The Employee Phishing Test

Phishing is where you receive an email that appears to be from a trusted organisation but is designed to get your personal information such as login and password or credit card details.

Q. Would your employees fall for such a phishing email?

Usecure Ltd carry out phishing simulations on behalf of their client companies in order to see what the level of response would be and hence what actions need to be taken.

https://blog.getusecure.com/post/holiday-phishing-simulation

Follow this.

It’s half past four on a Thursday afternoon. You’re getting through your last tasks of the day, when you receive a new email. It has an alluring title:

“Holiday Policy Change – Action Required”

When an email with this title was sent out to the employees of one of Usecure’s clients, 78% of them opened it. The email, however, was a phishing scam: By the end of the day, 39% of the recipients had been duped into giving up their email passwords.

Luckily for the client, the email was only a simulation.

That’s a frighteningly high message open rate and response rate and shows how dangerous phishing emails can be.

Q. What is simulated phishing – and how does it help?

Simulated phishing means sending out ‘fake’ phishing emails. These are often modelled after real-world phishing emails and use similar techniques to catch the target’s attention, but are intended to educate the target on the risks of phishing rather than to trick them into giving up their details.

While training end-users on the risks of phishing and the common telling signs of phishing emails is essential, simulated phishing allows employees to put what they’ve learned into a real-world test. This helps raise awareness about phishing – employees that do fall for simulated phishing are sure to remember how easy it is to fall for a phishing scam – and the results are recorded for you to see how your employees fare in the simulation. This data can then be used to provide additional training and guidance to employees most at risk, helping you secure the organisation.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 21, 2019

The Extent of Robocalls

Robocalls are the automated calls we all get from scammers and spammers – about car accidents we didn’t have, pension investments, PPI, fake lottery wins, cyber currency investments etc.

It is estimated that around 85 billion robocalls were placed last year and that number rises every year.

Why?

Simply, because using computers to dial people and play back a message to them is cheaper than employing criminals to make the calls.

When people are dumb enough to respond as requested e.g. press button 1 then they are put through to a human being in a criminal call centre to push whatever the scam is.

The graph below the countries most affected by worldwide robocalls. (It shows the percentage of calls per country that are robocalls)

(Statistics from Global Robocall Radar).

Is there an answer to this?

No.

It is illegal in the UK for companies to make automatic calls without the recipients permission but most of these companies operate outside of the UK or simply shutdown when the authorities get close.

Always ignore such automated calls – put the phone down and in time they will stop calling.

Do you have an opinion on this matter? Please comment in the box below.

November 20, 2019

How to Check a Financial Web Site is Genuine

Imagine you want to find the best place for your savings or the best place to invest a windfall or the best pension scheme available, for example.

You might go to a professional financial advisor or to your bank or other finance organisation you know.

But if you don’t have the money for an advisor then it might be a case of asking friends and relatives for their opinions or just using a search engine.

However, when you get to searching online, there is a huge number of finance organisations online and many criminals create fake websites that sometimes look exactly like the ones for genuine businesses.

Q. How do you tell which websites are genuine and which are fake?

The starting point is to ignore unsolicited emails, text messages, calls etc. – these are very likely to be fake and should be ignored.

Things to Look For

Check the message and website looking for mistakes
- Correct URL e.g. Barclays Bank rather than Baclays Bank
- Use of broken English
- Simple spelling mistakes or serious grammatical errors
- The content on the website doesn’t make sense
- Pictures, diagrams etc. that fit in with the rest of the site and haven’t just been added at random to fill space.

2. Open the Google Transparency Report webpage.

https://transparencyreport.google.com/safe-browsing/search?hl=en_GB

Click the “Search by URL” field in the middle of the page and type in the Internet address for the website you want to check. Google will tell you if it can find anything dodgy about the website.

Check the company on the Companies House website at https://www.gov.uk/get-information-about-a-company
Check for reviews online about the business and check anti-scam websites

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 18, 2019

CLC World Free Holidays

We all remember the Timeshare explosion in the 70s with millions of phone calls, endless adverts and more to entice you into signing up for a Timeshare i.e. to buy a share of a holiday home, typically for one or two weeks per year.

The idea being that only paying for a couple of weeks must be a lot cheaper than buying your own holiday home and maybe cheaper than hotels and villas etc.

But, for whatever reason, Timeshare sellers went for the hard sell but combined it with getting people into a situation where they found it difficult to say no. They often gave people a free evening somewhere nice or even free holidays in sunshine resorts. However, the pressure to buy was relentless and many people ended up buying a timeshare just to stop the salesmen bothering them.

