Skip to main content
Charlotte Hooper Head of Operations The Cyber Helpline
7 min

Your Customer’s Worst Day: How to Be Ready When Cybercrime Hits

Posted by Picture of Sam Kendall Sam Kendall

Are your teams prepared for a customer’s worst day - when cybercrime turns a routine interaction into a crisis?

Charlotte Hooper, Head of Operations at The Cyber Helpline, works with people affected by fraud, hacking, and online abuse. Below, her operational perspective sits alongside practical steps regulated firms can take when trust is on the line.

On Regulated Digital, the focus is how organisations protect relationships when customers need clarity, empathy, and practical support - not jargon or generic security advice.

Watch the full episode above, or listen on Spotify, Apple Podcasts, or watch on YouTube.

Created from episode transcript

When cybercrime hits a customer, the practical question is what your teams do in the first hours: how you assess risk, communicate safely, and know when specialist support is needed. The sections below set out that workflow for regulated and customer-facing organisations.

Why Cybercrime Is a Customer Experience Problem

Cybercrime is rarely just about stolen data or broken systems. For victims, it often feels like their lives have been turned upside down.

Many people who reach The Cyber Helpline arrive anxious, disoriented, and unsure who they can trust.

For businesses, these moments are defining tests of care and credibility.

Handled with urgency and empathy, they also create an opportunity to prevent further harm and protect long-term relationships.

"In stalking cases, advice like 'just block them' or 'factory reset your phone' can be dangerous, because you do not know how the perpetrator will react, and you may destroy vital evidence."

Charlotte Hooper, Head of Operations, The Cyber Helpline

That distinction matters for any team handling abuse, fraud, or account compromise calls.

What Victims Really Need

When people reach out after fraud or cybercrime, they are not looking for jargon. They want to feel safe, heard, and guided.

Beyond reassurance, victims need someone to take ownership, explain risks in plain language, and help them preserve their privacy.

They also need recognition that digital threats can spill into the physical world - especially in cases involving stalking or coercion.

Looking at Risk Before Tools

The first step is understanding a real person’s situation before resetting devices or chasing technical symptoms.

Have others had access to their phone or accounts? Are accounts shared? Could a known individual be behind the problem?

Asking these questions helps prevent well-meant advice that could escalate risk or erase crucial evidence.

Diagnosing the Real Issue

Many victims are convinced their device is infected, but more often the real compromise lies elsewhere.

Email or cloud accounts - with their links to social media, banking, and storage - are frequent entry points.

Encouraging checks on sign-in history, forwarding rules, and recovery settings often reveals what is really going on.

Making Security the Default

It is not realistic to expect users to make the right decision every time.

Businesses can lighten the load by building protections into their systems from the outset - encryption, authentication, and monitoring as standard rather than optional extras.

Adaptive identity checks and the ability to revoke or expire access give customers practical control without constant friction.

When to Refer to The Cyber Helpline

Some incidents go beyond what corporate support teams can manage. Recognising these moments is crucial.

When multiple accounts are compromised, when stalking or domestic abuse is suspected, or when a customer’s physical safety is at risk, referral is the right step.

The Cyber Helpline provides ongoing, personalised support that complements what organisations can deliver in the first hours of a crisis.

Encouraging customers to report to the police remains important too. Even when cases do not proceed, intelligence builds a clearer national picture of threats, as shown in victimisation research.

"Only around a third of people have reported to the police when they reach us, but by the time they leave, that rises to about 70 percent, because reporting still feeds threat intelligence even when cases are closed quickly."

Charlotte Hooper, Head of Operations, The Cyber Helpline

Even when a case closes quickly, reporting still feeds wider threat intelligence, which is why signposting matters alongside one-to-one support.

Reporting And Threat Intelligence

Even when individual cases close quickly, police reporting helps build a clearer picture of cybercrime patterns - which is why frontline teams should treat signposting to reporting routes as part of credible victim support, not an afterthought.

Knowing how threats are shifting also helps firms decide what frontline staff should watch for next.

The Threats Emerging Now

The crimes themselves are not new, but technology is amplifying them.

Stalking increasingly exploits shared logins, location apps, and even smart home devices.

Scammers continue to weaponise urgency and trust, with investment fraud alone costing UK consumers hundreds of millions each year.

Sextortion scams are rising, often targeting young men, and AI is increasingly being used to create fake images or videos, as Victim Support has warned.

AI has not invented new crimes, but it has made social engineering more persuasive - with lures that look more polished and gain trust faster.

Building a Customer Crisis Playbook

To be ready, organisations should develop a playbook that blends technical actions with human-centred support.

