From left: President of the Manchester Chamber of Commerce, Simone Spence-Johnson; Inspector Berthlyn Lloyd, sub-officer at the Manchester Community, Safety and Security Branch; and head of the police’s Area 3 Criminal Investigation Branch, Deputy Superintendent Christopher Brown at Saturday’s cybersecurity and financial fraud town hall meeting at Ridgemount United Church in Mandeville.
MANDEVILLE, Manchester — Two cybersecurity experts and a local police officer have reiterated that people need to be more vigilant in order to not fall victim to financial-based cybercrimes, including SIM swapping and social media scams now plaguing banks and customers.
Head of the Area 3 Criminal Investigation Branch Deputy Superintendent Christopher Brown; Dane Nicholson, manager for special investigations at the National Commercial Bank’s Fraud Unit; and Inspector Berthlyn Lloyd, sub officer at the Manchester Community, Safety and Security Branch (CSSB), all said the prevalence of financial-based cybercrimes are becoming more sophisticated.
“Criminals are advancing in their technologies and they are utilising technology to benefit,” Brown told an audience of businesspeople and members of the Ridgemount United Church on Saturday.
Lloyd, meanwhile, said young people are the most vulnerable to fraudulent activities linked to social media.
Dane Nicholson, manager for special investigations at the National Commercial Bank’s Fraud Unit, speaking at Saturday’s cybersecurity and financial fraud town hall meeting at Ridgemount United Church in Mandeville. (Photos: Kasey Williams)
“Most of the time they are the ones who are always using social media for goods and services… Most times things are being advertised for sale, if you are in doubt check it out. Sometimes it looks too good to be true,” she said.
“Most of the time expensive cellular phones are being advertised at menial prices and, from the information received, most of our college students are the ones who are being found vulnerable in this fraud,” she added.
At the same time, Nicholson has urged people to be mindful of SIM-swap scams, whereby fraudsters obtain people’s cell number using fraudulent identification.
“… Fraudsters would get to your cell number, make a counterfeit driver’s licence, voter’s ID, passport, or whatever identification that you [have] that the telecommunications provider would tell them is on file for you and they would make a counterfeit ID,” he said.
“It would have your demographic information, but the photograph would be that of the fraudster and they say that the SIM card is either lost or stolen and they need a replacement card,” he added.
He explained that fraudsters practise SIM swapping to get around specific security arrangements which banks use to protect their customers.
“Most banks around the world today use two-factor authentication and, that is, they will send text to you and a code in order for you to gain access to certain sensitive information,” he said. “The next thing that they [fraudsters] want to do is to take over your e-mail address,” he added.
Nicholson has urged people to desist from using their cellphone number as the recovery method for their e-mail address.
“Use another e-mail as the recovery password and not your cellphone [number] because, what that does, it puts you as [an] easy target for a person to take over your e-mail and do a SIM swap,” he said.
He added that the fraudsters, after gaining access to the cellphone number, then target the victim’s e-mail.
“The first thing they are going to do is to take over your e-mail address. All they do is click forget password. Your e-mail provider will send a text message to the cellphone number that they [fraudster] just took over and then they would reset the password,” he explained.
“That same e-mail is [what] you’re going to provide to the bank and that you use to sign up for Internet banking, and all they are going to do now is to click forget password on the Internet banking and [it] is going to send a password to that same e-mail that they just took over,” he added.
He also pointed to phishing and smishing in which fraudsters send web-based links to unsuspecting victims, claiming that there is “some sense of urgency to click on the link to take certain action, such as restoring their account”.
“This is one of the most popular ways now that fraudsters are targeting financial customers because what has happened is that the financial institutions have embedded either a token or they are using two-factor authentication as it relates to texting or e-mailing customers, so it is not as easy again for fraudsters to take over person’s account, but if they send you a link and you voluntarily [input] the username and the password, there is absolutely nothing that we can do to stop that,” Nicholson said.
“It is like you setting up your house with burglar bars and when the burglar comes you open the grilles or just say open the grille and come in, so you would have defeated the purpose of putting in the grilles,” he added.
He also reiterated Inspector Lloyd’s suggestion that people should be wary of social media scams.
“It is now becoming a real problem. If you are on Instagram you can just type loader page and you will realise the amount of loader page that fraudsters set up to defraud people,” he said.
He pointed to a recent case where a fraudster set up a Facebook account “purporting to be selling motor vehicles” and people fell victim to the fraud. But he said victims are also at fault.
“Their motive was also to defraud the bank, because if I don’t work for the bank and I tell you that I have a link in the bank that can do certain things then your intention would have been bad…” he explained.
“What they are doing is to set up these sites on Instagram, Facebook, Tiktok, all over, to say that they have a link in the bank and they can give you a loan and the link can erase the audit trail and you don’t have to pay back the loan. I want to tell you that they have no link inside the bank, and if they have any link in there I would be the first one to ensure that we root them out,” he added.
“All they are doing is collecting your username, password, tax registration number, and those sensitive information, go and take out a loan, and then tell you to come to the bank to report that your card is either lost or stolen, your phone was lost with your username and password and you don’t know anything about the information,” Nicholson said.
He said hundreds of customers have lost funds to fictitious social media pages.
“… It has happened to the young, the old, the middle-aged, everybody. What you have to do is be cautious, call, verify, and validate,” he said.
He said credit/debit cardholders should be vigilant.
“Ensure that you observe where your cards are utilised, if you notice anybody looking too closely on the card and flipping it front to back,” he said before explaining a case in which a cashier stole card information to do transactions online.
“When she was arrested she had a list with about 16 credit card numbers at a prominent establishment. When the customers go there to do their transactions, while she is cashing the persons, what she is doing as well is taking a quick peep at the full 16 digits and the expiry date and flick back recording the information and then proceed to do the transaction online,” he said.