Cayman’s Digital Forensic Hub has noted a spike in online attacks from cyber criminals seeking to defraud unsuspecting members of the public through scams varying from email phishing to cellphone messaging.
It is only six months into 2021 and already the Hub has launched six phishing investigations between January and May, which equals last year’s overall total of such probes.
Also, during the same period, 21 fraudulent uses of information and communications technologies/broadcast and communications technologies were investigated. There has also been three misuse-of-computers investigations.
Added to this, cyber forensic operative and Hub office manager John Watson said he has seen an increasing number of attacks that mimic local banks and he is urging the public to be vigilant.
“On island at the moment we have had a specific uptake in a number of SMS messages going out directing people to fake websites often pretended to be from local banks or local companies saying, ‘We’ve received an unexpected payment out of the local supermarket. If this is not you please go on to here’… through the process of that they try to do what we call ‘credential harvesting’ where they’ll try to get people’s details, including the bank details,” Watson said during a recent interview with the Cayman Compass.
Just this week, Scotiabank senior manager, retail banking, Chervain Stuart, through a media statement, noted that online criminals have become more skilled at creating fake websites and mobile applications which appear identical to legitimate ones.
“There’s a phrase we use: If it’s too good to be true, it probably is.” – John Watson, Digital Forensic Hub
“Some may even go as far as selling or attempting to sell knock-off versions of the site’s products,” Stuart said in the statement.
She urged the public to be cautious.
Watson agreed, adding that individuals must take their own protective measures.
“There’s a phrase we use: If it’s too good to be true, it probably is. So if you receive any SMS through your phones or through WhatsApp or any email where somebody is asking you to contact them, then we would suggest you don’t use that contact page itself. But if it’s from a local bank, then you contact that local bank direct through legitimate means to confirm whether or not it actually was from them,” he said.
COVID-19 news used as a tactic
The Compass is one of many media organisations to have been targeted by cyber criminals, which Watson noted was part of a wider spike in attacks called business email compromise (BEC).
He said criminals are using dummy COVID-19 stories purporting to be legitimate news stories to hook would-be victims.
Last year, there were three such fake COVID-19 articles logged in the RCIPS 2020 crime statistics report.
The Compass had to refute another fake email story as recently as the end of May.
He explained that with BEC attacks somebody will change one letter of a domain to execute the scam.
“So for instance in Cayman Compass you might get an email from Cayman Compass, but with only one ‘s’, and unless you look really carefully at it, you won’t notice that is not a legitimate email. And often these will be targeted towards individuals whose profiles have been obtained through social media accounts, et cetera,” Watson said.
Digital Forensic Hub stats Jan-May, 2021
- 6 phishing
- 21 fraudulent use of ICT/BCT
- 3 misuse of computers
Digital Forensics Investigations
- 19 involve sexual offences
- 35 involve offences against the person
- 13 involve fraud
- 14 involve drugs
- 24 involve misc. incidents
He said the scammer would use the names or the details on the intended fake site to dupe the victim who is looking at the email into thinking it was legitimately sent from the company, so they would then click on the link.
“The days of the phishing email [being] relatively easy to catch are probably gone. The actors, like the public and businesses, learn from this and then move on. So where businesses and the public do more to protect themselves, the actors will do more and more to try to make their emails look legitimate and encourage people to click on links [which would download] the malware onto the systems,” he explained.
Watson said, in the last few months, there was an issue with an email exchange service where a particular vulnerability was exploited and there was a hijack of certain emails sent through that service.
“So we’re seeing emails now being intercepted and other emails being sent out to recipients [instead]… but again, just with a subtle change in the domain address which [is] actually quite difficult to spot,” he said, adding, if you are not expecting an email or are slightly suspicious of it, contact the legitimate sender to confirm.
Stats through May from the Hub break down digital forensics investigations into: 19 sexual offences, 35 offences against the person, 13 fraud, 14 drugs, and 24 miscellaneous incidents (such as missing persons and traffic collisions).
Watson had one simple solution to the public when is comes to being cyber safe.
“Never give your bank details, never give any personal details to anyone unless you’ve confirmed absolutely 100% that you are speaking to someone from a legitimate company,” he said.
Ransomware, a growing concern
Cayman, like other countries, is also susceptible to ransomware attacks.
The cyber forensic operative said there have been ransomware attacks here on island, which are a growing challenge as they do not often originate in Cayman.
“Ransomware is prevalent across the world at the moment. It’s a particularly effective and incredibly debilitating piece of ransomware. It basically will encrypt all your files. If you don’t have good offline backups, you may not be able to restore your systems. You may not be able to operate your business,” Watson said, adding that businesses should beef up their protections.
He also described a more serious type of ransomware attack, though he was not aware of that occurring in Cayman.
“Increasingly these attacks have what we call hybrid attacks where they deploy ransomware, encrypt files, but they’ll also exfil data, which means they’ll steal some of your documents,” he explained. “If they don’t get money from the ransomware itself, or [from] you paying to get your files decrypted, then they’ll try to extort you online on dark web forums to try to get money from you that way.”
These attacks, he added, are from organised crime groups that are only interested in the money.