News Old

Most employers will conduct pre-employment checks on people who are applying to work with their company. The process varies but will almost certainly include a right to work check, along with checks into everything from social media use to credit checking. There aren’t many rules and laws around pre-employment checks, but one generally accepted policy is to get consent from candidates and be clear about what you are checking.

Right to Work Checks

The one exception to getting consent is for Right to Work Checks. This is a government requirement, aimed at stopping illegal workers finding jobs in the UK. Employers who are caught with people working for them who are either not in the UK legally, or who have no right to work here, can be fined up to £20k per worker, or face time in prison. So, every employer in the UK should be asking candidates to bring something with them to interview which proves their nationality or right to work in the UK, such as passport or birth certificate. This isn’t an optional check, and the employer doesn’t have to seek permission for it as they are just complying with their legal requirements.

Pre-Employment Checks – Disclosure

Disclosure checks are also a legal requirement for some jobs, but not all. It’s fairly easy to find out whether the role you are considering will require a DBS check, and if so, at which level. It’s standard practice to state in job advertisements whether a role requires a DBS check, or not. If the role does require a DBS check, then you won’t be able to opt out of this, and your employer will usually ask you to fill the form in as soon as they make a job offer.

Other Pre-Employment Checks

Depending on the role and the company, there may be lots of other checks which an employer chooses to carry out. These might include using an external organisation to fact check a CV, running a credit check, or looking through a candidate’s social media feed. The range of checks an employer will run often depends on the seniority of the position. An entry level position might just involve checking references and a Right to Work Check, whereas a higher-level managerial job will require more in-depth checking. Employers are free to carry out whatever checks they feel are appropriate but it’s good practice, and common courtesy, to get consent from applicants first.

Many employers choose to work with an external company to run pre-employment checks, and these organisations generally have a standard form explaining what checks will be carried out, how out to candidates along with the job offer, with a covering letter making it clear how the results of the checks will affect any job offer. If you are conducting the pre-employment checking in-house, there are template letters which can be downloaded and customised. Just make sure you run any letter past the legal team before sending out.

It’s a buyers’ market when it comes to job hunting at the moment, with dozens – or even hundreds – of people applying for each vacancy, how do you weed out the people who are worth employing from the ones who don’t make the grade? Recruitment is expensive and time-consuming, and making the wrong decision can leave you with other members of staff trying to cover work and being faced with starting the recruitment process all over again. One of the key checks that any employer can do on the people they are hiring is checking references. But what is the most effective way to do this?

When to Check References

There is no right time to check an applicant’s references in the recruitment process. If the role you are trying to fill is high profile or involves a long recruitment process with interviews and assessments, you don’t want to get to the end of the entire process and discover that there is an issue with references. On the other hand, it’s pointless tying up staff time in checking references for dozens of people applying for an entry-level admin position. Most employers take a middle ground and take up references after the first round of interviews, when they are down to the final one or two candidates. It’s good practice to wait until you have made a job offer before contacting current employers, but that doesn’t mean you can’t get started on chasing up previous employers or character references.

Written References

Many employers have a standard format for issuing written references which just show the dates of someone’s employment, and their job title. These are often known as “tombstone references”. Employers wish to stick to purely factual references, often to avoid conflicts with previous employees who dispute any opinions given. Character references provided by a family member or friend are also pointless – nobody’s going to give their sister or best friend a bad reference. Similarly, beware of references which are provided by someone on a generic email address such as Gmail or Hotmail. How do you really know that it’s a previous employer who is sending you emails, and not the candidate themselves?

Pick Up the Phone

Often, a better way of getting a real flavour of how someone performed in their previous jobs is to contact an employer directly. People are more likely to speak openly than commit their thoughts to paper or email. Always start the conversation by assuring them that any comments will be treated in confidence. Try to ask open questions; for example, ask a previous employer to talk about a candidate’s role, rather than asking them to confirm in a yes or no answer what the candidate has told you. Previous or current employers are unlikely to want to dish the dirt on a candidate, but it’s a good tactic to ask about reasons for leaving a position, or relationships with co-workers. What a previous employer doesn’t say is sometimes just as important as what they do say, so learn to read between the lines.

