Handlebot

Find impersonators of your @handle

Radar

Map your social ecosystem

Audit

Bring order to cross-platform chaos

Vault

Keep your handles safe in the vault

Governance

Govern your social policies

Optimise

Learn the basics

Platforms

Different platformS for different needs

Pricing

See our pricing

Articles

Learn more about handles.org

Handlebot

Find impersonators of your @handle

Radar

Map your social ecosystem

Audit

Bring order to cross-platform chaos

Vault

Keep your handles safe in the vault

Governance

Govern your social policies

Optimise

Learn the basics

Platforms

Different platformS for different needs

Pricing

See our pricing

Articles

Learn more about handles.org

TOS

Handles.org

Handles Scam Communications Policy

Handles Group Ltd

Scam & Fraudulent Communications Policy

Effective Date: 29/05/2025
Version: 1.0

This Scam & Fraudulent Communications Policy ("Policy") sets out the measures adopted by Handles Group Ltd ("**Handles," "we," "our") to protect our customers, employees and brand from phishing, spoofing, social‑engineering and other scam communications.

1. Purpose

  • Safeguard confidential information, credentials and payment data.

  • Ensure all official communications from Handles are easily identifiable and verifiable.

  • Provide clear channels for reporting suspected scams.

  • Define responsibilities and response procedures in compliance with UK Fraud Act 2006, Computer Misuse Act 1990, and UK GDPR Art. 32 (security).

2. Scope

This Policy applies to:

  • External contacts – customers, prospects, partners, suppliers.

  • Internal users – employees, contractors and authorised agents.

  • All communication media: email, SMS, phone calls, social media, instant messaging, physical letters.

3. Definitions

Term

Meaning

Phishing

Deceptive attempt to obtain sensitive data by impersonating Handles or a trusted entity.

Spoofing

Forging sender address, caller ID or domain to appear as if from Handles.

Business Email Compromise (BEC)

Targeted fraud where attacker poses as senior executive to request payments or data.

Social Engineering

Manipulating individuals into divulging confidential information or performing actions.

4. Official Communication Channels

Channel

Official Identifiers

Security Controls

Email

@handles.org domains only

SPF, DKIM & DMARC policy set to p=reject.

Support Ticket

dashboard handles.org or support@handles.org

SSO login required.

Telephone

+44 (0)1202 158990

Caller verification questions.

Live Chat

Intercom widget inside authenticated dashboard

2‑factor agent login.

Social Media

Verified account “@Handles” on LinkedIn/X

Account verification badge displayed.

Any message claiming to be from Handles that originates outside these channels should be treated as suspicious.

5. Customer Verification Checklist

Before acting on a message purporting to be from Handles, customers should:

  1. Check the sender’s domain – must end in @handles.org.

  2. Hover over links – confirm they resolve to *.handles.org.

  3. Confirm secure connection – browser shows HTTPS padlock and valid TLS certificate.

  4. Validate via dashboard – log in to your Workspace to verify any payment or security notices.

  5. Call back – use the phone number on our website, not one provided in an email, to verify urgent requests.

6. Reporting Suspected Scams

  • Email: Forward the entire message as an attachment to spoof@handles.org.

  • In‑app: Click “Report phishing” in the message dropdown.

  • Phone/SMS: Notify us at +44 (0)1202 158990 or via dashboard chat.

We acknowledge receipt within one UK business day and will update the reporter when the investigation concludes.

7. Handles Response Procedure

  1. Triage & Classification – Security team reviews the report, assigns severity.

  2. Containment – Block malicious senders, URLs and IPs at gateway and within email security cloud.

  3. Investigation – Analyse headers, payloads, and logs. Coordinate with hosting or telecom providers to takedown fraudulent domains/numbers.

  4. Notification – If personal data is breached, the Data Protection Officer (DPO) follows the Incident Response Plan and UK GDPR reporting timelines.

  5. Remediation & Lessons Learned – Update security controls, run targeted awareness messages, document in post‑incident report.

8. Employee Responsibilities

  • Complete annual security‑awareness and anti‑phishing training (mandatory).

  • Use Handles‑issued email accounts only for business.

  • Verify payment‑change or wire‑transfer requests via an established out‑of‑band method.

  • Report any suspicious communications immediately – do not click links or open attachments.

  • Apply privacy screens and lock workstations when unattended to prevent shoulder‑surfing.

Failure to comply may result in disciplinary action under the Employee Handbook.

9. Technical Controls

  • Advanced email security gateway with sandboxing and URL rewriting.

  • Domain‑based Message Authentication Reporting and Conformance (DMARC) enforced with monitoring of RUA/RUF reports.

  • Multi‑factor authentication (MFA) on all admin and support tools.

  • Real‑time SMS/voice filtering using telecom fraud‑detection APIs.

  • Regular phishing‑simulation campaigns with target click‑rate < 5 %.

10. Record‑Keeping & Metrics

Handles tracks:

  • Number of scam reports per quarter.

  • Mean time to respond (MTTR) to a reported scam.

  • Phishing‑simulation failure rate.

  • Successful takedowns of spoof domains or numbers.

Metrics are reviewed monthly by the Security Steering Committee.

11. Policy Review

This Policy is reviewed annually or after any material security incident. Updates require approval by the CTO and DPO. The current version is published at https://handles.org/policies/scam‑communications.

12. Contact

Security Team
Handles Group Ltd
Suite 5 Manor House, 1 Macauley Road, Broadstone, BH18 8AS, UK
Email: security@handles.org

© Handles Group Ltd 2025

Feb 4, 2025

Digital Identity & The Handle Economy

Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by

Handles Team

Feb 4, 2025

Digital Identity & The Handle Economy

Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by

Handles Team

Feb 4, 2025

Digital Identity & The Handle Economy

Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by

Handles Team

Feb 4, 2025

Digital Identity & The Handle Economy

Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by

Handles Team

Own your social
identity.

Company

Support

Careers

Team

Customers

About

Resources

Pricing

Whitepaper

Platforms

© Handles Group Ltd, 2025. All rights reserved.

Linkedin

Instagram

X

Own your social
identity.

Company

Support

Careers

Team

Customers

About

Resources

Pricing

Whitepaper

Platforms

© Handles Group Ltd, 2025. All rights reserved.

Linkedin

Instagram

X

Own your social
identity.

Company

Support

Careers

Team

Customers

About

Resources

Pricing

Whitepaper

Platforms

© Handles Group Ltd, 2025. All rights reserved.

Linkedin

Instagram

X