Remaining compliant following the 4th Money Laundering Directive

Kelly Cosgrove

Since the fourth Money Laundering Directive (4MLD) came into force in June 2017, there has been some knock-on effects on the filing requirements for Limited Companies and LLPs.

You may remember that back in June 2016, the Annual Return was replaced by the Confirmation Statement and the Persons of Significant Control Register (PSC).  All companies were required to take reasonable steps to identify the company’s PSCs and create and maintain a register of these individuals or companies (Relevant Legal Entities).

The PSCs’ details were then to submitted along with the confirmation statement. Any changes to the company’s PSCs were to be notified once a year on filing of the confirmation statement unless the company had elected for Companies House to hold and maintain its register.

However, just as companies and their advisors were getting the hang of these new reporting measures, the 4MLD introduced more changes.

The most prominent change, and one that will affect most clients, is the reporting frequency of any changes made to PSCs.

This has reduced from being an annual requirement to being required within 28 days from the date of the change. Companies will have 14 days to update their register once notified of any changes and a further 14 days to notify Companies House of the change. This action has been taken to ensure that registers are kept up to date and are ‘current’ during the year rather than a ‘snapshot’ at one point in time.

The changes that need to be reported to Companies House via specific forms within 28 days include:

  • Change in nature of control (e.g. if the PSC acquires or sells shares)
  • Change to a PSC name or address
  • Change to the name of an RLE
  • If a PSC ceases to be a PSC

Companies House has recognised that the move to maintaining the PSC register has proved difficult for some, and the filing requirements may not have been fully understood or interpreted correctly by companies. As a result, Companies House plans to contact businesses whose PSC appears incorrect to help them comply. They will also be updating their PSC guidance and adding a ‘report it now’ button for those who experience problems when accessing information on the public register.

If you do require any assistance in preparing your Confirmation statement or Persons of Significant Control register or would like advice on how to update your details with Companies House, contact our Company Secretarial Department on 01254 688 100.

Protect Your Business

Protect Your Business – Free Business Crime Conference

The event is free to attend although you need to register.


Protect your business

Information from :

East Lancashire Chamber of Commerce · Red Rose Court, Clayton Business Park · Clayton-Le-Moors · Accrington, Lancashire BB5 5JR · United Kingdom



This free conference brings you the latest information and practical advice to help you protect your business, your employees and your property.

The event has been developed in partnership with key business support organisations and will be opened by the Police and Crime Commissioner for Lancashire, Clive Grunshaw, who is committed to engaging with the business community to tackle the impact of crime on the local economy



  • Cyber crime and fraud and how to deal with it if it happens to your business.
  • Crime prevention advice from Lancashire Constabulary and what you can do to better protect yourself, your business, your property, your staff and your data. Business Crime Survey outcomes.


  • Ensure your business is well protected.
  • Learn about new innovative approaches being developed to tackle the emerging threats to businesses.
  • Work in partnership with other organisations to tackle business crime.

Network with other business owners, business support providers and event organisers.



10 November 2015: 9.00 am – 1.15 pm

The Best Western Leyland Hotel, Leyland Way, Leyland, PR25 4JX

The event is free to attend although you need to register.

Lunch will be provided.


Cyber Risk

Cyber Risk

Derek Rigby

By: Derek Rigby

Cyber Risk is a growing concern to SME business particularly those conducting some or all of their business online.

Shellshock virus

At Sagar Insurances the instances of theft has dwindled during the past 12 months. Seldom do we see claim for the theft of equipment following a mid-night burglary. However, instances of criminals accessing computer systems to commit

  • fraud,
  • blackmail
  • theft

are on the rise.

Examples are:

  • A company had their computer system hacked and criminals tried to access the company’s online banking system using information stored on the computer.
  • A company had their accounts system hacked and the bank details on their invoice template changed.
  • A company had their telephone system hacked and all outgoing calls were redirected via a premium rate number.
  • A company whose customers predominantly traded online, had their website attacked and were unable to trade until the site had been rebuilt.

There are several ways to make sure you are protected properly but only one will help you put things right if it all goes wrong. The right Insurance policy will help cover

  1. costs of cleaning your system following at attack,
  2. fines that come with a Data Protection breach following the loss of personal data,
  3. loss of income because you are unable to trade whilst your system is down.

Here are some other ways of protecting yourself:

Keep it clean.

Run regular checks for Malware and make sure you’re running the most up to date antivirus software.

Complicated passwords.

Make sure your password is easy enough to remember but complicated enough that no one else can guess it. Mobile devices should always be locked, preferably with a password or pin but at the very least something more than a swipe to the right!

Use secure websites.

Look for a lock somewhere in the browser address line, or make sure the URL begins with “https,” as such sites encrypt log-in information before sending it to the server.

Damian Glynn

Damian Glynn

In a recent publication from Damian Glynn at

VRS Vericlaim


He asks:

  • Is there a insured event?
  • Is the incident covered prima facie?
  • Is the incident excluded?
  • How long is it going to be investigated?
  • How will quantum be considered?