Employers are increasingly demanding proof of academic qualifications for the people they hire. Most jobs will now specify a minimum of GCSE qualifications in English and Maths, and for higher level positions there may be a requirement for a specific degree or qualification. But with some surveys suggesting as many as 85% of people lie on their CVs, how can you check that someone really has the qualifications which they are claiming?

Asking for Certificates

One of the easiest ways of verifying that candidates have the qualifications they are claiming is to ask to see originals of exam pass certificates. For younger candidates who have only recently sat exams, this shouldn’t be an issue. But people move house, lose their certificates, or get married and have certificates in a name which doesn’t match their current name. If you decide to have a policy of only employing if you can see original certificates, then state this clearly upfront as candidates may need time to get copies of certificates issued from the exam board or their Higher Education institution. Only ask to see the certificates which are strictly needed – if someone has a degree, do you really need to see their A-level and GCSE passes too?

Foreign Qualifications

Many applicants will have been educated overseas or gone to university abroad. Employers shouldn’t automatically assume that standards overseas are lower as often they are not. However, it does put in an extra layer of difficulty when screeners or employers are not familiar with the institutions or qualifications. If someone is claiming a degree or diploma, nearly all colleges and universities overseas will have some sort of internet presence. Google can often quickly reveal if an institution is genuine or not, and translation software can help you compose a brief email asking for confirmation of study. One thing to be aware of though is that forged certificates and degrees can be bought cheaply, for as little as £20 in some areas of the world. Always conduct due diligence if having a degree is critical to someone’s success.

HEDD – Higher Education Fraud Protection

If you have a candidate who is claiming to have done a degree, HND or HNC in the UK, then rather than asking them to show their degree certificate, employers can check with the HEDD site. There is a cost for checking through HEDD, but with starting prices of £12, it’s a price worth paying to avoid the hassle and expense of getting rid of an unsuitable employee. HEDD will confirm the place of study for any current or past student, tell you the course they were on, give you their final grade, and confirm their dates of attendance. Most universities in the UK are included in the scheme, and there is no fee for checking on the website. Candidates can’t use HEDD to check their own qualifications, it’s purely for employers. Candidates can instead contact their place of education and ask for academic transcriptions, or for a copy degree certificate to be sent out.

Like its namesake from ancient Greek history, a Trojan Horse presents itself in a harmless form, lulling its victims into a sense of false security.

The original malware miscreant, it is a decoy, ushering in malicious software that can often go undetected.

Do Trojan Horses attack personal computers?

As long as you have information that is of interest to the cybercriminal, you are at risk of coming under an attack. This information could be passwords to your online bank account or your PayPal account, for example. Remember, this Trojan Horse is out there doing the same thing to millions of other personal computer users, making this one of the most lucrative cybercrimes.

Trojans survive by escaping detection, sitting silently in your system garnering information and setting up holes in your security.

What does a Trojan Horse do?

• Spies. They are designed to lurk behind the scenes waiting until you access your online bank accounts or pay for online using your debit or credit card. It will then send your passwords and other relevant data to its master.
• Creates backdoors. It often arrives on your cyber doorstep and compromises your system’s security so that other hackers or malware operators can enter.
• Zombifies. Sometimes the cybercriminal is not interested in you at all. It just wants to act as a parasite and turn your device into a slave in a network that they have under their control.

Is it only computers that are at risk?

Unfortunately, mobile telephones are also under attack from Trojans. The most common method is making your mobile send costly text messages to premium numbers. This is something which is totally out of your control and quite unlike the other way cyber crooks dupe us into making expensive calls to numbers that they own.

Here is a Trojan Horse check list:

Installed programmes

Go to the add/remove feature on your PC or Finder Feature on your Mac to see if there are programmes you don’t recognise. If so, it means you have a Trojan Horse or a legitimate download added a programme behind your back. Either way, it is good to remove it.

