In a brazen attempt to steal information from customers at the National Commercial Bank Jamaica Limited (NCB), fraudsters have sent out a series of cleverly disguised e-mails to customers asking them to click on a link to update their personal banking information. The link then takes unsuspecting customers to a fake webpage which bears an uncanny resemblance to NCB’s online banking portal, asking them to enter their personal information there.

“If you responded to an e-mail recently asking you to click on a link and provide your personal banking details, please contact us immediately or visit our chargeback portal at chargeback@jncb.com so that we can help you to secure your account,” Lloyd Parchment, fraud prevention manager at NCB, said via news release.

“We see where fraudsters have been sending emails pretending to be NCB in an effort to steal customers’ personal information and get access to their accounts, but this can be prevented with a bit of extra vigilance on the part of our customers.”

This kind of fraud, more commonly known as phishing, occurs when scammers try to trick unwary people into divulging their passwords and other private information via -mail. The Cyber Security Breaches Survey 2019, published by the UK government, revealed that this was the most common type of cyberattack.

According to Parchment, although NCB continually invests significant resources in the fight against cybercrime, customer vigilance is critical to closing the gap. To this end, NCB has taken many steps to educate customers with safety tips and advice on how to protect themselves and their money from cyber criminals.

“Everyone has a part to play in the fight against cybercrime,” Lloyd stated. “So we urge customers to do their part by safeguarding private and personal information such as passwords and PIN numbers, and even their electronic devices, whether it’s a laptop, tablet or smartphone.”

“We also encourage customers to notify NCB of any suspicious e-mails, text messages or phone calls, and report any suspicious transactions on their accounts immediately,” he said. “Do not be afraid to call and double-check with us, especially if you receive an unsolicited e-mail asking you for personal information or your account details. That’s something that NCB would never do, so that should be a red flag for all customers.”

The fraud expert, who has more than two decades of experience in the field, also shared a few safety tips for customers to use to protect themselves from phishing attacks. These include carefully scrutinising the email address from which the message is sent and checking for things like grammatical errors and contact information.

“Look carefully at the e-mail address from which messages are sent because while the display name may say ‘NCB Jamaica Limited’ the e-mail address could be ncbonline.com. NCB only sends you e-mails from our authorised domain www.jncb.com,” Parchment said. “Furthermore, you should never give up your personal information over e-mail or even click on links or attachments that you did not request. Most importantly, if you’re not sure about an email or other message, give us a call to verify things first.”

“If you haven’t already done so, we are advising that you visit the nearest branch to get your free RSA token, a dual-factor authentication tool designed to protect your account from unauthorised transactions,” he added. “You can also download what is known as a ‘soft token’ to your smartphone; this adds an extra layer of security to your account when you use internet banking.”

Since 2016, NCB has invested more than $2 billion in global technologies and certifications, and added a number of advanced security features to its fleet of automated banking machines (ABMs) and Bank On The Go kiosks, according to the news release.

Other measures taken against fraud include the issuing of chip-enabled EMV cards, and the implementation of RSA SecurID, a world-class dual factor authentication technology designed to enhance the protection of customers’ online banking accounts. NCB continues to invest in fraud analytics tools and monitoring, and affected customers are typically reimbursed within four days, or less, the news release said.