Local charity Jasmine is warning the public to be on the lookout for scammers who have hacked their email and are soliciting donations to fake bank accounts.
Ansley Easterlin, Jasmine marketing and fundraising manager, told the Cayman Compass Friday afternoon in an email statement that the charity is cooperating with police on the matter.
“This breach was indeed very unsettling for Jasmine, and the response from the community has also been one of equal parts shock and complete dismay that an organisation like Jasmine would be targeted. However, we think this just goes to show that no person, company, or organisation, despite what good they may do, is invulnerable to these types of crimes,” she said.
The Cayman Compass reached out to police for information on the investigation and await a response.
Donor raised red flag
Easterlin said it was a donor who flagged a suspect email, prompting the charity to take immediate action.
“We were alerted to the breach when a donor called to confirm ‘updated’ banking details received via email that seemed suspicious. We were able to quickly rectify that situation, but it was clear the hackers had become very sophisticated, mimicking legitimate Jasmine invoices and even typical patterns of speech via email. They also created a system of “rules” to hide any digital footprint of their fraud,” she explained.
This breach was indeed very unsettling for Jasmine, and the response from the community has also been one of equal parts shock and complete dismay that an organisation like Jasmine would be targeted. – Ansley Easterlin, Jasmine marketing and fundraising manager
The charity also issued a statement to all donors on its mailing list, advising of the breach.
In the statement, the charity assured that it has not closed accounts with Butterfield Bank, nor “are we refusing cash or check payments for the generous contributions you all provide”.
Easterlin said that through conversations with other corporate entities and IT professionals on the island, “we have come to understand that all types of phishing, cyber-attacks, and electronic theft attempts seem to be on the rise across the board”.
Last November, while on the Compass talkshow The Resh Hour, Deloitte & Touche LLP risk advisory directors Alexandra Forssell and Wayne Green noted an increase in business email compromises. They shared some key markers to look out for.
Easterlin urged the community to be extremely vigilant.
“The culprit did not access Jasmine’s bank accounts, but rather impersonated Jasmine staff via email. As a culture, we are so accustomed to communicating completely digitally that we forget that you never know with 100% certainty who is on the other end of a keyboard,” she said.
She also asked anyone who may have the “tiniest sense of unease” regarding any communication coming from the charity to call.
“Most importantly, if you receive an email from any individual, charity or company informing you that their banking details have changed, to stop, think and then call directly to ensure that those details are indeed genuine. A minute could save a great deal of trouble down the line,” she added.
Easterlin said she hopes their story will encourage “everyone, but specifically other community organisations (non-profits, churches, etc) who may not have large, in-house IT departments, to consult with local professionals to ensure their own cyber defences are effective against today’s hackers”.
Related Videos
Mostly this type of hacking is done by an insider or by social engineering. Someone on the inside was tricked onto revealing their Username and Password.