TOS
Handles.org
Handles Scam Communications Policy
Handles Group Ltd
Scam & Fraudulent Communications Policy
Effective Date: 29/05/2025
Version: 1.0
This Scam & Fraudulent Communications Policy ("Policy") sets out the measures adopted by Handles Group Ltd ("**Handles," "we," "our") to protect our customers, employees and brand from phishing, spoofing, social‑engineering and other scam communications.
1. Purpose
Safeguard confidential information, credentials and payment data.
Ensure all official communications from Handles are easily identifiable and verifiable.
Provide clear channels for reporting suspected scams.
Define responsibilities and response procedures in compliance with UK Fraud Act 2006, Computer Misuse Act 1990, and UK GDPR Art. 32 (security).
2. Scope
This Policy applies to:
External contacts – customers, prospects, partners, suppliers.
Internal users – employees, contractors and authorised agents.
All communication media: email, SMS, phone calls, social media, instant messaging, physical letters.
3. Definitions
Term | Meaning |
|---|---|
Phishing | Deceptive attempt to obtain sensitive data by impersonating Handles or a trusted entity. |
Spoofing | Forging sender address, caller ID or domain to appear as if from Handles. |
Business Email Compromise (BEC) | Targeted fraud where attacker poses as senior executive to request payments or data. |
Social Engineering | Manipulating individuals into divulging confidential information or performing actions. |
4. Official Communication Channels
Channel | Official Identifiers | Security Controls |
|---|---|---|
| SPF, DKIM & DMARC policy set to | |
Support Ticket | dashboard handles.org or | SSO login required. |
Telephone | +44 (0)1202 158990 | Caller verification questions. |
Live Chat | Intercom widget inside authenticated dashboard | 2‑factor agent login. |
Social Media | Verified account “@Handles” on LinkedIn/X | Account verification badge displayed. |
Any message claiming to be from Handles that originates outside these channels should be treated as suspicious.
5. Customer Verification Checklist
Before acting on a message purporting to be from Handles, customers should:
Check the sender’s domain – must end in
@handles.org.Hover over links – confirm they resolve to
*.handles.org.Confirm secure connection – browser shows HTTPS padlock and valid TLS certificate.
Validate via dashboard – log in to your Workspace to verify any payment or security notices.
Call back – use the phone number on our website, not one provided in an email, to verify urgent requests.
6. Reporting Suspected Scams
Email: Forward the entire message as an attachment to
spoof@handles.org.In‑app: Click “Report phishing” in the message dropdown.
Phone/SMS: Notify us at +44 (0)1202 158990 or via dashboard chat.
We acknowledge receipt within one UK business day and will update the reporter when the investigation concludes.
7. Handles Response Procedure
Triage & Classification – Security team reviews the report, assigns severity.
Containment – Block malicious senders, URLs and IPs at gateway and within email security cloud.
Investigation – Analyse headers, payloads, and logs. Coordinate with hosting or telecom providers to takedown fraudulent domains/numbers.
Notification – If personal data is breached, the Data Protection Officer (DPO) follows the Incident Response Plan and UK GDPR reporting timelines.
Remediation & Lessons Learned – Update security controls, run targeted awareness messages, document in post‑incident report.
8. Employee Responsibilities
Complete annual security‑awareness and anti‑phishing training (mandatory).
Use Handles‑issued email accounts only for business.
Verify payment‑change or wire‑transfer requests via an established out‑of‑band method.
Report any suspicious communications immediately – do not click links or open attachments.
Apply privacy screens and lock workstations when unattended to prevent shoulder‑surfing.
Failure to comply may result in disciplinary action under the Employee Handbook.
9. Technical Controls
Advanced email security gateway with sandboxing and URL rewriting.
Domain‑based Message Authentication Reporting and Conformance (DMARC) enforced with monitoring of RUA/RUF reports.
Multi‑factor authentication (MFA) on all admin and support tools.
Real‑time SMS/voice filtering using telecom fraud‑detection APIs.
Regular phishing‑simulation campaigns with target click‑rate < 5 %.
10. Record‑Keeping & Metrics
Handles tracks:
Number of scam reports per quarter.
Mean time to respond (MTTR) to a reported scam.
Phishing‑simulation failure rate.
Successful takedowns of spoof domains or numbers.
Metrics are reviewed monthly by the Security Steering Committee.
11. Policy Review
This Policy is reviewed annually or after any material security incident. Updates require approval by the CTO and DPO. The current version is published at https://handles.org/policies/scam‑communications.
12. Contact
Security Team
Handles Group Ltd
Suite 5 Manor House, 1 Macauley Road, Broadstone, BH18 8AS, UK
Email: security@handles.org
© Handles Group Ltd 2025
Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.
Written by
Handles Team
Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.
Written by
Handles Team
Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.
Written by
Handles Team
Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.
Written by
Handles Team