Start Up Software

Not all Trojan Horses will be in the add/remove program list. For a more comprehensive list on Windows, for example, hold the windows key and press R to bring up the run menu. From that menu, type “regedit” and click enter. It will show you all the software installed. If you aren’t sure of some of the software that pops up, then do a search for them online to see if they are the real deal or not. If not, delete them.

Performance

If your computer is running slowly, use the Ctrl-Alt-Del command to pull up your task manager. Click on the processes tab to see what programmes are using up your memory. If you notice a programme you don’t recognise search its name online to see if it is a Trojan Horse.

Invest in an antivirus

This should be something you invested in from the get-go, but if not, then you should waste no time in investing in a strong reliable antivirus. This precaution is the best way to identify malware.

Stealing your personal details to gain access to your well-earned money is a crime that has gained sophistication rapidly in recent times helped along with the advent of online activity.

Just when we were getting wise to dumpster diving, shoulder surfing and skimming, we are now faced with a new onslaught, exclusive to the internet.

The internet is fast becoming a virtual high street, where we do our banking, pay our utility bills, shop for groceries and other goods and re-negotiate contracts. This is an ideal breeding ground for cyber highwaymen, who are developing methods all the time to carry out their dastardly deeds.

Insecure Websites

Shopping online is what we are doing more and more of these days, increasing the chances of a cyber crook intercepting your personal information. Make sure that the website you use is secure, checking that the URL starts with https. Most websites will have a padlock in the far-left corner of the URL box, so keep an eye out for it. If you are warned that you are about to access a website that is not secure, pay heed to this and rather opt for one that you know is going to be safe.

Email scams

Otherwise known as phishing this scam is one in which a cybercriminal will pretend to representation an existing organisation or company. The email will prompt you to enter personal information such as your bank account, credit card or debit card details, your date of birth, NI number and physical address. Once they have this information in their possession it will not be long before you will be alerted to the fact that your personal data has been compromised.

Beware of any email that requests too much data and don’t click on links or open attachments that come from a suspicious source. For a high level of protection from phishing reputable antivirus software packages are well worth investing in.

Hacking

Tech-savvy cybercriminals can hack into a wide range of computer systems from banks to government organisations. As soon as a bank or an organisation that you deal with has a security breach you will be notified immediately. Check that this information comes from a reliable source and if you feel your data has been compromised put a block on your account.

This illegal activity is not just aimed at the big guys these days though, as more and more of us find ourselves falling victim to home-hub hackers. Through fake pop up alerts, for example, hackers can gain access to your computer and the more sophisticated will install a Trojan Horse, which will work in the background gathering up all your personal data and delivering it to the cybercrime ring.

Pretexting

This is one of the sneakiest ways cyber thieves can use to steal your identity in that it is multi-layered in its approach. Firstly, they are able to retrieve enough information about you to call your bank pretending to be you. This way they can complete the crime by transferring your money from your account to theirs. Lately, however, banks have become wise to this and have upped the level of security questions in their telephonic communications with their account holders.

Identity theft is when your personal details are stolen and to be used in illicit dealings such as accessing your funds, applying for credit in your name and ordering goods online using your card details.

Going through your rubbish, known as “dumpster diving” is old hat because these days criminals don’t have to get their hands dirty to steal your personal data. With a few confidence-trickster techniques they use the internet to commit card-not-present fraud. Worse still, they can empty your bank account in seconds.

Identity theft explained

This is the use of someone else’s identity to procure services or goods by deception. You might only realise that your identity has been stolen for the first time when you start receiving letters from debt collectors for debts you didn’t incur. Hopefully, you receive a bill or invoice first for something you haven’t ordered, so that it doesn’t reach the bailiff stage.