That all came to an end as the publicity over high pressure selling and the ability for people to cancel within 14 days according to law made it less profitable for the sellers.

But they didn’t go away completely and CLC (Club la Costa) are sending out mass emails and making phone calls to tell people they have won a free holiday. This is the Timeshare scam.

To claim your free holiday, you and your partner must agree to attend a 90 minute presentation (probably 2 hours or longer) at a CLC World Travel Centre in the UK.

You pay a £90 deposit up front to guarantee your attendance (which will be refunded when you have attended the full session). After attending, they offer you a free week of accommodation at one of their holiday sites, sometimes plus a voucher for Marks & Spencer or other high street chain, for about £50.

At the presentation they may offer a one to three year ‘trial’ but with destinations and dates. If you do commit to a long term membership, you’re likely to find that school holiday dates will have to be booked years in advance and the holidays you want simply aren’t available to be booked. Many people admit they felt bullied into signing up and then immediately cancel when they get home.

Is It a Free Holiday?

Yes. But you have to pay for your own flights, food, insurance etc. You will have to be very flexible – you may not get to travel on the dates, to the location or from the airport that is convenient for you.

During your free week’s holiday you must attend a resort tour and presentation (if you don’t, you will be charged for the accommodation. The presentation is again high pressure and they want everyone to sign up.

There are reviews of dealing with CLC and going on their ‘free’ holidays’ available on Money Saving Expert and TripAdvisor.

e.g. 1 I went on a CLC trip to Tenerife. Had to pay own flights and transfers. We had to go to the presentation for about 6 hours and it was very boring and wasted a day of the holiday. Other than that we got a nice apartment and weren’t given any hassle. If you can get cheap flights and don’t mind one very boring day then it’s ok for a cheap holiday.

e.g.2 If you’ve signed, got a few thousand on credit to pay, you go home. You then read every thing and find they never told you that you also pay £400 a year for fees.

Maybe a Timeshare suits you so why not take advantage of the free taster holiday. But for most people it’s too restrictive and too expensive when all costs are added up.

Plus, although they promise you that selling a Timeshare is easy – hundreds of thousands of people have found that it’s virtually impossible to do and that makes the Timeshare worthless.

If you have any experiences with Timeshare sellers – do let me know, by email.

November 17, 2019

Stupidest Spam of the Week Better Hearing

There are lots of hearing loss scams but this latest one is quite ridiculous even by scammer standards.

“160 year old man creates remedy that can help millions with hearing loss”. There aren’t any 160 year old people in the world – only in the scammer’s imagination. The oldest ever person is recorded as a French woman who reached 122 years.

The email continues “A well meaning Amish doctor uncovered a 200 year old secret that changes everything you ever knew about hearing loss”.

No.

“It has been blacklisted by every major medical journal and yet this scientific breakthrough is so powerful; it has helped over 45,456 people already”.

These scam messages always have a ridiculous number of people supposedly helped even though no-one has ever heard of the claimed remedy.

All just a simple scam designed to catch gullible people.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 16, 2019

Time-Wasters Update

An email message tells me I have 9 notifications waiting to be read. Sounds important. But it’s from snakeriverlodge.com which I have never heard of so it’s a scam.

Apparently I can supercharge my brain using an old and controversial trick which is based on medical studies from top universities. This trick boosts my brain power by 380% in 14 days and it has already helped 34,878 people. Considering it’s from top universities and has helped so many people, it is surprising that no-one has ever heard of it and it has to be advertised by spam email to made-up email addresses. Pathetic.

News Special. CBS News announce a ‘stupidly simple’ Greek ritual you must do every night to reverse your diabetes and make you lose 56 lbs of unwanted fat. There is no such news from CBS and no such ritual. The cure for diabetes type II is to lose fat down to your optimum weight, eat a Mediterranean diet and take regular exercise. There are no magic rituals.

An email titled ‘How to Change Your Life?” sounds interesting but it’s just an empty email with a pdf attachment that is infected with a virus. Many people believe that PDF files are safe to open but that’s not the case. You should always virus check any PDFs that arrive via the Internet or email.

Dr. Ryan Shelton tells me that sagging skin and wrinkles has almost nothing to do with getting old. The real reason is that your body no longer produces collagen and elastin but he has a new very simple method to turn your body back to making those proteins and hence make you look much younger. This is one of the holy grails of the cosmetics industry and billions is spent each year on research to find an answer to wrinkles. An assortment of cosmetics on the high street shows some progress is being made but there’s no magic answer as yet. There is no doctor Ryan Shelton of course – just a scammer trying to steal your money.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.