Contact us at Sagar for further information

Sagar bottom strip

Contact Details Telephone: 01282 858250


The New Whiplash – Guest Blog

Noise Induced Hearing Loss – The New Whiplash

Sagar Insurances logo

30 Willow Street, Accrington BB5 1LU
01254 391411

by: Derek Rigby  of Sagar Insurances

Derek Rigby

According to the Health and Safety Executive (HSE), 17,000 people in the UK suffer deafness, ringing in the ears or other conditions caused by excessive noise at work.

At the same time, claims against insurance policies have been rocketing. For example AXA Business Insurance saw a year-on-year rise of 75% in the number of deafness claims in 2012 – a rise of 162% between 2009 and 2012.

Deafness claims do not have the same restrictions on costs that a road traffic accident claim might. For example, success fees can be as high as 100 per cent and hourly rates rather than fixed costs can be claimed. This will make a significant difference to the costs recovered by a successful claimant’s solicitor.

Hearing Loss

With the costs solicitors are able to claim from Motor Personal injury reducing due to recent government action Hearing Loss is being referred to as “The new Whiplash”

East Lancashire’s rich industrial heritage inevitably left significant numbers of people with hearing problems. Those affected by noise levels, for example, from rattling looms in Lancashire’s traditional mills should rightly be compensated if the employee breached Noise regulations.

However many of the claims we as Brokers receive are spurious and in some cases fraudulent and it is these that Insurance Industry is keen to defend.

The claim is usually structured as follows:

Potential Claim:

Solicitor requests Personnel and Occupational Health records from employer. There is no claim at this stage the claimant solicitors are merely “fishing”. However they are entitled to the information under the Disease and Illness Protocol. The employer has 40 days to respond.

At this point it is always advisable to start the process of identifying the appropriate Insurer even though it is the Employers responsibility to send the documents not the Insurer.

If a letter of claim follows this needs to be acknowledged within 21 days. This is the point where Insurers must be advised. Due to the length of the claimant’s employment then a number of Insurers will need to be notified. The last Insurer on Risk will coordinate the claim under the Disease and Working Party Agreement (DWPA).

Some of the questions our clients ask are as follows;

Q – How far back can someone claim for deafness/ accident?
A – This is primarily subject to the limitation period, which is of course not more than 3 years from the date of accident/injury or 3 years from the claimant’s date of knowledge, if later.  This is also of course subject to proof of negligence, which in terms of Noise Induced Hearing Loss Claims is commonly regarded as only arising with the publication of Noise & the Worker in 1963.
Q – Where there was a legal requirement to keep the ELI’s for a specified timescale and that timescale has since elapsed where does this leave the employer? Are they totally responsible for any compensation claim?

A – An employer is totally liable for any damages where a worker proves injury caused by the employer’s fault during any period for which there is either no insurance or insurance has not been identified.
Q – If the employer doesn’t have records of their insurance from the past is there any way of finding out who their insurer would have been during the time of the incident.
A – Yes, by searches at the Employers Liability Tracing Office.  If that does not help, the instruction of an insurance archaeologist is an option, but this is expensive. It is also helpful to contact Accountants or previous Broker that the Employer may have used who may have had copy Insurance documents from the financial perspective.

We have recently identified an Insurer for a client following our advice that they should contact their former accountants. They were able to supply Insurance certificate’s going back to the 1980’s which was exactly the period needed.

Following the receipt of a claim for Mesothelioma we persuaded a client that it would be in their interests to pay staff to work at weekends searching their archives for policies from the 1970’s. Following a successful search an Insurer was identified. The claim was eventually settled at £160,000. Our client would have been responsible for all these costs had an Insurer not been identified.
Q – What happens if the company has no record of their employment, would the employee have to prove that they were employed by the company?
A – Yes, but normally the employment history issued by HM Revenue & Customs will establish this for the period from 1961/62.  Prior to 1961/62, the claimant’s own evidence that he was employed is usually sufficient, particularly if a company has no remaining employment records.

If you have an Insurance Broker they should be able to assist with all the various aspects of the claim.

Tactically they should be able to assist you in responding to the letter of claim as this should provide specific information related to their client and his employment. The failure to provide this information can afford the employer valuable time in researching their archives.
Indeed in many cases once we have interrogated the initial letter of claim and responded the claimant solicitor closes the file and does not pursue further.
We also have the support of BLM Solicitors a major defendant law firm

What can Employers do to avoid future claims while dealing with Historic claims from the past?

  •  Keep a generic file with all relevant noise surveys, risk assessments, safety meetings going back as far as possible
  • Assess the risks to your employees from noise at work and take action to reduce exposure
  • Provide employees with hearing protection if you cannot reduce the noise exposure by using other methods
  • Make sure the legal limits on noise exposure are not exceeded
  • Provide your employees with information, instruction and training
  • Carry out health surveillance where there is a risk to health

Sagar Insurances logo

30 Willow Street, Accrington BB5 1LU
01254 391411





Involved in Fraud ? – Yes or No

Have you been involved in Fraud – only two answers possible:

By: Andrew Stephenson

Code of Practice 9

HM Revenue & Customs enquiries HMRC regularly conduct routine enquiries into taxpayers’ affairs but occasionally they will instigate an enquiry using the Civil Investigation of Fraud procedures, also known as a ‘Code of Practice 9’  (“CoP9”) enquiry.

