Persons Urged To Employ Cyberthreat Safeguards

Jamaicans are being encouraged to be aware of and safeguard themselves against cyber-scams and other cyberthreats.

With increased Internet connectivity and in observance of Cybersecurity Awareness Month during October, the Cyber Incident Response Team (CIRT), in tandem with the Jamaica Constabulary Force (JCF), is highlighting some of the most common threats that have been trending up.

Speaking at a recent Jamaica Information Service (JIS) Think Tank at the Agency’s head office in Kingston, Commanding Officer for the JCF’s Counter-Terrorism and Organised Crime Investigation Branch (CTOC), Acting Assistant Commissioner of Police (ACP) Anthony McLaughlin, said the police recognise that Jamaica is “susceptible to ‘social engineering’ and its manipulation”.

“Therefore, [we] have been collaborating with the Ministry of Science, Energy and Technology (MSET) for the past three years in ensuring that our citizens, particularly the business sector, are quite aware of this phenomenon and how we are able to assist them,” the senior lawman added.

ACP McLaughlin explained that social engineering, which is on the rise, is the act of attempting to get information from an Internet user under disguise.

“So, for example, someone could call your pretending to be calling from your bank asking to verify your secret answers to questions,” he further outlined.

The lawman also highlighted ‘phishing’, which is the act of persons manipulating another’s private or personal information and using same for fraudulent activities.

“For example, someone may intercept your emails with your business partner and they may say to you, ‘rather than sending the money to this account, send the money to [a different] account; so your money would have been diverted to another account,” he indicated.

ACP McLaughlin pointed out that this is sometimes done by the cybercriminal simply by changing a dot or one letter, “so if you don’t look carefully, you will not recognise [the change]”.

He said persons will also send emails to payroll departments pretending to be their bank, “and if you do not have that personal banking relationship with your bank, then you might fall for it”.

Skimming is another common complaint ACP McLaughlin further disclosed, noting that this entails the placement of devices on ATM machines that siphon off all banking information, and funds from targeted accounts,
He also cited malicious communication as another prevalent trend, which sees persons using threatening or intimidatory online tactics, such as cyberbullying.

Head of the CIRT, Dr. Moniphia Hewling, said that the agency has been receiving numerous reports of cyberbullying, for which there is some degree of redress.

“Although cyberbullying is not specifically stated in law, the Director of Public Prosecution (DPP) has indicated that they do have laws that can address it,” she informed.

Ransomware, which is the holding of data or information for money, is another trend that has noticeably increased, Dr. Hewling also stated.

This data or information could include customer lists, account numbers, or a business website, she explained, while adding that “we see social engineering taking on whole new levels”.

“Traditionally criminals would have had an invoice or purchase order attachment sent in email, which persons would open. This would then download malware, which then places a key logger on the user’s machine. The key logger is then able to see everything you type on your keyboard, including your online banking information and passwords,” the CIRT Head further informed.

“The new trend, now, is for the criminals to email persons saying that they may have been watching them, they see what they have been doing, and if they don’t pay them or send a certain amount to their Bitcoin wallet they would expose [them],” she outlined.

Dr. Hewling advises persons that “unless you know that you have been doing something really bad, you do not have to pay”.

She, instead, urges individuals to report these incidents, and protect themselves with antivirus software and by employing responsible online practices.

Cybessecurity Month is being observed under the theme – ‘Cybersecurity Awareness – Own IT, Secure It, Protect IT’.