the publicity over high pressure selling and the ability for people to cancel within 14 days according to law made it less profitable for the sellers.

But they didn’t go away completely and CLC (Club la Costa) are sending out mass emails and making phone calls to tell people they have won a free holiday. This is the Timeshare scam.

To claim your free holiday, you and your partner must agree to attend a 90 minute presentation (probably 2 hours or longer) at a CLC World Travel Centre in the UK.

You pay a £90 deposit up front to guarantee your attendance (which will be refunded when you have attended the full session). After attending, they offer you a free week of accommodation at one of their holiday sites, sometimes plus a voucher for Marks & Spencer or other high street chain, for about £50.

At the presentation they may offer a one to three year ‘trial’ but with destinations and dates. If you do commit to a long term membership, you’re likely to find that school holiday dates will have to be booked years in advance and the holidays you want simply aren’t available to be booked. Many people admit they felt bullied into signing up and then immediately cancel when they get home.

Is It a Free Holiday?

Yes. But you have to pay for your own flights, food, insurance etc. You will have to be very flexible – you may not get to travel on the dates, to the location or from the airport that is convenient for you.

During your free week’s holiday you must attend a resort tour and presentation (if you don’t, you will be charged for the accommodation. The presentation is again high pressure and they want everyone to sign up.

There are reviews of dealing with CLC and going on their ‘free’ holidays’ available on Money Saving Expert and TripAdvisor.

e.g. 1 I went on a CLC trip to Tenerife. Had to pay own flights and transfers. We had to go to the presentation for about 6 hours and it was very boring and wasted a day of the holiday. Other than that we got a nice apartment and weren’t given any hassle. If you can get cheap flights and don’t mind one very boring day then it’s ok for a cheap holiday.

e.g.2 If you’ve signed, got a few thousand on credit to pay, you go home. You then read every thing and find they never told you that you also pay £400 a year for fees.

Maybe a Timeshare suits you so why not take advantage of the free taster holiday. But for most people it’s too restrictive and too expensive when all costs are added up.

Plus, although they promise you that selling a Timeshare is easy – hundreds of thousands of people have found that it’s virtually impossible to do and that makes the Timeshare worthless.

If you have any experiences with Timeshare sellers – do let me know, by email.

Fightback Ninja Signature