Fortunately we don’t often see clients on the receiving end of a HMRC CoP9 enquiry but HMRC see this as a major part of their armoury in combatting tax avoidance. Part of the opening procedure in such an enquiry is for HMRC to ask the taxpayer to declare whether they have been involved in a fraud.

Have you been involved in a Fraud?

In HMRC’s view there used to be only three possible answers to this.

  1. Firstly, an admission of fraud.
  2. Secondly a denial of acting fraudulently whilst agreeing to cooperate with HMRC in their enquiry by commissioning a report (at the taxpayer’s expense) into their taxation affairs.
  3. The final alternative would be a flat denial – in which case HMRC would undertake their own enquiry and could proceed to prosecute the taxpayer if a fraud was discovered.

In a rather worrying development HMRC have withdrawn the second option for taxpayers to deny acting fraudulently whilst agreeing to cooperate with them.

I say ‘worrying’ as until now although only the first option gave immunity from prosecution: the second denial option could also do so provided that a full disclosure was made to HMRC in the Report.

As a result of the change taxpayers can now only admit to a fraud or alternatively deny everything and risk prosecution.

A typical HMRC ‘black or white’ approach and a presumption of guilt. This is, in my view, a dangerous development: there now appears to be no facility open to a taxpayer to admit getting something wrong or doing something that falls short of constituting a fraud or of acting in a fraudulent manner, when challenged by HMRC using the CoP9 procedure.


This is a SCAM – do not respond to fake Companies House emails

This is a SCAM – do not respond to fake Companies House emails

Scam Alert

The following email is just one of many received at our offices today and similar emails have been reported as received by some of our clients. It is a scam to set a trap for you.


For your safety, we have removed all links from this message.

A company complaint was submitted to Companies House website.

The submission number is 9659174

For more details please click :

Please quote this number in any communications with Companies House.

All Web Filed documents are available to view / download for 10 days after their original submission. However it is not possible to view copies of accounts that were downloaded as templates.

Companies House Executive Agency may use information it holds to prevent and detect fraud. We may also share such information, for the same purpose, with other organisations that handle public funds.

If you have any queries please contact the Companies House Contact Centre on +44 (0)303 1234 500 or email

Note: This email was sent from a notification-only email address which cannot

accept incoming email. Please do not reply directly to this message.



Get Safe Online

Get Safe Online

By: Stuart Waddington

We recommend the website Get Safe Online

20131029 get-safe-online-logo

In today’s cybercrime inclined world it is full of good and useful advice:

  • Do you have a PIN on your phone?
  • Do you know when a web page is secure?
  • Can you spot a phishing email?

Your passwords are the most common way to prove your identity when using websites, email accounts and your computer itself (via User Accounts). The use of strong passwords is therefore essential in order to protect your security and identity. The best security in the world is useless if a malicious person has a legitimate user name and password.

Get started…

  • Always use a password.
  • Ensure you use strong passwords, and do not disclose them to anyone else.

Passwords are commonly used in conjunction with your username. However, on secure sites they may also be used alongside other methods of identification such as a separate PIN and/or memorable information. In some cases you will also be asked to enter only certain characters of your password, for additional security.

The Risk of Using Weak Passwords

People impersonating you to commit fraud and other crimes, including

  • Accessing your bank account
  • Purchasing items online with your money
  • Impersonating you on social networking and dating sites
  • Sending emails in your name
  • Accessing the private information held on your computer

Choosing the Best Passwords


  • Always use a password.
  • Choose a password with a combination of upper and lower case letters, numbers and keyboard symbols such as @ # $ % ^ & * ( ) _ +. (for example SP1D3Rm@n – a variation of spiderman, with letters, numbers, upper and lower case). However, be aware that some of these punctuation marks may be difficult to enter on foreign keyboards.
  • Choose a password containing at least eight characters. However, longer passwords are harder for criminals to guess or break.


  • Use the following as passwords:
    • Your username, actual name or business name.
    • Family members’ or pets’ names.
    • Your or family birthdays.
    • Favourite football or F1 team or other words easy to work out with a little background knowledge.
    • The word ‘password’.
    • Numerical sequences.
    • A commonplace dictionary word, which could be cracked by common hacking programs.
  • When choosing numerical passcodes or PINs, do not use ascending or descending numbers (for example 4321 or 12345), duplicated numbers (such as 1111) or easily recognisable keypad patterns (such as 14789 or 2580).

Looking After Your Passwords

  • Never disclose your passwords to anyone else. If you think that someone else knows your password, change it immediately.
  • Don’t enter your password when others can see what you are typing.
  • Change your passwords regularly.
  • Use a different password for every website. If you have only one password, a criminal simply has to break it to gain access to everything.
  • Don’t recycle passwords (for example password2, password3).
  • If you must write passwords down in order to remember them, make sure they are meaningless to, and unusable by other people by writing them in code (substituting the characters in your password with others that you can remember, or easily work out).
  • Do not send your password by email. No reputable firm will ask you to do this.

Controlling User Accounts

Everybody who uses a computer should be assigned their own user account so that only they can access their files and programs. Each user account should be accessible only by entering a username and password in order to safeguard users’ privacy. Other user account features can also be set up in user accounts – including parental controls (Windows Vista and Windows 7 only).

