fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

UK’s Cyber Security Center Publishes New Guidance to Fight Smishing

UK’s Cyber Security Center Publishes New Guidance to Fight Smishing

UK’s National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls.

The goal of the new guidelines is to make it harder for scammers to trick the public and lead users to phishing sites.

This action comes in response to an alarming rise in scams that spoof popular brands, with fake parcel deliveries being the dominant theme.

The NCSC urges businesses to do their part in protecting consumers and fighting the rising threat of scams, and the main way to achieve this is by making legitimate and fraudulent communications easier to discern.

Also Read; September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

SMS guidance

When organizations use SMS to communicate with an audience, the NCSC recommends that they use the following guidelines to assure recipients that a text is legitimate:

  • Use a five-digit number instead of a regular phone number.
  • Use a SenderID that appears in place of the sending number, indicating that the sender is trustworthy.
  • Use the same SenderID consistently across all communications and register it with the MEF.
  • Try not to include web links in SMS, but if it’s absolutely necessary, do not use URL shortening services that obscure the domain.
  • Use as few SMS distribution providers as possible, and audit all messages to validate the content.

Phone call guidance

Spoofing the phone numbers of legitimate entities is now fairly easy for criminals, so the calling number itself doesn’t constitute a guarantee of safety in communications.

Also Read: The 5 Important Things To Know In Security Pen Testing

To help tackle this problem, businesses are advised to follow these guidelines when calling customers:

  • Urge customers to call you instead and provide information on how to do it on the official site.
  • Ensure that the service providers aren’t routing calls to overseas infrastructure.
  • Ensure that the service providers have enabled anti-porting measures.
  • Ensure that the service providers are following the ‘General Conditions of Entitlement’.
  • Maintain consistency by using the same numbers to call people.
  • Numbers used only for call reception should be added to the ‘Do Not Originate’ list.
  • Provide a way and guidance for customers to report scams.

Consumer’s perspective

Even though the above measures will help in tackling scams, smishing (SMS phishing), and fraudulent phone calls, the consumers need to do their part too by keeping the following in mind:

  • Legitimate messages are typically consistent and straightforward.
  • The phone number and email address used are minimal.
  • Valid SenderIDs don’t usually feature special characters.
  • The validity of the sending address and number should be easy to verify on the entity’s official website.
  • Honest communications never ask for personal details.
  • Shortened URLs are a red flag.

In general, if something feels wrong when speaking to someone, ask for their name and hang up. Then, independently call the organization using the number you’ll find on their website and request to speak with the agent who contacted you.

Do not, under any circumstance, give away sensitive personal information on calls that you didn’t initiate.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us