1) Triage and Questions

Simple, structured questions help frontline staff quickly understand risks - whether devices were shared, accounts accessed, or recovery settings changed.

2) Safe Contact and Evidence

Secure communication channels reassure customers. Careful evidence handling protects both victims and investigators.

Firms reviewing crisis follow-up may also find it useful to compare how they handle sensitive updates with guidance on communicating with customers during a crisis.

"When a customer is already anxious after fraud or account compromise, the follow-up channel needs to feel trustworthy and controlled - not another message they are unsure about opening."

Paul Holland, Founder and CEO, Beyond Encryption (Mailock)

Once contact feels trustworthy, containment steps can focus on accounts, sessions, and recovery settings without adding more uncertainty for the customer.

3) Containment and Hardening

Resetting primary accounts, revoking unauthorised sessions, and enforcing stronger authentication are key containment measures.

Checking recovery details and device sharing closes overlooked entry points.

4) Communication That Calms

Empathy matters as much as technical fixes. Explaining what is happening now, what comes next, and when updates will follow builds confidence at a vulnerable time.

Signposting independent resources like the NCSC charity guide shows that support extends beyond your organisation.

First-Hour Crisis Checks

  • Has anyone else had access to the customer’s phone, email, or cloud accounts?
  • Is interpersonal risk or stalking possible before giving device or account advice?
  • Is follow-up happening on a channel the customer recognises and can trust?

Those checks sit alongside the wider shift toward secure-by-default design across everyday customer journeys.

Shaping Culture: Protection as Standard

Awareness training plays a role, but it cannot carry the burden alone.

Secure-by-default processes mean customers are protected every time, regardless of individual choices.

Need A Safer Way To Send Sensitive Email?

Mailock keeps email familiar while adding protected access, recipient checks, secure replies, message tracking, and sender controls.

Learn more about Mailock

Sharing stories from real incidents makes threats relatable, without implying victims are at fault.

Crisis support is a customer-trust decision as much as a security ticket.

Leaders can turn that principle into a short, owned checklist for customer security incidents.

Checklist: Steps for Leaders

  • Define a clear escalation pathway for customer incidents.
  • Offer a dedicated secure channel for sensitive interactions.
  • Provide frontline teams with practical triage and evidence-preservation guidance.
  • Agree referral arrangements with The Cyber Helpline and relevant services.
  • Measure results - not just speed of resolution, but also customer confidence and repeat victimisation rates.

 

FAQs

When Is It Unsafe to Tell Someone to Wipe a Device?

In cases of stalking or coercive control, wiping devices may destroy evidence or escalate danger - so avoid this advice.

How Do We Decide Between Handling in-House or Referring?

Refer when cases involve multiple accounts, interpersonal risk, or require sustained coaching beyond your capacity.

Does AI Change Our Response Plan?

The fundamentals remain, but expect more convincing scams and prioritise verification and secure channels.

What Resources Can We Share with Customers?

Point to trusted resources such as Action Fraud or NCSC reports.

 

References

Your Customer’s Worst Day: How to Be Ready When Cybercrime Hits, Regulated Digital

Your Customer’s Worst Day: How to Be Ready When Cybercrime Hits, YouTube

Charlotte Hooper, LinkedIn

The Cyber Helpline, The Cyber Helpline

Cybercrime Victimisation and the Association With Age, Health and Sociodemographic Characteristics, VISION Consortium / PLOS ONE, 2024

City of London Police Reveals More Than £612 Million Was Lost to Investment Fraud in the UK Last Year, City of London Police, 2024

Increase in Number of 'Sextortion' Contacts Received by Childline, NSPCC, 2024

Sextortion, Victim Support, 2024

AI-Powered Social Engineering Attacks, CrowdStrike, 2025

Small Charity Guide, National Cyber Security Centre, 2025

Action Fraud, Action Fraud

New NCSC Cyber Threat Report Sets Out Risks to Voluntary Sector, WCVA, 2023

How to Communicate With Your Customers During a Crisis, Beyond Encryption

Your Customer’s Worst Day: How to Be Ready When Cybercrime Hits, Charlotte Hooper, The Cyber Helpline (#25), Apple Podcasts, 2025

Reviewed by

Sam Kendall, 30.05.26

This content is for general information only and is not legal advice.

 

Originally posted on 26 08 25
Last updated on July 9, 2026

Posted by:  Sam Kendall

Sam Kendall works on digital marketing at Beyond Encryption, helping build B2B marketing activity around research, first principles, and sustainable growth. He writes about marketing effectiveness, positioning, customer communications, and digital culture, with longer-form work published at ATNL.

Return to listing