“SMiShing” – Mobile Phone Scams supported by EE?

SMiShing (SMS phishing) is a type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone.



I have been receiving regular text messages for some time now, saying “You subscribed to Clicnscore for £4.50 per week from ClicNScores until you text STOP” – bad English I know. I had another message from “Loaded Mobi”- “You can access the games portal here” followed by a link.

Thinking both were merely “SMiShing, I clicked on neither STOP nor the link. Unfortunately our phone bills go straight to our Accountant, but I had cause lately to query a bill I thought was high. It turns out both of these companies have been regularly paid through my EE account.

EE informed me it was not there responsibility & gave me text links to cancel subscriptions & phone numbers to complain & ask for a refund. Both numbers are automated, ClicnScore gives you a message “there are no charges to your phone” – then cuts you off, Loaded Mobi puts you in a call queue then cuts you off.

I have since searched these 2 companies on the internet, they have been investigated on Watchdog, reported on BBC, The Express & Mail Newspapers. The Sun Newspaper first reported this back in the 19th of May 2016.

EE say while they are aware, had so many complaints & have investigated, they still have no responsibility as you have the option to block all payments from your account. Shouldn’t EE be at least protecting our accounts against such well publicised Common Scams? It would be so simple for EE to set up authentication, so why not take responsibility for Customer Data & Accounts – have they a vested interest?

Perhaps merits an ICO investigation? I’ll certainly report!

“SEXTORTION” – I Have Been Hacked!

Imagine my surprise when I received an email in my Inbox containing my password in the Subject line – “ Your Password is xxxxxxxxx”!

The email goes on to say that you have been watching Porn, they have filmed you, have all your contacts & will distribute if you don’t pay a Bitcoin Ransom. Luckily I don’t have a penchant for pornography & never visit dodgy sites on any of my devices, so immediately recognised the Scam & reported to Action Fraud.



I was still left with a sick feeling in my stomach at the intrusion, the nature of the email & more importantly that somebody had stolen one of my passwords. On consideration the email & password combination had only existed on a Google Account that I had since changed many times.

A few weeks ago I made a Linkedin Post on the importance of password selection – number & type of characters etc. This however has led me to focus on something that lacked from that post – the number of your Passwords, variance & the frequency you change your passwords? My password was stolen some time ago but has only just been used, so you may have to assume that all of your passwords have been stolen unless you really know otherwise?? To mitigate this I would suggest –

• Have multiple but varying Passwords

• Change your Passwords frequently

• Use 2 Step or Multi-Factor Authentication

Remember if you only have a one Password fits all policy – they will steal from the weakest account & use it to access all of your accounts!

Controversial but……If you have so many complex passwords & feel you have to write them on a piece of paper & store safely, what is the chance someone will break into your house or office looking for Passwords, or steal your purse/wallet in order to obtain passwords rather than Cash or Credit Cards – just don’t keep the 2 together ????. Besides Passwords can be changed quicker than you can cancel Credit Cards & we wouldn’t be without them. I am a systems rather than an IT Tech person, so seek out good advise….

Stay Safe People

Full Article on This Scam

QM.UK Delivering ISO Standards Since 2001

QMUK 17yrs Today – Growing Business by Growing Businesses! & thanks to all the businesses we have worked & grown with over the last 17 years –

Orion (Computer Consumables Distributor) who we guided through ISO 9001 & 14001 in 2004, bought in 2005 by Westcoast

Wstore (IT Reseller) who we guided through ISO 9001 & 14001 in 2009 – bought by Misco/Symantex in 2009 who we also helped through ISO 14001 in the same year

Optevia (Microsoft Cloud based CRM Systems) who we guided through ISO 9001 & 27001 in 2014 – bought by IBM Global Business Services Division 2016

Blue Chip (Managed IT Services & Cloud Hosting) who we guided through ISO 9001 & 27001 in 2014 – bought out by GCI in 2017 who we also helped through ISO 9001, 27001 & 14001 in 2013

EPS Research (Clinical Data Analysis) who we guided through ISO 9001 & 27001 in 2014 also – bought out by IQVIA in 2017

Current Clients: MLL Telecom Grown from 55 to 130 staff in just over 2 years, CTS (Combined Tech Serv) Grown 30% in 2 years, Wilkinson Eyre Grown 50%, secured Battersea Power St Project and with the challenges of GDPR The Telecom Marketing Company continue to grow & prosper….