Do not use an account with administrator privileges for everyday use, as malware could assume administrator rights. Even if you are the only user, set up an administrator account to use when you need to carry out tasks such as installing programs or changing the system configuration, and another ‘standard user’ account as your regular account. If you are not logged in as administrator, you will be prompted to enter an administrator password when you install a new device driver or program. You can manage user accounts in Windows Control Panel.

20131029 Protecting your computer image

Safe Internet Use

The internet has revolutionised the way we live our lives – enabling us to read the news, enjoy entertainment, carry out research, book our holidays, buy and sell, shop, network, learn, bank and carry out many other everyday tasks.

However, there are a number of risks associated with going online. These result from either visiting malicious websites or inadvertent disclosure of personal information.

The Risks

Get started…

  • Always be vigilant when supplying personal or financial details.
  • Ensure your browser is up to date.

The risks of visiting malicious, criminal or inappropriate websites include:

  • Viruses and spyware (collectively known as malware).
  • Phishing, designed to obtain your personal and/or financial information and possibly steal your identity.
  • Fraud, from fake shopping, banking, charity, dating, social networking, gaming, gambling and other websites.
  • Copyright infringement – copying or downloading copyright protected software, videos, music, photos or documents.
  • Exposure to unexpected inappropriate content.

When you use the internet, your browser (for example Internet Explorer, Opera, Chrome, Safari or Firefox) keeps a record of which sites you have visted in its ‘history’.

When you use the internet, the websites you visit are visible to your Internet Service Provider and browser provider, and it is possible that records are kept.

Use the Internet Safely

It is very easy to clone a real website and does not take a skilled developer long to produce a very professional-looking, but malicious site.

Being wary of malicious, criminal or inappropriate websites:

  • Use your instincts and common sense.
  • Check for presence of an address, phone number and/or email contact – often indications that the website is genuine. If in doubt, send an email or call to establish authenticity.
  • Check that the website’s address seems to be genuine by looking for misspellings, extra words, characters or numbers or a completely different name from that you would expect the business to have.
  • Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser. Beware if this is different from what is displayed in the text of the link from either another website or an email.
  • If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site.
  • Websites which request more personal information than you would normally expect to give, such as user name, password or other security details IN FULL, are probably malicious.
  • Avoid ‘pharming’ by checking the address in your browser‘s address bar after you arrive at a website to make sure it matches the address you typed. This will avoid ending up at a fake site even though you entered the address for the authentic one – for example ‘eebay’ instead of ‘ebay.
  • Always get professional advice before making investment decisions. Sites that hype investments for fast or high return – whether in shares or alleged rarities like old wine, whisky or property – are often fraudulent.
  • Be wary of websites which promote schemes that involve the recruitment of others, receiving money for other people or advance payments.
  • If you are suspicious of a website, carry out a web search to see if you can find out whether or not it is fraudulent.
  • Be wary of websites that are advertised in unsolicited emails from strangers.

Secure Websites

Before entering private information such as passwords or credit card details on a website, you can ensure that the link is secure in two ways:

  • There should be a padlock symbol in the browser window frame, that appears when you attempt to log in or register. Be sure that the padlock is not on the page itself … this will probably indicate a fraudulent site.
  • The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.

The above indicate that the website owners have a digital certificate that has been issued by a trusted third party, such as VeriSign or Thawte, which indicates that the information transmitted online from that website has been encrypted and protected from being intercepted and stolen by third parties.

When using websites that you do not know, look for an Extended Validation (or EV-SSL) certificate, which indicates that the issuing authority has conducted thorough checks into the website owner. The type of certificate held can be determined by clicking the padlock symbol in the browser frame which will launch a pop-up containing the details.

Do also note that the padlock symbol does not indicate the merchant’s business ethics or IT security.


Cookies are files on your computer, smartphone or tablet that websites use to store information about you between sessions. Most of the time they are innocuous – carrying out tasks such as keeping track of your username so that you don’t have to log into a website every time you visit it, and storing your usage preferences. However, some are used to track your browsing habits so that they can target advertising at you, or by criminals to build a profile of your interests and activities with a view to fraud.

  • Set your browser to warn you when a cookie is installed. Note that some sites will not work if you block cookies completely.
  • Some browsers will let you enable and disable cookies on a site by site basis so you can allow them on sites you trust.
  • Use an anti-spyware program that scans for so-called tracker cookies.
  • There are also cookie management programs that can delete old cookies and help manage them. In addition you can use settings in some browsers to delete unwanted cookies.
  • Use a plain text email display instead of HTML email so that tracking files and cookies cannot be included in email files.
  • UK websites must gain your permission to enable cookies.

Safe Use of Browsers

The most common internet browsers enable you to manage your settings such as allowing and blocking selected websites, blocking pop ups and browsing in private. Respective browsers will tell you to do this in slightly different ways, so we recommend that you visit the security and privacy section of their websites, or the help area of the browsers themselves:

Internet Explorer





Some browsers also have the ability to identify fraudulent websites by default.

Always ensure that you are running the latest version of your chosen browser that your operating system will support. Also, be sure to download and install the latest updates.

