Security

We take security seriously and we do everything we can to keep your money, investments and information safe. We are constantly reviewing our physical, electronic and procedural security controls in view of new and emerging threats in an effort to keep us all better protected. You must also help to keep yourself protected by taking reasonable precautions and staying alert to understand what a potential or actual attack may look like. This short guide aims to explain the following topics:

  • Encryption
  • Fraud Prevention
    • Top Tips (Passwords, Storage of Security Information, Connections, Internet Access Devices, Disposal, Social Media, Security Tools, Email, If you are Contacted)
    • Security Updates
      • Device / Operating System / Browser Security
      • Security Products
    • Keeping Updated
    • Contact Us
  • Protecting Your Identity
    • What is Identity Theft
    • Why is Identity Theft Important
    • Top Tips to Prevent Identity Theft
    • Possible Signs of Identity Theft
    • If you Suspect Identity Theft
  • Common Attack Types and Tips to Help Protect You
    • Email Security and ‘Phishing’
      • What is ‘Phishing’
      • Tips to spot ‘Phishing’
      • Preventing Phishing
      • General Guidance
    • Phone Security and ‘Vishing’
      • What is ‘Vishing’
      • Tips to spot ‘Vishing’
      • Preventing Vishing
      • General Guidance
    • Phone Text Security and ‘Smishing’
      • What is ‘Smishing’
      • Tips to spot ‘Smishing’
      • Preventing Smishing
      • General Guidance
    • Postal Fraud
      • What is Postal Fraud
      • Preventing Postal Fraud
      • General Guidance
    • Malware including Viruses, Worms, Trojans, Rootkits, Ransomware and Spyware
      • What is Malware
      • Preventing Malware
      • General Guidance
    • Downloads / Removable Media
      • What are Downloads / Removable Media
      • Preventing Malicious files from Downloads / Removable Media
    • Social Engineering
      • What is Social Engineering
      • Preventing Social Engineering
    • Common Scams
      • Pension / Pension Liberation
      • Boiler Room
      • Advance Fee
      • Money Mules
      • Courier
      • Other and Too-Good-To-Be-True Scams
  • Fraud Protection Links and Resources
  • Keep Us Updated
  • Who to Contact for Help

Please Note: While we make every effort to present reliable and accurate security information neither we nor any third parties involved in the management or maintenance of our websites provide any warranty or guarantee as to the accuracy, completeness or suitability of the information on our websites for any particular purpose. You acknowledge that such information may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

Your use of any security information on our websites is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any information available through our websites meet your requirements and personal circumstances.


Encryption

We use the most widely deployed security protocol in use today called SSL (Secure Sockets Layer) Certificates to help protect data while visiting our websites. This security technology establishes an encrypted link between the website server and the browser to decrease the risk that data passed between the two can be intercepted or tampered. Almost all modern browsers support SSL Certificates.

The SSL Certificates we use are a minimum of 2048 bits which is the size of the key used to encrypt and decrypt files – and this size is considered by today’s computing standards to be sufficient to protect data in transit.

A Padlock or Green Bar at the top of your internet browser indicates that an SSL Certificate is protecting the link. Note: If the Padlock is Open or you receive a Warning, the connection is not secure.

Both our main website (https://www.pilling.co.uk/) and Client Web Access (CWA) (https://www.pillingcwa.co.uk/) are protected by SSL Certificates so you know you are on the genuine site with an encrypted link between the website server and the browser. We use an Extended Validation (EV) SSL Certificate on CWA to provide extra assurance you are visiting our authentic site. Examples of what this may look like in your browser are as follows:

Main Website SSL Certificate Examples

CWA Website EV SSL Certificate Examples

Note: Please see your browser documentation to learn how to view SSL Certificate details.

Our https://www.pilling.co.uk/ website uses a Let’s Encrypt Authority X3 Certificate.

Our https://www.pillingcwa.co.uk/ website uses a Symantec Corporation EV SSL Certificate Issued by “Symantec Class 3 EV SSL CA – G3”.

