Cayman under cyber-attack, says ICTA
(CNS): As local telecommunications provider Flow issued another alert about phishing scams impacting its customers, the managing director of the Information & Communications Technology Authority warned that Cayman is being targeted by cyber criminals. Earlier this week Flow warned customers about an email purporting to be from LIME, its previous brand, regarding spam security issues which asked them to click on a link. But this is just one of many problems email users are experiencing. Although the ICTA could not be certain of a connection, Alee Fa’amoe said that there were indications that a data breach last year on Ecay Trade could be linked to other recent cyber incidents.
“What we can say with all confidence is that the Cayman Islands are being targeted by cybercriminals. We have seen very specific phishing attacks where the perpetrators reference local businesses, local banks, or local service providers in an attempt to trick users into clicking on links,” he said. “We have also seen fake websites pretending to be a local bank’s online portal to trick local residents into revealing their online banking credentials.”
The ICTA boss, who has now created CIRT-KY, a dedicated cyber security team at the authority, said the number and sophistication of the attacks has grown over the past year.
“The trend is alarming,” Fa’amoe told CNS. “The authority continues to work closely with RCIPS, CIMA and local internet service providers to combat this growing threat. In addition, the authority serves on a cross-agency government team setup by Cabinet with a mandate to improve and enhance cybersecurity across the public sector.”
However, despite the efforts to combat the cyber-attacks, he urged all businesses and residents in the Cayman Islands to surf the web with caution. He said people need to be wary of emails which claim that “your account has been suspended” or other scare tactics.
“Such messages will invariably ask you to click on a link or reply to the email,” he said. “Do neither. Instead, contact the company or service provider directly by phone, email or by surfing to their website. Most banks will never ask you to confirm your account details by clicking on a link. Unfortunately, a new golden rule of our technology-driven world has emerged: Thou shall not click!” Fa’amoe added.
Flow is continuing to warn its customers to be on alert for any phishing scams but the latest one is posted below. Anyone receiving this or anything like it is urged to delete it immediately.
Category: Crime
Cyber threats are constant. Cayman represents an enticing target because of our wealth, information, political capital, and because many local organizations are associated/affiliated with larger mainland companies. Willie Sutton was asked by he robbed banks. Because that’s where the money is. And if you wanted to rob a bank, would you go after the head office that has 24×7 monitoring, guards, etc or go after the branch office that is only staffed 9×5?
You mean I didn’t win the 10 million dollars in Nigeria???
The Nigeria scams are obvious to most of us. What about the identity info stealing malware that poses as a Chrome update?
Cyber criminals are launching sustained sophisticated attacks that exploit our human error. Ask yourself what am I doing or not doing that helps cyber criminals succeed?
Scammers from abroad are even using ecaytrade pretending to be buyers and asking for personal information to send the money to you. Some advertise FREE stuff then ask for a small compensation to send the purchased equipment from overseas to you.
Saw an interesting one this week it claimed to have been coming from one of the express delivery services concerning a undelivered packaged but after looking at it close the email was note even from that company, and the attachment was a ***.pdf.zip looked at it and smiled, and sent straight to the trash bin.
Did you consider reporting the incident to ICTA?
I have reported incidents to the ICTA head, twice now. Including the information on the eCay hack (there’s more to it really) that prompted this new CIRT-KY body to be formed.
I’ve yet to get a reply from the head person. I’m I wasting my time and energy tracking such breaches? Maybe, maybe not. However, I have a duty to my clients to learn about such hacks, phishing scams, etc, to better inform them and protect their systems.
I’m not sure if I will be bothered to report to the ICTA again, because it doesn’t same like I’ll ever get a reply/acknowledgement that my research is being looked into/considered.
I receive such emails almost daily. They head straight to the Trash Bin.
However at first glance they can and do appear to be legitimate if not scrutinized carefully. Usually there will be grammatical errors that give it away. If you ‘hover’ above the link, the address is a dead give away, though some can be ingeniously deceptive.
In fact I received one today purporting to be from NCB in Jamaica. This too is Trash Bin bound.
What is irritating is the difficulty or non existent email address that such emails can be sent to alert the business in question.
And thanks ECAY Trade…
Our Yellow Pages email has been getting spammed like crazy with malware laced emails. with so called Invoices, Fines, Orders etc. You really just need to look at the email address to know its not legit. Make sure you never open an attachment from anyone you dont know or were not expecting from (as someones email could have been hacked). Make sure every computer at home and the office has there malware and virus protection up to date as ISIS is getting desperate for money and has been increasing these attacks world wide.
“Thou shall not not Click”. I like that saying……….. thank you ICTA for your efforts. You all seem to be very proactive in trying to protect the Caymanian community, not only from on-line cyber attacks but seeing that we consumers get value for money in terms of getting correct internet access speeds from local providers, who charge us for this.
I just got two of these fake e-mails this week just like the example posted. I deleted both and marked them as Spam.
Thank you CNS as well for helping to get the word out in the community.