Find out how we can work with you & help YOUR business Grow

How Do You PROVE Your Product or Service Claims?

Many companies make bold marketing claims that are hard to prove & often unsubstantiated, so go largely unbelieved.



So Keep it Simple: Say It – Do it – Prove It!

In purchasing your product or Service with the exception of cost, what elements are most important to your Customer?

Quality of Product or Service?

When customers find a product or service they trust, they return, make repeat purchases, and recommend the product or service to others. Develop a Mgt System with processes that consistently deliver on time & at minimum, to your customer’s requirements. Then Independently certify your Claims – ISO 9001 Certification

Security of Their Information & Privacy?

Without the proper checks and balances in place to safeguard customer data, things can go sideways very quickly. Develop a Mgt System that risk assesses all information you hold ensuring you fully implement the controls required to effectively protect both their & your own information, then inspire customer confidence by Independently Certifying – ISO 27001 Certification

The Potential Health & Safety Impact of Your Operations:

Health and safety is an integral part of any and every business as it ensures that the well-being of employees, customers and visitors is protected. Alleviate potential customer concerns over the Safety of your operations, products or services by having your H&S Systems certified – ISO 45001 Certification – (replacing OHSAS 18001)

Your Possible Impact on the Environment or Their Environmental Profile:

Many companies place great importance on their Environmental profile. A Unilever study reveals a third of consumers are now buying from brands based on their social and environmental impact. Good practice can attract new customers Demonstrate you take your potential environmental impacts seriously by certifying to a recognised Environmental Standard – ISO 14001 Certification

Wear the badges with pride – #iso9001 #iso27001 #iso45001 #iso14001

Say It – Do it……….. PROVE IT!

GDPR for the 25th May, ISO 27001 for Life?

With the many GDPR offerings & associated fear mongering out there, businesses would be forgiven for forgetting there has always been a legal requirement on the use and protection of Personal Data – The Data Protection Act. In fact, the ICO (Information Commissioner’s Office) has been tracking down & levying fines on many shady companies that have abused personal data for many years. Nobody is above the law, even Humberside Police have been fined £140 000 & the Royal Mail Group £12 000:

5th April 2018 – Humberside Police has been fined £130,000 by the Information Commissioner’s Office after disks containing a video interview of an alleged rape victim went missing.

6th April 2008 Royal Mail Group Limited has been fined £12,000 by the Information Commissioner’s Office after sending more than 300,000 nuisance emails. On two dates in July 2017, the company sent emails to 327,014 people who had already opted out of receiving direct marketing.

ICO Actions Taken

The introduction of GDPR while protecting individuals & clarifying the requirements for business in my opinion has best served to re-focus on the need to protect information, but don’t lose focus – While the loss or mishandling of Personal Information can lead to one of the above fines, the careless handling of Business-Critical Information could affect the loss of your business.

Long term I would recommend you incorporate all of your business in an Information Security Management System. Information Security isn’t just for the 25th May it is for the whole year and your entire Business. Use ISO 27001 guidance to set up an Information Security System that protects your whole business & ISO 27001 Certification to demonstrate Due Diligence & give potential customers that warm cosy feeling –

FURTHER INFORMATION

Don’t Pay The Cost of Data Loss….

