According to NCB, the emails ask customers to click on a link to update their personal banking information. The link then takes unsuspecting customers to a fake webpage which bears an uncanny resemblance to NCB’s online banking portal, asking them to enter their personal information there.
“If you responded to an email recently asking you to click on a link and provide your personal banking details, please contact us immediately or visit our chargeback portal at email@example.com so that we can help you to secure your account,” urged Lloyd Parchment, Fraud Prevention Manager at NCB.
“We see where fraudsters have been sending emails pretending to be NCB, in an effort to steal customers’ personal information and get access to their accounts, but this can be prevented with a bit of extra vigilance on the part of our customers.”
This kind of fraud, more commonly known as phishing, occurs when scammers try to trick unwary persons into divulging their passwords and other private information via email, the bank said.
According to Lloyd, although NCB continually invests significant resources in the fight against cybercrime, customer vigilance is critical to closing the gap. To this end, he said NCB has taken many steps to educate customers with safety tips and advice on how to protect themselves and their money from cyber criminals.
“Everyone has a part to play in the fight against cybercrime,” Lloyd stated. “So we urge customers to do their part by safeguarding private and personal information such as passwords and PIN numbers, and even their electronic devices, whether it’s a laptop, tablet or smartphone.”
He continued, “We also encourage customers to notify NCB of any suspicious emails, text messages or phone calls, and report any suspicious transactions on their accounts immediately. Do not be afraid to call and double check with us, especially if you receive an unsolicited email asking you for personal information or your account details. That’s something that NCB would never do, so that should be a red flag for all customers.”
The fraud expert, who has over two decades of experience in the field, also shared a few safety tips for customers to use to protect themselves from phishing attacks which, according to the Cyber Security Breaches Survey 2019, published by the UK government, is the most common type of cyber attack.
Safety tips include carefully scrutinising the email address from which the message is sent, and checking for things like grammatical errors and contact information.
“Look carefully at the email address from which messages are sent, because while the display name may say ‘NCB Jamaica Limited’, the email address could be ncbonline.com. NCB only sends you emails from our authorised domain www.jncb.com,” Lloyd said. “Furthermore, you should never give up your personal information over email, or even click on links or attachments that you did not request. Most importantly, if you’re not sure about an email or other message, give us a call to verify things first.”
Lloyd added: “If you haven’t already done so, we are advising that you visit the nearest branch to get your free RSA token, a dual-factor authentication tool designed to protect your account from unauthorised transactions. You can also download what is known as a ‘soft token’ to your smartphone; this adds an extra layer of security to your account when you use internet banking.”
Since 2016, NCB has invested over $2 billion in global technologies and certifications, and added a number of advanced security features to its fleet of automated banking machines (ABMs) and Bank on the Go kiosks.
Other measures taken against fraud include the issuing of chip-enabled EMV cards, and the implementation of RSA SecurID, a world-class dual factor authentication technology designed to enhance the protection of customers’ online banking accounts. NCB continues to invest in fraud analytics tools and monitoring, and affected customers are typically reimbursed within four days, or less.