It is important to remember that turning on the private browsing setting or deleting your browsing history will only prevent other people using your computer from seeing which sites you have visited. Your internet service provider, search engine, law enforcement agencies and possibly (if browsing at work) your employer, will still be able to see which sites you have visited or keywords you have searched for.

Always remember to log out of a secure website when you have completed your transaction, and before you close the browser. Closing the browser does not necessarily log you out.

Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

What to do if you Encounter Illegal Material 

  • If you come across content that you consider to be illegal such as child abuse images or criminally obscene adult material, you should report this to the IWF:
  • If you come across content that you consider illegal such as racist or terrorist content, you should report this to the Police.

Wireless Networks and hotspots

Wireless networks have revolutionised the way we can use computers and mobile devices, both in the home and office – and when we are out and about. Home and office wireless networks make it easier to use the internet and send and receive email in any room in the building and even outside… and enable visitors to do likewise. ‘Public’ wireless networks or hotspots mean that we can do the same in places like cafés, hotels and pubs. And plug-in mobile broadband devices, or ‘dongles,’ provide even more flexibility, allowing you to work online where there is cellular 3G or 4G coverage.

Get started…

  • Ensure your wireless hub/router/dongle has security turned on.
  • Unless you are using a secure web page, do not send or receive private information when using public WiFi.

Home/office/mobile and public WiFi (as wireless connections are commonly known), use the same technology (802.11). There are some common potential issues, whilst each has its own particular risks. You can protect yourself easily with a few simple precautions.

Home/Office Wireless Networks

The Risks

If your wireless hub/router/dongle is not secured, other people can easily gain access to it if they are within range. This can result in unauthorised people doing the following:

  • Taking up your bandwidth – affecting the online speed of your own computers and other devices.
  • Using your download allowance, for which you have paid your Internet Service Provider (ISP).
  • Downloading inappropriate material, which would be traced to your address and not their computer.
  • Accessing sensitive information that you may be sending or receiving online.

Safe Wireless Networking

All of the above risks can be avoided simply by ensuring that the wireless hub/router/dongle that you wish to connect to, is secured. To check that this is the case, simply search for available wireless networks, and those that are secured will be indicated with a padlock symbol.

When you first connect a computer, smartphone, tablet, printer or any other wireless-enabled device to any wireless hub/router/dongle, you will be prompted to enter a password/key, provided the network is in secure mode. This will enable the device to connect on this occasion and normally, for future use. The password/key will be supplied with the hub/router/dongle, but you may be given the opportunity to change it to one of your own choice.

If you are setting up a new hub/router/dongle, it will probably have been supplied with security turned on as the default. There are three main encryption levels available (WEP, WPA and WPA2), WPA2 being the highest. Most hubs/routers give you the option of selecting a higher level, but remember that some older devices may not be compatible with higher levels.

If for any reason a home/office/mobile wireless hub/router/dongle you wish to connect to is not secured, consult the user manual.

Ensure you have effective and updated antivirus/antispyware software and firewall running before you connect to a wireless network.

Keep WiFi codes safe so that others cannot access or use them.

Public WiFi

The Risks

The security risk associated with using public WiFi is that unauthorised people can intercept anything you are doing online. This could include capturing your passwords and reading private emails. This can happen if the connection between your device and the WiFi is not encrypted, or if someone creates a spoof hotspot which fools you into thinking that it is the legitimate one.

With an encrypted connection, you will be required to enter a ‘key’, which may look something like: 1A648C9FE2.

Alternatively, you may simply be prompted to log in to enable internet access. This will tell the operator that you are online in their café, hotel or pub. There is almost certainly no security through encryption.

Safe Public WiFi

  • Unless you are using a secure web page, do not send or receive private information when using public WiFi.
  • Wherever possible, use well-known, commercial hotspot providers such as BT OpenZone or T-Mobile.
  • Businesspeople wishing to access their corporate network should use a secure, encrypted Virtual Private Network (VPN).
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you use public WiFi.

Other Advice

  • Don’t leave your computer, smartphone or tablet unattended.
  • Be aware of who is around you and may be watching what you are doing online.


Maintaining privacy whilst online is essential in avoiding identity theft and fraud. Apart from these risks, however, there is personal information about you which you undoubtedly do not want to reveal to certain other people.

It is surprisingly easy to inadvertently give away your personal information online, especially when prompted to do so by an email, on social networking sites or on company websites requesting information which they do not necessarily need to do business with you.

Get started…

  • Don’t give away personal information.

In addition, certain organisations hold information about you which enables you to carry out transactions with them. These include government departments such as HMRC, financial institutions such as banks, building societies and insurance companies, retailers, search engines … the list is virtually endless. They are all subject to the Data Protection Act, but you still need to be vigilant about their use of your data.