Symantec Security Seal Logo

Our webserver supplier regularly uses security scanning tools to proactively monitor for new attacks and block them automatically.


Fraud Prevention

Fraudsters may use the telephone (mobile or landline), text messages, emails, social media or the postal system to try and obtain your information in order to mount an attack on you or your finances. Sometimes fraudsters may even pretend to represent us, the police or other agencies. At the start of this section we give you some Tips to help you be more secure and give ideas on how you can help Protect Your Identity. We then outline the most Common Types of Attack and offer Tips you can use to Protect Yourself along with examples of Common Scams. In the final part of this section we outline how Security Updates and Security Products can help offer you some protection.

Tips – Passwords

Tips – Storage of Security Information

Tips – Connections

Tips – Internet Access Devices

Tips – Disposal

Tips – Social Media

Tips – Security Tools

Tips – Email

Tips – If you are Contacted

Security Updates

Updates, or ‘patches’ as they are sometimes called, are pieces of software designed to update a computer program or its supporting data  once installed to fix or improve it.  These updates very often include security vulnerability fixes too.  Since these updates are designed to improve, usability, performance and improve security it is recommended you always perform all vendor updates. Devices that are not regularly updated are especially vulnerable to malicious attack.

Device / Operating System / Browser Security

Security Products

Fraudsters and hackers can attack your computer through various means whether you are connected to the internet / network or not.  Malware can spread not only through infected internet downloads but also through removable media (e.g. CD, DVD, Memory Stick, USB Drive etc.). You should always utilise the basic device / operating system / browser security features offered by vendors but you can also install additional security products that can enhance security. Some of these types of products are:

  • Antivirus / Antimalware
  • Personal Firewall
  • Anti-Spyware
  • Identity Theft Protection
  • Encryption
  • Backup

In summary the following tips should ensure you get the most out of any additional security products you use:

Keeping Updated

Contact Us

Please Note:


Protecting Your Identity

Your identity and personal information are valuable. Fraudsters and criminals can use your identity to open bank accounts, acquire credit cards and loans etc.  The following topics in addition to the Tips in the previous section will help explain what Identity Theft is and what you can do to protect your identity and prevent it from being stolen.

What is Identity Theft

Identity Theft is typically where a fraudster takes your personal information and uses it without your knowledge.

Why is Identity Theft Important

Identity Theft is a huge issue and can affect you in many ways including your credit rating. Fraudsters can open bank accounts and acquire credit cards and loans for example – all pretending to be you.

Top Tips to Prevent Identity Theft

Possible Signs of Identity Theft

If you Suspect Identity Theft


Common Attack Types and Tips to Help Protect You

In this section we outline the most Common Types of Attack and offer Tips you can use to Protect Yourself.

Email Security and ‘Phishing’

What is ‘Phishing’

‘Phishing’ is the term used to describe bogus emails used by fraudsters to trick you into giving away your personal information or other details which help them to launch an attack on you or your accounts.

Tips to spot ‘Phishing’

Preventing Phishing

General Guidance

We can help you identify fraudulent emails by explaining how we may contact you and the content of our emails:

Phone Security and ‘Vishing’

What is ‘Vishing’

Voice Phishing or ‘Vishing’ is the fraudulent practice where a fraudster makes phone calls or leaves voicemail messages purporting to be from a reputable company / individual in an effort to gain personal, security or financial information from a victim when they respond – sometimes sophisticated fraudsters spoof the Caller Line Identity too.

Tips to spot ‘Vishing’

Preventing Vishing

General Guidance

We can help you identify fraudulent phone calls by explaining how we may contact you by phone:

Phone Text Security and ‘Smishing’

What is ‘Smishing’

Smishing is a type of attack using mobile phone text messages which involve a fraudster tricking a victim into performing an undesirable action from the content of the text message such as downloading a virus from a link or incurring a large phone bill responding to the text.

