An increase in Scams and Cyber Attacks hitting Malta

Earlier this year, in January, Malta’s Police Cybercrime unit issued official statistics related to cybercrime involving local individuals and companies as victims. Over the past three years more than 4,500 cybercrime investigations were opened.

Following are the main stories that made headlines over the last few years vis-a-vis cyber security in Malta:

In March 2015 Melita’s website was hacked and hackers showed messages in favour of ISIS on its homepage. The website was hacked by Team System DZ, which group used the message “I am Muslim and I am Jihad. I love Isis”. The attack was a front-end issue and no customer data was affected. This kind of attack is commonly referred to as defacing of the homepage.

Phishing attack on a major bank

During March 2019 Bank of Valletta fell victim to a cyber attack whereby funds were moved into foreign accounts. BOV shut down all its operations until the situation was rectified. It was an attack through phishing emails, whereby hackers posed as the French stock market regulator to break into the Bank’s IT systems. The hacker group that carried out the heist is referred to as EmpireMonkey. These phishing emails are a regular occurrence, wherein attackers try to infiltrate an organisation’s systems through social engineering.

Elaborate Email Scam

During Q2 this year two business owners were defrauded around 90,000 euros through a sophisticated email scam. Cyber criminals had hacked into their Outlook accounts and manipulated emails being exchanged.

Hackers changed details on suppliers’ requests for payments to divert transactions and the flow of funds to the destination of their choosing. The emails and instructions within the email looked genuine and hackers socially engineered the fatal email on the lines of: ‘listen we’ve since updated our banking details and mistakenly sent you the old one. Can you send the payment through to these accounts provided’. Hackers would have been monitoring email correspondences and interfering to manipulate emails to their advantage – to steal funds in this case!

Always be vigilant and never click on links and/or download files when in doubt.

SMS Fraud

Tens of individuals were scammed during the past two months, via scam text messages posing to be official notifications from banks, logistics and freight companies and postal operators. These scam text messages and emails are sent to personal mobile numbers and email addresses and according to an article published on the Times of Malta (13/06/21) the Cyber Crime Unit stated that over 200 people were defrauded over one hundred and fifty thousand euro (between them) after falling victim to SMS and email scams.

SMS or emails are received (by the victims) with company logos, such as DHL and MaltaPost, informing the recipient that they have received a parcel, and to follow a link and pay an administrative fee for the package to be delivered to their doorstep. On clicking the link the victims are taken to a fake landing page where they are asked to input their credit card details.

The cyber criminals behind this scam racket take a much bigger amount from the credit cards, than the amount stipulated in the fraudulent email. This kind of attack is called SMSishing which is a combination of SMS and phishing. It is a common type of social engineering attack.

Malicious Adverts on Social Media

Another common type of cyber crime, which increased in occurrence during the Covid-19 pandemic, was the use of adverts on social media platforms such as Facebook with greatly discounted prices. Users would click-through a fake e-shop. One can identify these online shopping scams when offers are too good to be true.

Whenever you doubt the veracity of such a company and offers, never transact on such e-commerce sites.

How to avoid cyber crime

• Ensure links are genuine; when in doubt do not click.
• When in doubt, contact the original company.
• Block suspicious messages.
• When suspecting that you fell victim to a scam, call your bank (or service provider) immediately to stop your card/account/transfer.
• Get in touch with the Police Cyber Crime Unit to file a report or to ask for assistance.

At business-level, always be proactive, carry out an overall cyber security assessment of your business and train your staff to be cyber aware. Speak to us!