The Risks

  • Identity theft
  • Blackmail/extortion
  • Defamation of character
  • Unsolicited selling and marketing
  • People using awareness of your activities and movements to act against you
  • Employers using the information to exploit you

How Your Privacy can be Compromised

  • Unencrypted email and most website interactions can be monitored, including by your employer and your ISP.
  • Via phishing – where an illicit email prompts you to click on a link to a bogus website which will collect your private or financial infomation.
  • Via vishing (short for ‘voice phishing‘), where fraudsters call you either on the phone or in person, to collect your private or financial information.
  • Using unsecured WiFi networks – both in the home/office and when out and about.
  • Using unencrypted links for sensitive communications (for example not using a VPN to connect to the office).
  • Not using secure websites when banking or making online payments, including those for purchases.
  • Not using strong passwords, not regularly changing passwords, not using passwords at all or revealing passwords to other people.
  • Not using a secure email or webmail account.
  • Using a work email account for personal email.
  • Staying logged in to a website or email account when the computer/smartphone/tablet is going to be used by somebody else.
  • Via spyware and viruses, including those that log your keystrokes to determine your online activity.
  • Via physical keystroke loggers attached to the keyboard cable.
  • Not storing personal or financial documents securely.
  • Not shredding unwanted personal or financial documents.
  • Being taken into people’s confidence too easily.

Maintaining Your Privacy

  • Ensure you always have effective and updated antivirus/antispyware software running.
  • In a public or work environment, check your computer physically for any unusual devices that may be plugged in, especially on the keyboard cable.
  • Use secure websites when shopping or banking online.
  • Log out of secure websites when you have finished your transaction, as closing the window may not automatically log you out of the site.
  • Use strong passwords, change your passwords regularly and never reveal them to other people.
  • Avoid using a work email address for personal use. Instead, have a separate, private email address for private business.
  • Make sure your home/office WiFi network is secured.
  • Store personal and financial documents securely.
  • Shred unwanted personal or financial documents.
  • Be careful to whom you disclose personal information.
  • Where possible, avoid using your real name online.
  • Be cautious about who is trying to befriend you online including via email and social networks/dating sites.
  • Be wary of disclosing personal information on a work or personal web site.
  • Use a disposable, anonymous webmail account for websites that demand an email address to register.
  • Set clear guidelines for children about when and how they can reveal information.

Additional Information

You are legally entitled to request a copy of all the personal data that an organisation holds on you, known as a subject access request. The organisation is obliged to deliver the data within 40 calendar days, and may charge a fee of up to £10 to do so.

Click here to access the Information Commissioners Office

Spam and Scam email

email is both an excellent communication tool and also a way that companies can inform you about their latest products and services. However, email is frequently used to deliver unwanted material which is at best, annoying and at worst, malicious – causing considerable harm to your computer and yourself.

These include the following:

Spam (or Junk) email

Get started…

  • Always be vigilant when receiving or responding to emails.
  • Make sure your spam filter is always switched on to minimise the risks.

The vast majority of email sent every day is unsolicited junk mail. Examples include:

  • Advertising, for example online pharmacies, pornography, dating, gambling.
  • Get rich quick and work from home schemes.
  • Hoax virus warnings.
  • Hoax charity appeals.
  • Chain emails which encourage you to forward them to multiple contacts (often to bring ‘good luck’).

How spammers obtain your email address

  • Using automated software to generate addresses.
  • Enticing people to enter their details on fraudulent websites.
  • Hacking into legitimate websites to gather users’ details.
  • Buying email lists from other spammers.
  • Inviting people to click through to fraudulent websites posing as spam email cancellation services.
  • From names/addresses in the cc line, or in the body of emails which have been forwarded and the previous particpants have not been deleted.

The very act of replying to a spam email confirms to spammers that your email address exists.

How to spot spam

Spam emails may feature some of the following warning signs:

  • You don’t know the sender.
  • Contains misspellings (for example ‘p0rn’ with a zero) designed to fool spam filters.
  • Makes an offer that seems too good to be true.
  • The subject line and contents do not match.
  • Contains an urgent offer end date (for example “Buy now and get 50% off”).
  • Contains a request to forward an email to multiple people, and may offer money for doing so.
  • Contains a virus warning.
  • Contains attachments, which could include .exe files.

The risks

  • It can contain viruses and spyware.
  • It can be a vehicle for online fraud, such as phishing.
  • Unwanted email can contain offensive images.
  • Manual filtering and deleting is very time-consuming.
  • It takes up space in your inbox.

email Scams

Scams are generally delivered in the form of a spam email (but remember, not all spam emails contain scams). Scams are designed to trick you into disclosing information that will lead to defrauding you or stealing your identity.

Examples of email scams include:

  • emails offering financial, physical or emotional benefits, which are in reality linked to a wide variety of frauds.
  • These include emails posing as being from ‘trusted’ sources such as your bank, the Inland Revenue or anywhere else that you have an online account. They ask you to click on a link and then disclose personal information.

Phishing emails

Phishing is a scam where criminals typically send emails to thousands of people. These emails pretend to come from banks, credit card companies, online shops and auction sites as well as other trusted organisations. They usually try to trick you into going to the site, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that looks exactly like the real thing but is actually a fake designed to trick victims into entering personal information.

