The use of technology should make life easier, but in some cases, it is utilised by nefarious individuals to carry out vicious cyberattacks.
Quite often, people fall victim to fraudsters who swindle their money through cyberattacks, like smishing and vishing.
The former is the social engineering practice of sending fraudulent text messages to convince people to share personal identifiable information, such as credit card numbers and banking details, while the latter gathers these particulars through telephone calls.
Although these hacks are not new, Head of the Jamaica Cyber Incidence Response Team (JaCIRT), Lieutenant Colonel Godphey Sterling, laments that they are largely under-reported.
He is encouraging victims to speak up, as their silence hampers the organisation’s ability to fully grasp the magnitude of the situation and take the necessary actions for redress.
Head of the Jamaica Cybersecurity Response Team (JaCIRT), Lieutenant Colonel Godphey Sterling, is encouraging individuals to report cyberattacks.
“We measure yearly reports in concert with the financial year. So, from April last year to March this year, we would have had about 29 such attacks reported. But when we do our monitoring, we are seeing significantly more indications that this is a problem. And oftentimes, when we see these indicators and reach out to potential or actual victims, they are unwilling to participate in a process of remediation,” Lt Col Sterling tells JIS News.
He is urging people who believe they are victims of a cyberattack, particularly any of these social engineering attacks, to report the matter to the law enforcement agencies, such as the Jamaica Constabulary Force, Major Organised Crime and Anti-Corruption Agency or JaCIRT.
In May, there was an uptick in the reported cases within the banking industry.
Manager for Special Investigations with the National Commercial Bank (NCB) Fraud Prevention Unit, Dane Nicholson, says this institution has always had issues where one or two customers have become victims of these attacks.
He explains that fraudsters send text messages to random numbers, and once someone responds they know they have made a hit.
Usually, these messages have a link that drives people to a web page that prompts them to enter their information. From here, the defrauders will get sufficient information to call these individuals, pretend to be an NCB employee and execute a vishing.
While the immediate reported cases involve NCB customers only, the institution is not the sole bank where customers come under attack. This is evidenced by individuals who receive text messages that purport suspicious activities in their bank accounts at an establishment with which they are not affiliated.
Manager for Special Investigations at the National Commercial Bank (NCB) Fraud Prevention Unit, Dane Nicholson
Like NCB, the ongoing attacks have prompted JaCIRT to ramp up its year-long public education and awareness campaigns.
Lt Col Sterling informs that protecting oneself in cyberspace usually has three dimensions. One is the personal responsibility to recognise that the tools used to access online resources or to work in cyberspace, must be used with regard for safety and security. Therefore, individuals cannot dismiss their personal responsibility for safely navigating cyberspace.
Number two is that businesses are now obligated to protect the personally identifiable information of their clients.
And stressing the third, as he commits to carrying out JaCIRT’s mandate, Lt Col Sterling says the “Government has a duty to provide a framework within which all of this can take place as securely as possible”.
“We have the JaCIRT and the Information Commissioner, among others, including law-enforcement [bodies]. So, persons are encouraged to get out of that feeling of being a victim or not wanting to be seen as a victim and report these crimes whenever they occur,” he says.
Lt Col Sterling points out that there is no 100 per cent safe way to navigate through cyberspace and is appealing to online users to be careful how they answer calls from unknown numbers.
The same diligence must be taken when responding to SMS messages, clicking on links, or downloading attachments from emails.
“If the senders are unknown or known to you and the context or subject headings look suspicious, just double-check. And the same way you treat an email, you really need to treat an SMS message, because the sophistication with which these messages are created is very similar to how emails and web pages are designed,” he says.
This is especially as the Cybercrime Act 2010 and Data Protection Act (2020) protect online users that only operate within the Jamaican jurisdiction.
He notes that even though victims of online fraud are, indeed, consumers, there’s little that the Consumer Affairs Commission (CAC) can do to help with loss recovery in smishing and vishing attacks.
“When it comes on to it helping consumers to deal with online fraud that has taken place or is suspected, the CAC can only really offer guidance at this moment. This is in terms of helping you to reach out to the different entities that can help, such as the fraud squad. So, you must be very careful and make sure that you do diligence in assessing sites and making the right decision about using them,” Gentles says.
The CAC is a government agency that informs, educates, and empowers consumers to protect themselves in the marketplace.