Gail Alexan­der

All phish­ing links that have been re­port­ed to the TT Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team (TTC­SIRT) have been suc­cess­ful­ly brought down, Na­tion­al Se­cu­ri­ty Min­is­ter Fitzger­ald Hinds said yes­ter­day.

Hinds gave the in­for­ma­tion in the Sen­ate yes­ter­day re­ply­ing to var­i­ous ques­tions from Unit­ed Na­tion­al Con­gress Sen­a­tor Wade Mark.

Not­ing re­cent re­ports of a new on­line phish­ing scheme to re­trieve per­son­al bank­ing in­for­ma­tion from cus­tomers, Mark asked what ur­gent steps are be­ing tak­en by the Cy­ber­crime Unit to ad­dress this.

Hinds said phish­ing is a type of cy­ber at­tack where at­tack­ers try to trick peo­ple in­to re­veal­ing per­son­al in­for­ma­tion, such as user names, pass­words or cred­it card num­bers.

"They typ­i­cal­ly do this by pre­tend­ing to be a trust­wor­thy en­ti­ty like a bank, com­pa­ny or even some­times a friend."

Hinds said, "Wise­ly, we have two agen­cies in the state sys­tems to treat with the prob­lems - TT Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse team and the TTPS's Cy­ber Crime unit. Two in­ci­dents arose which en­gaged the at­ten­tion of TTC­SIRT:

"A phish­ing cam­paign im­i­tat­ing Re­pub­lic Bank Ltd's on­line bank­ing por­tal in an at­tempt to har­vest user­names and pass­words. TTC­SIRT has tak­en steps to re­port the phish­ing links to the re­spec­tive for­eign host­ing providers and have them tak­en down. To date all phish­ing links that have been re­port­ed to TTC­SIRT have been suc­cess­ful­ly brought down."

"Sec­ond­ly, there was a phish­ing cam­paign meant to takeover ac­cess to per­son's What­sApp ac­counts. TTC­SIRT has is­sued warn­ings/guid­ance on so­cial me­dia and is de­vel­op­ing an aware­ness guide to be post­ed on the Na­tion­al Se­cu­ri­ty web­site."

Hinds said TTPS's Cy­ber & So­cial Me­dia Unit is work­ing to ad­dress the new phish­ing scheme tar­get­ing per­son­al bank­ing in­for­ma­tion. Hinds de­tailed steps be­ing tak­en in­clud­ing work­ing close­ly with banks to iden­ti­fy/shut down fake web­sites and fraud­u­lent ac­tiv­i­ties."

Hinds couldn't state the num­ber of phish­ing cas­es,"But we're aware there are cas­es and we're re­spond­ing to them..."

In a no­tice to its cus­tomers on Wednes­day, Re­pub­lic Bank re­quest­ed that they take note of the fake (phish­ing) web­site. The bank said the do­main of the fake web­site was reg­is­tered on 2024-11-25 and is cur­rent­ly still avail­able.

Re­pub­lic Bank re­quest­ed any per­son who may have vis­it­ed the fake web­site and en­tered their lo­gin de­tails to con­tact Re­pub­lic Bank im­me­di­ate­ly. The cor­rect Re­pub­lic Bank on­line web­site is https://re­pub­li­con­linett.rfhl.com/ and NOT the one end­ing in .org