  • The email itself can also look as if it comes from a genuine source. Fake emails often (but not always) display some of the following characteristics:
  • The sender’s email address is different from the trusted organisation’s website address.
  • The email is sent from a completely different address or a free webmail address.
  • The email does not use your proper name, but uses a non-specific greeting such as “Dear customer.”
  • A sense of urgency; for example the threat that unless you act immediately your account may be closed.
  • A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
  • A request for personal information such as username, password or bank details.
  • You weren’t expecting to get an email from the organisation that appears to have sent it.
  • The entire text of the email is contained within an image rather than the usual text format. The image contains an embedded link to a bogus site

Use email safely

  • Do not open emails which you suspect as being spam.
  • Do not forward emails which you suspect as being spam.
  • Do not open attachments from unknown sources.
  • Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
  • Do not respond to emails from unknown sources.
  • Do not make purchases or charity donations in response to spam email.
  • Don’t click on ‘remove’ or reply to unwanted email.
  • Check junk mail folders regularly in case a legitimate email gets through by mistake.
  • When sending emails to multiple recipients, list their addresses in the ‘BCC’ (blind copy) box instead of in the ‘To’ box. In this way, no recipient will see the names of the others, and if their addresses fall into the wrong hands there will be less chance of you or anybody else receiving phishing or spam emails.
  • Similarly, delete all addresses of previous parties in the email string, before forwarding or replying.
  • If you are suspicious of an email, you can check if it is on a list of known spam and scam emails that some internet security vendors such as McAfee and Symantec feature on their websites.
  • Most Microsoft and other email clients come with spam filtering as standard. Ensure yours is switched on.
  • Most spam and junk filters can be set to allow email to be received from trusted sources, and blocked from untrusted sources.
  • When choosing a webmail account such as gmail, Hotmail and Yahoo! Mail, make sure you select one that includes spam filtering and that it remains switched on.
  • Most internet security packages include spam blocking. Ensure that yours is up to date and has this feature switched on.

Social Networking

20131029 socal-networking

Social networking is a global revolution, enabling around a billion people worldwide to stay in touch with their friends, share experiences and photographs and exchange personal content. In many ways it has replaced the telephone and email. For many users, it has become a way of life.

Get started…

  • Never disclose private information when social networking.
  • Be wary about who you invite or accept invitations from.
  • Be careful about clicking on links in an email or social networking post.

Various social networking sites are also valuable tools used by many companies and individuals to extend their contacts and deliver marketing messages.

The nature of social networking – having such a massive base of users who are unknown to you – means that using it carries a degree of risk including becoming a target for cyber-criminals.

The Risks

  • Disclosure of private information by either yourself or friends/contacts.
  • Bullying.
  • Cyber-stalking.
  • Access to age-inappropriate content.
  • Online grooming and child abuse.
  • Prosecution or recrimination from posting offensive or inappropriate comments.
  • Phishing emails allegedly from social networking sites, but actually encouraging you to visit fraudulent or inappropriate websites.
  • Friends’, other people’s and companies’ posts encouraging you to link to fraudulent or inappropriate websites.
  • People hacking into or hijacking your account or page.
  • Viruses or spyware contained within message attachments or photographs.

Safe Social Networking

You can avoid these risks and enjoy using social networking sites by following a few sensible guidelines:

  • Do not let peer pressure or what other people are doing on these sites convince you to do something you are not comfortable with.
  • Be wary of publishing any identifying information about yourself – either in your profile or in your posts – such as phone numbers, pictures of your home, workplace or school, your address or birthday.
  • Pick a user name that does not include any personal information. For example, “joe_glasgow” or “jane_liverpool” would be bad choices.
  • Set up a separate email account to register and receive mail from the site. That way if you want to close down your account/page, you can simply stop using that mail account. Setting up a new email account is very simple and quick to do using such providers as Hotmail, Yahoo! Mail or gmail.
  • Use strong passwords.
  • Keep your profile closed and allow only your friends to view your profile.
  • What goes online stays online. Do not say anything or publish pictures that might later cause you or someone else embarrassment.
  • Never post comments that are abusive or may cause offence to either individuals or groups of society.
  • Be aware of what friends post about you, or reply to your posts, particularly about your personal details and activities.
  • Remember that many companies routinely view current or prospective employees’ social networking pages, so be careful about what you say, what pictures you post and your profile.
  • Learn how to use the site properly. Use the privacy features to restrict strangers’ access to your profile. Be guarded about who you let join your network.
  • Be on your guard against phishing scams, including fake friend requests and posts from individuals or companies inviting you to visit other pages or sites.
  • If you do get caught up in a scam, make sure you remove any corresponding likes and app permissions from your account.
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

For more information

For more advice on using social networking sites safely, visit the ThinkuKnow site.

Or visit the social networking sites’ own online safety pages:







Auction Sites

Auction Sites

Online auction sites are a highly popular way of buying and selling both new and second hand goods. There are, however, risks associated with using auction sites – some of which are different from normal online shopping.  Therefore you need to take care with what you are buying and from whom, who you are selling to, and how you pay for your purchases or get paid for items you are selling.

20131029 online-shopping image

Get started…

  • Choose reputable sellers and buyers.
  • When selling, ensure that payment has been received before you despatch the goods.
  • Ensure the payment website is authentic and secure before entering payment details.

The Risks

  • Bogus stores/shops – fake websites and email offers for goods and services that do not exist.
  • Receiving goods which do not match the advertiser’s description.
  • Not receiving goods which you have paid for.
  • Not receiving payment for goods which you have despatched.
  • Being persuaded into selling early or at a low price. The best bids usually come towards the end of the auction period.
  • Having your auction identity stolen and used fraudulently.
  • Having your personal/financial information stolen and used fraudulently.
  • Phishing emails, appearing to be from a auction or online payment sites but actually from criminals trying to lure you to a fake website to get your personal information such as login details for your online payment account.

