Banks join forces to battle cyber crime
Bermuda’s banks have joined together in the fight against online fraud after an increasing number of e-mail scams on the Island.Criminals use phishing scams, or phoney e-mails, to try and get customers’ personal and banking information, and they’re popping up in the in-boxes of more and more Bermuda banking customers.The scams often mimic the style of legitimate bank communications, using the company’s logo or website style. But the fake e-mails ask the recipient to click on a link and visit a website where they are asked to enter their online banking information.Individuals behind the phishing scam then use the information to commit identity theft or use the customer’s bank accounts.Now Butterfield Bank, Bermuda Commercial Bank, Capital G and HSBC Bank Bermuda have teamed up with the Bermuda Police Service, the Bermuda Bankers’ Association, the Department of Consumer Affairs and the Bermuda Monetary Authority to launch a new consumer education campaign to combat cyber crime.“The incidence and sophistication of phishing attempts against customers of Bermuda’s banks are on the rise,” said Richard Moseley, CEO of HSBC Bermuda and current chairman of the Bermuda Bankers’ Association. “The island’s banks have come together to help educate the public about how to recognise and avoid falling victim to online fraud.”The joint effort comes after a string of cyber crime cases in recent months. In early June, a round of bogus e-mails claiming to be from HSBC made its way into the in boxes of Bermuda online banking customers trying to trick them into passing along their personal information. The e-mail linked customers to a site that looked remarkably like the real HSBC internet banking log-on page and asked them to fill in their username and password.In April, a long-time Butterfield Bank customer told The Royal Gazette she had thousands of dollars from her account stolen after she answered an e-mail asking her to update her online account. Just minutes after she filled in her details, $4,000 was wired from her account to a bank in South Africa.A spokesperson for the company told this newspaper in April that the bank “will NEVER request customers’ personal information, account data or online banking login credentials via e-mail and we will NEVER send customers links to a website asking them to ‘update’ or ‘unlock’ their online banking account access”.“This campaign is particularly timely as online fraud remains a growing issue to both Bermuda businesses and residents alike,” said Ian Grant Tomkins, Inspector with the Bermuda Police Service’s Financial Crimes Unit. “Whilst modern technology has made our financial transactions more efficient, it has also created new opportunities for criminal organisations to exploit.”This new campaign teaches the public how to tell the difference between official bank communications and phoney e-mails, what to do if you receive one. Most importantly, they want to advise their customers that they will never ask for personal information through e-mail. Any customer discovering a phishing attack should report it to their bank and delete the e-mail.“Local residents should be vigilant and aware that they could be targeted by scammers and be prepared to react and report such activity,” said Vance Campbell, chairman of the Consumer Affairs Board. “An informed and savvy consumer is our best protection against scams.”In an effort to step up online security, many banks are now requiring customers to input their own password and a second code generated by an RSA SecurID token that generate six-digit codes at random every 60 seconds.Butterfield banks says right now, the security tokens are only required for customers who wish to do wire transfers, but that they are in the process of providing them to all of their online banking customers as an added measure of protection.HSBC requires a username, the answer to a memorable question and asks for three randomly selected characters of the customer’s password — making it more difficult for hackers to guess.