What cybercriminals can do

Once they have access to your personal details such as full name, address, NI number and, in some cases, your passwords they can:

• open a bank account in your name
• apply for credit card
• take out pay-day loans
• put in for state benefits loans
• order goods online using your name and money
• take over your existing accounts
• take out a mobile phone contract
• procure hard copy documents such as a passport and driving licence

How to avoid online identity theft

There are some easy steps to take to protect yourself against identity fraud:

• Never give your full password, login details or bank account numbers if you receive an unsolicited phone call or email that claims to be your bank. Banks never ask for PIN numbers or a whole security number or password via an email or call.
• Your online passwords should be strong and try not to use the same one for every online facility you use.
• Invest in a password manager. For a relatively small annual fee you can get security alerts to all your devices, secure your passwords, which only you can access and have passwords generated for you.
• Protect the devices you use for the internet with current security software and ensure that you install all the updates and security fixes on your devices such as your computer, tablet or telephone.
• Don’t throw away anything that has your name and address on it and don’t leave your paper bank statements lying around. With this information, the fraudster can go online and apply for loans in your name.
• Buy a shredder. Once you have finished with the relevant paperwork, shred it before disposing of it.
• Tell your bank you want to go paperless and have your banks statements sent online. Remember to create a strong password that only you know to access the statements.
• If you still want to receive your bank and credit card statements in paper form and they don’t arrive, tell your bank or credit card company immediately.
• On social media sites don’t accept invitations from strangers and check that your profiles are private so that you are only sharing your information with people you know.
• Don’t upload photos of your car showing your registration number. Cyber crooks can use this to get your full name and address from DVLA records.

Personal identity theft is viewed as a serious offence and if you are victim to this, you should waste no time in reporting it to the relevant authorities.

This type of theft is when a fraudster, often online offenders nowadays, obtains your personal identity and financial information to make unauthorised transactions on purchases and to remotely remove money from your bank accounts.

If you are a victim of this type of crime you can be left with a damage to your credit and finances. So that cybercriminals don’t target any more unsuspecting victims, waste no time in reporting it.

There are various ways to take action if you know or even suspect private data relating to your identity has been accessed by an unknown source.

Document it

If you suspect that your personal details are being compromised, then document it, including the date it happened and where you think a fraudulent transaction has taken place. If you receive a bill, online or through the post, for a credit card that you don’t own, don’t discard this vital piece of evidence.

Keep track

Not all of us keep a regular check on all our debit and credit card transactions, which makes it easy for personal identity theft to take place. It only takes a few minutes of your day to check that all the transactions that appear on your bank or financial institution cards have been made by you.

Use the fraud line

If you are absolutely sure that fraud has been committed on your account, it is time to act. All banks have a fraud line, and these are open 24 hours a day. This is a good number to save in your contacts even if you haven’t experience fraud on your account. Making it easily accessible is going to relieve the stress when your personal identity details have been compromised.

Freeze it

Once you have contacted your bank to report the fraud, they will freeze the account. There are those of us who dread this procedure because we think we won’t have access to funds. You shouldn’t worry, because banks, especially a bank that has your current account, will provide emergency funds until they are able to unfreeze your account. Your card will be stopped too, and you might have to wait a few days for a new one, although some banks like Barclays and Metro issue new cards at their branches, which you can collect on the same day.

Call 101

If your ID has been stolen, you should contact not only your bank or credit card company, you should report it to your local police on the non-emergency number 101. They will give you a case number, which you can use if you have to make an insurance claim.

Tell Experian

This credit reporting agency has a Victim of Fraud support team to help customers clear up their credit reports once they have been subjected to personal identity fraud .They will help with your dispute on fraudulent information and deal with the lenders direct. Once your information has been confirmed as fraudulent then the lender will remove you from the report.

Falling victim to a “hack attack” is a real danger for those of us who rely heavily on our devices – from smartphones to PCs.

Hacking is a term most of us are all too familiar with, but would we be able to recognise the signs that our devices have been hacked?

If you suspect you are a victim of hacking meaning that your personal identity and finances are in imminent danger, then you will need to know what to look out for.