Use Online Auctions Safely

  • If you are new to online auctions, take the time to read the online guides provided by the auction company so you understand how the system works and what the rules are.
  • Understand what the auction company can do (and won’t do) if something goes wrong.
  • Use a login name for the auction site that is different from your email address.
  • Keep your contact information including email address, up to date.
  • Look into the seller or buyer – whether a private individual or online store. Look at their profile, their rating and transaction history. New sellers and buyers may not have a very comprehensive history, so be a little more cautious.
  • If the seller is a business, check their real-world existence. If they provide a phone number or address, give them a call. Sellers outside the UK may be harder to chase in the event of a problem.
  • Check online stores’ privacy and returns policies.
  • Be clear about shipping and delivery costs (for example, whether or not they are included and if not, if they are clearly stated).
  • Be clear about methods of payment and whether any of these incur a surcharge.
  • Provide only the minimum necessary personal information to sellers and buyers, such as your address for collection or despatch purposes.
  • Double check all details of your purchase before confirming payment.
  • Check that notifications of communications between yourself and your buyer or seller are not being blocked by spam filters, by regularly checking your spam folder.
  • Do not fall for requests to close auctions early.
  • Always make sure you have received payment before despatching goods.
  • When making a payment to an individual, never transfer the money directly into their bank account but use a secure payment site such as PayPal, where money is transferred between two electronic accounts.

And always remember…

  • Use strong passwords. Never reveal your auction or online payment passwords to anybody.
  • If you think that your auction or online payment account has been compromised, take action immediately. Check the site’s online help page.
  • Be wary about clicking on links provided in unsolicited emails. For example, it is better to enter your bank’s website address into your browser directly, or use a bookmark that you created using the correct address.
  • If you pay by payment card, remember that a credit card offers greater protection than with other methods in terms of fraud, guarantees and non-delivery.
  • When paying either by online payment service or payment card, ensure that the link is secure, in three ways:
    • There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself … this will probably indicate a fraudulent site.
    • The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.
    • If using the latest version of your browser, the address bar or the name of the site owner will turn green.
  • Always log out of sites into which you have logged in or registered details. Simply closing your browser is not enough to ensure privacy.
  • Keep receipts.
  • Check credit card and bank statements carefully after shopping to ensure that the correct amount has been debited, and also that no fraud has taken place as a result of the transaction.
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

More Information

eBay’s online security and protection information.

eBay’s advice on safe buying.

eBay’s advice on safe selling.

Identity Fraud – Don’t Let It Be You

Identity fraud – don’t let it be you

20131029 Identity Fraud logo

As part of an annual awareness campaign, organisations from the public and private sector are urging people and their families to be aware of identity fraud [1 October 2013]

New research reveals that 68% of adults will actively take steps to protect their spouse or partner from identify fraud, making sure personal information about them both online or in paper form is kept safe. However less than half (49%) take steps to protect their children. The impact of identity fraud can be immediate financial loss and a negative credit rating – which in some cases can take a long time to resolve. And that’s only after the fraud has been detected which, for some groups of society, such as the older generations, may not occur for some time. This can extend to other members of a family if they have joint finances and are living at the same address.

Identity fraud – don’t let it be you

Consider who still uses the family “home” address

Neil Munroe, External Affairs Director of Equifax and a spokesperson for the campaign, explains the risks further: “Every adult member of a family is at risk from ID Fraud. It’s important that head of households take action to protect their wider family, not just themselves, but their partner or spouse, adult children and parents and grandparents too. “And taking precautions against personal identity fraud shouldn’t just focus on those living in your house right now. Head of households need to think carefully about who in their family still uses the ‘home’ address. For example, young adults who may have just moved out to go to work or university, siblings sharing a property and parents and even grandparents who used to live there or have stayed there for any period of time and still use the address as their main residence.”

Impact of ID fraud when applying for credit

Credit information for family members with shared financial agreements will be linked by lenders when looking at new credit applications. If one member of a family has been victim to identity fraud and their credit history has been affected as a result, this could affect other members of the family too if they already have joint financial agreements. Young people are at a higher risk of identity fraud. This is because the 18 to 24 year olds are more likely to live in shared accommodation, like halls of residence, shared houses and flats with communal postal areas which are more vulnerable to opportunistic fraudsters.

Keep your identity safe with some simple tips:

  • Always check all financial statements against receipts.
  • Continuously monitor your credit status.
  • Be careful about what information you share on social networking sites, and check your privacy settings.
  • Subscribe to an alerts service to indicate when a financial product is applied for in your name.
  • Protect all your mobile devices with passwords and regularly change passwords often.
  • Install online security software, including devices such as tablets and mobiles.
  • Shred all documents that contain sensitive information using a cross-cut shredder before throwing them away.
  • Look into any mail that does not arrive when you are expecting it.

Supporting partners of this awareness activity include, Action Fraud, CIFAS – The UK’s Fraud Prevention Service, Equifax , Norton by Symantec, Get Safe Online and Fellowes.
For further information on the research visit the Don’t let it be you website.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.