Tips to spot ‘Smishing’

Preventing Smishing

General Guidance

Postal Fraud

What is Postal Fraud

Postal Fraud is the generic name given to a scheme or scam whereby the postal service is utilized to facilitate an attack on a victim.

Preventing Postal Fraud

General Guidance

Malware including Viruses, Worms, Trojans, Rootkits, Ransomware and Spyware

What is Malware

Malware, which short for Malicious Software, is the collective term for any software which is designed to affect normal operation of a computing device.  The software may disrupt, damage, gain unauthorised access, gather sensitive data or display unwanted messages.  Malware can include Viruses, Worms, Trojans, Rootkits, Ransomware, Spyware and other types of malicious code. Malware is often used to assist fraudsters to commit crime or identity theft.

Preventing Malware

General Guidance

Downloads / Removable Media

What are Downloads / Removable Media

Many frauds and scams rely on a user downloading a malicious file onto their device from a website, email or given to them on some form of removable media (e.g. memory stick, USB stick, CD, DVD etc.) – it is this malicious file that can then assist fraudsters to commit crime or identity theft.

Preventing Malicious files from Downloads / Removable Media

Social Engineering

What is Social Engineering

Social Engineering, often used within any of the previously described scams / frauds, is where an attacker manipulates a victim into divulging information or acting in a way that they would not have otherwise done. This is often part of a wider scam or fraud and often involves tricking the victim by exploiting aspects of their human nature or manipulating their trust.

Preventing Social Engineering


Common Scams

There are many different types of scams but by learning about the most common ones you are less likely to become a victim. The following is a summary of the most popular types.

Pension / Pension Liberation

A Pension Scam / Pension Liberation Scheme often involves pension savings being transferred to an arrangement that allows access to the funds, often before the age of 55.  These type of arrangements can often be illegal and can be misleading about the consequences of entering into one of these arrangements.

Boiler Room

A Boiler Room scam, often run from so-called ‘boiler rooms’, is where fraudsters typically cold-call potential victims offering them worthless, overpriced or non-existent shares.  With promises of high returns, unfortunately those who do invest usually end up losing all of their investment.

Advance Fee

Advance Fee scams are typically where fraudsters will target victims to make advance or upfront payments for goods, services or financial gains that never materialise. Similar named scams include Career Opportunity Scams, Clairvoyant / Psychic Scams and Cheque Overpayment Frauds. Another type of Advance Fee Scam is the ‘419’ scam.  Typically with this type of scam a victim is told a convincing story to advance money to a stranger.  The victim is led to expect a much larger sum of money will be returned but none is ever received.

Money Mules

Typical Money Mule scams involves a victim transferring stolen money between countries.  Often Money Mule victims are recruited unknowingly by criminals to transfer illegally obtained money between different bank accounts.

Courier Scams

Courier Scams involve a fraudster contacting and tricking a victim to hand over documents, cards and/or PINs etc. to a courier who will come to visit the victim.  There are many variations of this scam but typically a fraudster will telephone the victim pretending to be from the bank or police to give a sense of urgency to the call and make the victim panic into an action.

Other and Too-Good-To-Be-True Scams

Any of the following circumstances may indicate a potential scam: unsolicited approaches, unrealistic gains or risks, lack of credible evidence, pressure tactics, instructions to keep things quiet, phrases such as free / legal loophole / cash bonus, use of couriers to exchange documents or information, contact by mobile phones with no fixed line contact. Usually if something sounds too good to be true then it probably is.


Fraud Protection Links and Resources

A selection of Fraud Protection Links and Resources to help you better protect yourself is as follows:

Please note: we accept no responsibility or liability for the content, accuracy or availability of any external site.


Keep Us Updated


Who to Contact for Help

Always telephone us on our main line – never recall using calling line identification or use a number given to you by someone. Be aware fraudsters sometimes don’t hang up the phone their end and trick you into speaking to them on your ‘next call’ – so use another line to call us back if possible or be sure the line is definitely clear before re-dialling.