Raphael John-Lall

Vice pres­i­dent of the In­ter­na­tion­al In­for­ma­tion Sys­tem Se­cu­ri­ty Cer­ti­fi­ca­tion Con­sor­tium (ISC2) Caribbean Chap­ter, Ri­car­do Fras­er, is en­cour­ag­ing on­line shop­pers and con­sumers in gen­er­al to be wary of scam calls and oth­er cy­ber­se­cu­ri­ty breach­es dur­ing the Christ­mas sea­son.

“We re­cent­ly had Thanks­giv­ing and Fri­day was Black Fri­day sales and Mon­day was Cy­ber Mon­day. A lot of com­pa­nies in the US of­fer coupons and dis­counts on­line. Not all of them but some of these coupon web­sites are scam web­sites. When you have to en­ter per­son­al in­for­ma­tion, you have to be care­ful be­cause you can be giv­ing away your per­son­al in­for­ma­tion. In fact, by just vis­it­ing these coupon web­sites, these sites can pose threats to the safe­ty of your com­put­er en­vi­ron­ment,” he told the Busi­ness Guardian.

He gave a re­cent ex­am­ple in the fi­nan­cial ser­vices sec­tor where a lo­cal com­pa­ny was al­most a vic­tim of a cy­ber­crime.

“Re­cent­ly, we had a lo­cal or­gan­i­sa­tion where some­one put up a phish­ing web­site for that or­gan­i­sa­tion and this or­gan­i­sa­tion serves a large num­ber of con­sumers in T&T and the Caribbean on­line. So had peo­ple gone to that web­site to con­duct their busi­ness, they would have been re­veal­ing their con­fi­den­tial in­for­ma­tion in or­der to au­then­ti­cate pass­words.

“We have been see­ing if a com­pa­ny is pop­u­lar enough and the threat ac­tors be­lieve there is rev­enue to be made by mas­querad­ing as this com­pa­ny, they would in fact raise a phish­ing web­site in or­der to lure or phish out un­sus­pect­ing vic­tims to en­ter their per­son­al in­for­ma­tion,” said Ffas­er.

He said peo­ple in T&T have been re­ceiv­ing mes­sages from in­di­vid­u­als who pur­port to be TTPOST, peo­ple that pur­port to be Ama­zon telling you that your ac­count in­for­ma­tion has to be ver­i­fied.

“When that ac­count is clicked, you can suf­fer an ac­count take over. Then you find out your cred­it card bill is be­ing run up and you did not pur­chase any­thing,” he said.

The cy­ber­se­cu­ri­ty ex­ec­u­tive urged con­sumers to be cau­tious of the way they con­duct busi­ness on­line dur­ing the Christ­mas sea­son.

“These things are ram­pant dur­ing the Christ­mas sea­son. Per­sons are spend­ing more and there is the ap­petite to buy more and to do com­merce. So, con­sumers have to be care­ful around this time where there are many deals and dis­counts avail­able. Scam­mers take ad­van­tage of that and the ur­gency with which per­sons are wish­ing to pur­chase.”

He gave the de­tails of the scam calls or re­lat­ed scams while busi­ness­peo­ple or con­sumers en­gage in on­line ac­tiv­i­ty.

“A few years ago, there was the Niger­ian princess where per­sons would send an email or make a phone call. There is al­so the lux­u­ry scam where they tell you, you have won the lot­tery and you have to de­posit mon­ey for them to pre­pare the doc­u­men­ta­tion to re­ceive the mon­ey. This hap­pens in em­ploy­ment where per­sons will ad­ver­tise jobs and be­fore you know it, they want some sort of pay­ment for a re­cruiter. These al­go­rithms are look­ing at your search his­to­ry that you put out on so­cial me­dia and they will use that to tar­get what you de­sire. Some­one may no­tice that you want to pur­chase a cer­tain item on­line and you can make your pur­chase on a scam web­site. Choos­ing a web­site to make a pur­chase from, one has to be care­ful.”

He al­so gave more de­tails about The SCAM De­fence 2024 Sem­i­nar that the ISC2 held last Thurs­day at the Hy­att Re­gency in Port-of-Spain.