Key to Carphone Warehouse being fined £400,000 for placing customer and employee data at risk was the inability to demonstrate Due Diligence –

“The law says it is the company’s responsibility to protect customer and employee personal information. “There will always be attempts to breach organization’s systems and cyber-attacks are becoming more frequent as adversaries become more determined. “But companies and public bodies need to take serious steps to protect systems, and most importantly, customers and employees.” – Information Commissioner’s Office

Use the guidance of ISO 27001 to appraise your company & use subsequent Certification to demonstrate your Due Diligence

The European Union’s General Data Protection Regulation (GDPR) is a new law which will apply in the UK from 25 May 2018 & outlines further responsibilities & liabilities for handling information.

Don’t leave yourself vulnerable – HELP & GUIDANCE

Charities, Data Breaches, Financial Losses & ISO 27001

Many often miss the major advantage of being certified to a standard & are unaware how they can prevent financial loss:

BBC Report –

Two charities have been fined over data protection breaches after secretly screening donors so they could be targeted for more money. The Information Commissioner imposed penalties of £25,000 on the RSPCA and £18,000 on the British Heart Foundation over the so-called “wealth screening”. The charities also traded personal details with other charities, the commissioner’s office found. The RSPCA questioned the ICO findings while the BHF said it might appeal. As well as “wealth screening”, the charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources, and traded personal details with other charities “creating a massive pool of donor data for sale”, the ICO said. Information Commissioner Elizabeth Denham said donors had not been informed of the charity’s practices, and were therefore unable to consent or object to them. She also suggested other charities could also be engaged in similar activities. “The millions of people who give their time and money to benefit good causes will be saddened to learn that their generosity wasn’t enough,” Ms Denham added.

The above could have been prevented if the organizations were ISO 27001 registered. Organisations’ registered to the standard are re-audited at least annually – If your Certification Body discovers a breach of security or legislation they will raise a Non Conformance against you. This is merely a piece of paper you will have to address within a given timescale to maintain your Certification – there is no financial impact.

If the ICO discover a breach of security or legislation the tale is different. While the above fines don’t appear excessive, the financial impact of this publicity could be enormous & far reaching.

Similarly a breach in your ISO 14001 Environmental Certification leads to a piece of paper that guides you back to compliance & possibly avoids an environmental incident. A run-in with the Environmental Agency could cost you tens of thousands.

A breach in your OHSAS 18001 Health & Safety Certification leads to a similar piece of paper that guides you back to compliance & possibly avoids an accident or damage to Human Health. A run-in with the Department of Health & Safety could land you in prison.

We do not like to sell standards into businesses based on a fear factor, but apart from improving your organization & giving access to new work, you should also consider the assurance factor that Certification can deliver.

grant@qmuk.co.uk

Evaluate if ISO 9001 or ISO 27001 will Profit Your Business

It is essential you make an informed decision on whether ISO 9001, ISO 27001 or any of the other standards will help or profit your company before embarking on the Certification process, particularly small businesses that may invest time and money but gain no resulting benefit or return on investment.

The 2 main reasons for seeking ISO Certifications are simple – Business Improvement or access to New Business. You should consider the reasons for pursuing Certification below prior to any decision –

Business Improvement

• Your business is expanding but you feel your processes and systems may not be robust enough to cope

• Your business processes have been static for many years and you want a tool to drive improvements

• There is obvious scope for rationalising processes & increasing efficiency and profitability

• You fear your IT Systems & operations may not be secure enough to protect your business & the critical information it holds (ISO 27001)

Access to New Business

• Your business is growing and the competitors you wish to compete with hold Certifications

• You wish to access Public Sector work or Frameworks

• Certification requirements are more frequently appearing on tenders

• Potential or current customers are asking if you have Certifications

• You are a new or small business and want to verify your credentials with Certification to compete with more established companies

• You fear the effect of Brexit and want to maintain the maximum competitive edge

Look at the processes of achieving certification considering the costs and man-hours involved. We would obviously advise consultancy help, as although this has a cost attached, it will greatly reduce the number of in-house hours consumed by personnel inexperienced in the certification process. Obtain more than one consultancy quote and ensure you determine the cost of internal man-hours in addition to the consultancy fees.

