Jamaica: Scammers defraud National Commercial Bank clients worth $22 million

As per reports, phishing attempts have scammed National Commercial Bank (NCB) clients of at least $22 million in Jamaica. Dane Nicholson, Manager for Special Investigations in the bank's Fraud Unit, revealed that more than half of this amount was scammed just over a week ago.

"So, during the last ten days or so, we've seen close to $18 million, but throughout the year, from January 1 to now, consumers have lost around $23 million to phishing and phishing attempts," Nicholson explained.

Phishing is a type of scam in which criminals send phoney SMS or email communications to deceive consumers into divulging sensitive information about their bank accounts.

The money that was taken during the last ten days, according to Nicholson, came from the accounts of approximately a dozen consumers.

According to him, the police are cooperating with the bank's investigations, and one person has been arrested in connection with the attacks so far. He expects additional arrests in the future.

The bank has been compelled to implement new policies as a result of the attacks. Nicholson explained, "We have instituted a no click, no link policy."

"So, whenever clients receive these SMS or email communications with a link requesting them to click on it, please do not click on it because we have a no click, no link policy," says the company.

According to Nicholson, the scammers would send clients messages claiming to be from NCB. The notifications would instruct consumers to click a link to reclaim access to their accounts, reset passwords that were due to expire or validate the information in response to a suspected transaction.

When they click, they are taken to a screen that looks like NCB's login page, where they are requested to enter their username and password. The link would time out, or they would receive an error message as a result of this.

"In that phishing attack, they would have provided their username and password. This is where the fraudster would gather enough information on the customers and then phone them again to pose as a bank employee," he stated.

"And we've seen where they've called clients purporting to be me, Dane Nicholson, and asked them to check suspicious transactions and submit their token number to halt the scam. When clients supply their stolen code, fraudsters have enough information to add beneficiaries to their accounts and carry out fraudulent transactions," said Dane Nicholson.

According to Nicholson, the page also redirects users to another page that asks for their 16-digit credit card number, CVV number, and expiration date in some cases.

He said that the bank has recognised some of the victims of the attacks. "Others have contacted us to report that they clicked on the link and that people have called them and given them information. "As a result, those clients have reported the problem to us," he explained.