“The mo­ti­va­tion be­hind the sem­i­nar was be­cause we have seen an in­crease in the num­ber of breach­es tak­ing place through­out the Caribbean and in T&T. We have al­so no­ticed that dur­ing the hol­i­day sea­son, scams are very ram­pant. The scam can be done via phone calls, text mes­sages, emails, What­sApp, so­cial me­dia and peo­ple have been falling vic­tims to these scams,” said Fras­er.

He said the pre­cur­sor to the scams is the steal­ing of in­for­ma­tion to make the scam more ef­fec­tive. The phish­ers pre­tend to be a friend or fam­i­ly be­fore they take your in­for­ma­tion or the mon­ey as your prize.

He said the cy­ber­se­cu­ri­ty or­gan­i­sa­tion want­ed to make the busi­ness com­mu­ni­ty as well as T&T aware of the scams be­cause or­gan­i­sa­tions have been los­ing mil­lions of dol­lars to scams over the last few years. That is be­cause scams and cy­ber­se­cu­ri­ty breach­es go hand-in-hand.”

He in­formed that The SCAM De­fence 2024 Sem­i­nar was mod­er­at­ed by Aj­mal Newal­lo-Singh, Ag. head of se­cu­ri­ty as­sur­ance and op­er­a­tions at IGovTT, and a re­gion­al pan­el of well-re­spect­ed cy­ber­se­cu­ri­ty ex­perts was present.

There was a live demon­stra­tion by Ro­ry Ebanks of Symp­tai Con­sult­ing Ja­maica, who show­cased how easy it is for hack­ers to break in­to vul­ner­a­ble sys­tems. It took less than five min­utes for the at­tack­er to by­pass de­fences of a sys­tem con­nect­ed to the in­ter­net, gain full ad­min­is­tra­tive rights to the serv­er and to ac­cess high­ly sen­si­tive in­for­ma­tion.

So­lu­tions

Fras­er gave sta­tis­tics to show that in T&T there has been in­crease in these cy­ber­scams over the past year.

“We know that it is in­creas­ing as every­day we re­ceive the spam emails where per­sons are try­ing to de­fraud you. At our re­cent­ly con­clud­ed sem­i­nar, the Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team (TT-CSIRT) in­di­cat­ed that there has been an in­crease as 78 breach­es in or­gan­i­sa­tions were re­port­ed up to Oc­to­ber 2024. There has been a rise from 2022 where there were 43 of these breach­es and in 2023 there were 52. So cy­ber­breach­es are on the rise,” Fras­er said.

He said the most ef­fec­tive way a busi­ness, and em­ploy­ees who work in the busi­ness, can pro­tect them­selves from these scams is through Se­cu­ri­ty Ed­u­ca­tion Train­ing and Aware­ness Progammes (SE­TA).

He said in­sti­tu­tions like the cen­tral banks in the Caribbean have been do­ing train­ing and aware­ness ses­sions in this area for mem­bers of the pub­lic to pro­tect them from ba­si­cal­ly us­ing their on­line bank­ing apps in­se­cure­ly.

He added the ISC2 Caribbean Chap­ter through­out the Caribbean has as­sem­bled a team of ex­perts to car­ry out train­ing in this area.

“This is re­al­ly a se­ries of videos re­mind­ing em­ploy­ees of the com­pa­ny or busi­ness of the cy­ber­se­cu­ri­ty poli­cies so that there will be ad­her­ence by per­sons of the cy­ber­se­cu­ri­ty pro­grammes. Peo­ple are the last de­fence in the chain in cy­ber­se­cu­ri­ty. You can have tech­nol­o­gy that proac­tive­ly search­es for vul­ner­a­bil­i­ties in com­pa­nies but you al­so need peo­ple. It takes an em­ploy­ee one sec­ond to click a phish­ing link and per­haps the tech­no­log­i­cal de­fences of the com­pa­ny are not ad­e­quate enough to pro­tect against this cy­ber threat that the em­ploy­ee has ini­ti­at­ed.”