On establishing the ultimate cost, consider if it will produce a return on your investment. For the smaller businesses or new starts it is worth speaking to potential customers & directly asking – will Certification improve our chances of doing new business?

Get a free & brief initial review & honest quote from us that will include our costs, UKAS Certification Fees & the estimated man-hours your people will have to invest, and then GO COMPARE……

Quotes by email correspondence – no Sales Pitches ENQUIRIES

brexIT and ISO

How will business uncertainty impact the desire for companies to achieve ISO 9001, ISO 27001 OR ISO 14001 Certification?

During the recent economic recession we saw a surge in demand for ISO Certification, which slowed as businesses entered positive growth. I believe in a recession businesses look for anything that can give them a competitive edge, while in “Boom Times” there is no immediate requirement or desire & everybody is “too busy” in any case. During a recession there is often a need to analyse processes, rationalise & improve – the route to ISO 9001 Certification is a good tool for this & ticks a positive box on tenders.

Those putting work out to tender can also afford to be more demanding during a recession, insisting on multiple certifications as more & more companies fight for their business.

Regardless of economy IT companies have in particular driven a demand for ISO 27001 Certification, as the World and his Dog have become increasingly focussed on Information Security. We expect this to continue.

Entering a period of uncertainty as we now are, companies tend to rein in cash spend while they await more predictable outcomes. I expect the most cautious will put spending for ISO projects on hold for a time, while the more proactive will invest in systems & certification that will ensure they remain Robust & Competitive in uncertain times.

For certain Buyers will become more demanding & increasingly insist on Certifications to give some assurance as to quality of goods or services & information security.

Grant McCormick

What is the Financial Impact of ISO?

From our experience businesses pursuing ISO 9001, ISO 27001, ISO 14001 or OHSAS 18001 do it for one of 3 reasons:

• To fulfil tender or customer requirements and win new work

• To drive Business or Process improvement

• Both of the above

I would guestimate from our experience 20% of businesses pursue certification to solely fulfil tender or customer requirements and win new work.

A similar percentage would use their certification project to focus mainly on driving Business or Process improvement.

The bulk of businesses want the certification to win new work but engage with the process of attaining certification, to benefit from both Business & process improvements.

For any Business considering implementing the standards we would always ask that they consider Return on Investment. Firstly obtain a costing for the certification route you think could best help you improve in your operations & best serve a positive outcome in gaining your chosen certification. See previous post for various methods of attaining certification.

The main financial benefit will be the additional tenders it qualifies you for & the extra work it may bring in – ask your potential clients if it could give you a more favourable outcome when bidding for work. Benefits outside of this most obvious financial reward are normally found in the project phase & can be –

ISO 9001 Project Phase

• Enables you to examine your current operating processes & identify areas for improvement

• Pushes you to rationalise & define systematic processes that ensures all are “singing off the same hymn sheet” within the business

• Clearly defined business processes support company growth “before things get out of control”

ISO 27001 Project Phase

• Ensures you identify all information stored within the company & it’s importance to your business

• Systematically guides you through risk assessing the threats & vulnerabilities to the information you hold

• Ensures you put in adequate controls to protect your information and ultimately your business

ISO 14001 Project Phase

• Identifies any aspect of your business that can impact the environment

• Makes you evaluate the impacts your business could have on the environment & identifies the controls needed to reduce the likelihood or prevent such impacts

• Ensures an awareness of Environmental Legislation & avoids any unnecessary & “crippling” fines

OHSAS 18001 Project Phase

• Identifies any Hazards within your business that could impact Human Health or cause Accidents

• Makes you evaluate the Risks associated with these Hazards & identifies the controls needed to reduce the likelihood of accidents or affects on Human Health

• Ensures an awareness of Health and Safety Legislation, avoids any unnecessary “crippling” fines & most importantly protects both your employees and anybody else who can be affected by your work

These are just a few bullet points on some of the ways certification can help your business, there are many more. So if you want any further info just get in touch.

grant@qmuk.co.uk