19 December 2024 03:50 am Views - 70
| These unregistered and unsolicited offers extend to fixed deposits and even inviting to invest
Contact databases sold to marketing agencies? People ought to be vigilant too – SLCERT official One scam, where many people have been trapped is the parcel scam |
These unregistered and unsolicited offers extend to fixed deposits and even inviting to invest.
|
Charuka Damunupolla
|
Going on for months now, the public is left wondering as to how their numbers went into unknown hands.
Charuka Damunupola, the Lead Information Security Engineer, for Sri Lanka Cyber Emergency Readiness Team (SLCERT), revealed that for this year an estimated 2060 cyber complaints (emails and websites), calls and SMS’s have been recorded.
Scams and offers
“One scam, where many people have been trapped is the parcel scam. You receive a message saying there is a parcel for you, and because of the incorrect address, the parcel has been returned to the post office. If you want to collect the parcel, go through this link,” he said.
“That link contains a phishing website that looks like a post office website. That website will ask you to enter the correct address, postal fee and credit card number. Many have fallen to this, expecting deliveries”, he added.
“Many people think that these are genuine calls and messages,” Damunupola said while explaining the plight of the people.
Interestingly, he divulged that these scammers don’t solicit any fee, therefore people have become willing victims. From those, cyber criminals have gone in creating fake profiles and identities.
An instance where an unsubscribed message has bothered a mobile phone user
Do’s and the don’ts
Answering questions about the do’s and don’ts regarding this issue, he highlighted the need to be aware.
“If you look at the victims, it’s not just a particular group. There are professionals among victims. If you look at the areas, it’s all around the country,” he said referring to his analysis. He added, “Be well aware of what you’re sharing. Whenever you’re asked to share, check whether what you’re sharing is personal and whether it’s okay to share”. He called on the people to following his advice.
Damunupola urged the people to have a clear idea about what they’re sharing.
“Also, no matter how much we tell, the public also needs to have a clear idea on where to report incidents. Most of these cases can be investigated by the police. In some cases, they’ll have to be investigated by the CID,” he said.
Know your customer
Explaining as to how to reduce these incidents, he advised that businesses need to strengthen their Know Your Customer (KYC) process in both opening bank accounts and getting sim accounts.
KYC is a set of procedures and protocols that businesses use to verify the identity of their customers. This is a fundamental framework for maintaining transparency, integrity and security. It’s designed to prevent illicit activities such as money laundering, fraud and financing illegal activity.
“When we try to investigate, we see a clear gap in the process since we work closely with the police. “In most of the cases, (original) owners are not aware and in certain cases, account information of deceased people are being exploited. The main reason for all these is because, we don’t have a strong KYC process. There are some bank accounts too and the KYC process is not strong as others. The cyber criminals will have a clear idea about the banks and financial institutions,” he elaborated.
The menace caused by marketing agencies
“The main thing is that people need to have a clear idea of when and where to feed in their telephone numbers specially in raffle draws. We’ve seen people collecting this information for raffle draws and there is a particular place that you feed your number. We’ve resources to believe that, these collected information can be used by marketing agencies. Or they are going to sell these to marketing agencies – this is one thing,” he explained.
Explaining about another method, (for an instance) when we register our number with a hospital, they actually share with an insurance company. They have this agreement with other parties where they will use it for marketing purposes.
“A simple example could be, your number is getting calls to sign up for iTunes or Dialog or services we have not subscribed for. So, this has become a huge issue and getting calls and offers from unregistered and unsubscribed places can be very disturbing from a customer point of view,” he said, picking up the pulse of the people. “Users are only clueless as to how their numbers reached business agencies,” he echoed, reflecting on the question on the people’s minds.
He raised a valid point, to start with, claiming that these days, messages received also carry an option to stop or opt-out of with regard to services people have not registered with.
Explaining through a real-world example, “These messages are anyway sent through a registered business name and number; for example, Pizza Hut. To send those kinds of messages, the business entities should be subscribed with Mobile Service Providers (Dialog, Mobitel etc etc – MSP). Telecommunication Regulatory Commission (TRC) also should be aware. Since these are services that may not be saved on a phone, they have to be registered with the Sri Lankan MSP”.
According to him, the TRC also has responsibilities and they’re also trying to implement the procedures. He emphasised that he was not speaking on behalf of the TRC.
A lot of people are complaining regarding this matter and he also urged to report to the TRC on nuisance messages.
The Personal Data Protection Act is to be implemented in early-2025. Therefore, he hoped the situation would improve with time.