By: Rocheda Bartley

(JIS) 

#Jamaica, June 6, 2022 – The use of technology should make life easier, but in some cases, it is utilised by nefarious persons to carry out vicious cyberattacks.

Quite often people fall victim to fraudsters who swindle their money through cyberattacks, like smishing and vishing.

The former is the social engineering practice of sending fraudulent text messages to convince people to share personal identifiable information, such as credit card numbers and banking details, while the latter gathers these particulars through telephone calls.

Although these hacks are not new, Head of the Jamaica Cyber Incidence Response Team (JaCIRT), Lieutenant Colonel Godphey Sterling, laments that they are largely under-reported.

He is encouraging victims to speak up, as their silence hampers the organisation’s ability to fully grasp the magnitude of the situation and take the necessary actions for redress.

“We measure yearly reports in concert with the financial year. So, from April last year to March this year, we would have had about 29 such attacks reported. But when we do our monitoring, we are seeing significantly more indication that this is a problem. And oftentimes, when we see these indicators and reach out to potential or actual victims, they are unwilling to participate in a process of remediation,” Lt. Col. Sterling tells JIS News.

He is urging persons who believe they are victims of a cyberattack, particularly any of these social engineering attacks, to report the matter to the law-enforcement agencies, such as the Jamaica Constabulary Force (JCF), Major Organised Crime and Anti-Corruption Agency (MOCA) or JaCIRT.

Last month (May), there was an uptick in the reported cases within the banking industry.

Manager for Special Investigations with the National Commercial Bank (NCB) Fraud Prevention Unit, Dane Nicholson, says this institution has always had issues where one or two customers have become victims of these attacks.

He explains that fraudsters send text messages to random numbers, and once someone responds they know they have made a hit.

Usually, these messages have a link that drives persons to a web page that prompts them to enter their information. From here, the defrauders will get sufficient information to call these individuals, pretend to be an NCB employee and execute a vishing.

While the immediate reported cases involve NCB customers only, the institution is not the sole bank where customers come under attack. This is evidenced by persons who receive text messages that purport suspicious activities in their bank accounts at an establishment with which they are not affiliated.

Like NCB, the going attacks have prompted JaCIRT to ramp up its year-long public education and awareness campaigns.

Lt. Col. Sterling informs that protecting oneself in cyberspace usually has three dimensions. One is the personal responsibility to recognise that the tools used to access online resources, or to work in cyberspace, must be used with regard for safety and security. Therefore, individuals cannot dismiss their personal responsibility for safely navigating cyberspace.

Number two is that businesses are now obligated to protect the personally identifiable information of their clients.

And stressing the third, as he commits to carrying out JaCIRT’s mandate, Lt. Col. Sterling says the “Government has a duty to provide a framework within which all of this can take place as securely as possible”.

“We have the JaCIRT and the Information Commissioner, among others, including law-enforcement [bodies].  So, persons are encouraged to get out of that feeling of being a victim or not wanting to be seen as a victim and report these crimes whenever they occur,” he says.

Lt. Col. Sterling points out that there is no 100 per cent safe way to navigate through cyberspace and is appealing to online users to be careful how they answer calls from unknown numbers.

The same diligence must be taken when responding to SMS messages, clicking on links, or downloading attachments from emails.

“If the senders are unknown or known to you and the context or subject headings look suspicious, just double check. And the same way you treat an email, you really need to treat an SMS message, because the sophistication with which these messages are created is very similar to how emails and web pages are designed,” he says.

Meanwhile, Director of Information Technology at the Ministry of Industry, Investment and Commerce, Omar Gentles, is encouraging persons to explore the privacy policy of websites as well.

This is especially as the Cybercrime Act 2010 and Data Protection Act (2020) protect online users that only operate within the Jamaican jurisdiction.

He notes that even though victims of online fraud are, indeed, consumers, there’s little that the Consumer Affairs Commission (CAC) can do to help with loss recovery in smishing and vishing attacks.

“When it comes on to it helping consumers to deal with online fraud that has taken place or is suspected, the CAC can only really offer guidance at this moment. This is in terms of helping you to reach out to the different entities that can really help, such as the fraud squad. So, you must be very careful and make sure that you do diligence in assessing sites and making the right decision about using them,” Mr. Gentles says.

The CAC is a government agency that informs, educates, and empowers consumers to protect themselves in the marketplace.