Hacker isn’t backward coming forward

Some hackers don’t hide behind their virtual screens and will contact you with the bad news that you are their stooge. This could come in the form of an email, through a direct message or via ransomware. The perpetrator can even go as far as providing you with evidence that they have your personal identity in their hands. You will then be expected to pay some sort of ransom, very often in the form of cryptocurrency that is hard to track.

This method is often a ruse, so don’t be fooled at first glance. It could be that they had access to a previous password of yours and provide this as evidence that they can compromise your device.

In for the Kill

If it is for real, then the hacker is likely to go straight for the kill and encrypt your system, holding you ransom until you pay up for them to reverse their dastardly deed. Don’t comply to their demands, as by doing this you will be enabling them to keep you on a string.

Change your password, develop a two-factor authentication, where possible and change all other accounts activated by the same password. Report this internet intimidation to the service provider of the site and log the incident on the police’s Action Fraud website.

So, log into the account in question, change the password and activate two-factor authentication if possible. Also, if any other accounts are using the password you’ve been threatened with, change them immediately. Then forget all about it. Also, never ever give money to these people, it will do nothing to help you and only embolden them.

Log in failure

This is one of the most obvious signs you have been hacked when the procedure you use for accesses an account isn’t working. Don’t abandon the log in on your first attempt and power down your device before trying again.
If this doesn’t work, then you should request a password reset and change it if you can. Once again, activate the two-factor authentication if you can. This gives you a one-off code sent to your email or phone every time you need to access the account.

An email account hack means that you will not be able to access your emails on any of your devices. Hopefully, you have set up backup recovery options such as a secondary email. If not, you need to contact the service provider immediately so that they can suspend your account before verifying your identity.

Malware is a new word created by the tech industry, which describe a certain class of malicious applications that play havoc with our computer systems and mobile devices.

Similar to spyware or adware, malware is a particular type of tool used by cybercriminals to gain access to your computer to make it perform a function that is often aimed at stealing your personal identity.

Protecting our devices and sensitive information against malware attacks is a complex procedure. Going back twenty years, the computer literate could follow pretty simple instructions to delete bots and remove viruses from sub-folders. This has just made the cybercriminals to step up a gear to make advanced malware tools that are becoming harder and harder to detect.

Malware is now designed to hide in seemingly innocent directory folders where they set about creating their own web portals that can devastate your system and even reproduce your data stored in the cloud.

Malware is designed to spread

These viruses will make your PC automatically run through the instructions giving it access to other computers via a network or by attaching to a shared file. Once the infection has set in these file can be corrupted and even erased.

Malware can also attach itself to a device’s processing system much like a parasite.

Browser hijacking malware

These malicious viruses affect the programmes used to access web pages. You can experience browser hijacking in a number of ways:

• You notice your default home page has changed
• Your default search engine has changed without you instructing it to. If your default is Chrome, for example, and suddenly you are redirected to Ask Jeeves, then it is likely that your browser has been burgled.
• There is a sudden appearance of pop-ups
• There is a redirection to web sites unknown to you
• The loading of website pages becomes slower

Adware

The sudden arrival of various kinds of adverts in the form of alerts or pop ups is from the malware family and known as adware. By clicking on these you could be tricked into downloading unwanted programmes or be unaware of the fact that you are bookmarking this or saving it to your favourites.

This type of malware is used to prompt your web browser to display adverts not posted to websites you visit. If your computer has been attacked by malware of this sort. You will be plagued with unwanted pop-ups and alerts whenever you access any website. These will have nothing to do with the subject matter of the site. Adware is not as bad as spyware, but it is still not an ethical practice.

Spyware

Spyware is used to monitor and track your computer activity. Once a pattern has been ascertained your personal information, along with thousand of others, will be sold as a batch of IP address traffic or browser history. Beware, because not only will your files be compromised, images and even webcams can be accessed.

Malicious files

These usually arrive in via your in-box in the form of emails that encourage you to open them. Cyber crooks will lure you in with red flag warnings such as telling you your computer is at risk or emotional, seemingly personal subject matter such as “I am sorry, can you forgive me?”. Opening these can lead to the perpetrators taking over your device.