Fraudsters ‘steal data’ from Bahrain company, seeks ransom

TDT | Manama   

The Daily Tribune – www.newsofbahrain.com

Staff Reporter

A leading private company in Bahrain has filed a complaint with the National Cyber Security Centre after its vital data was allegedly stolen by scammers. “Our main server experienced an intrusion.

The intruder or intruders encrypted all the files and database on the server and have placed a note as a ransom against accessibility and retrieval of the files and data,” a letter written by the company to facilitate internal communication, said.

“An investigation is still in progress and we are waiting for the conclusive findings from the authorities. Although we are unaware of any actual misuse of information, we are providing notice to you and other potentially affected customers and suppliers about the incident, in order to protect against possible fraud,” the letter adds.

Step up protection mechanisms

Speaking to the Daily Tribune, a cybersecurity expert Muhammed Shiras said all companies, both private and public, must step up their protection mechanisms as scammers are on the prowl in the region.

“There is not a single established firm that is not at risk. Cyber scammers can deceive employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear.

“Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malware to lock organisations’ files and hold them for ransom.”

“A more vigilant and conscious approach is advised for all the staff of public and private firms. One false click can take you to another unknown strange world compensating the company’s money, privacy and data. Before following any account, try to check their pages, posts, followers, interest etc to verify their authenticity. And never click any malicious links before reviewing the background.”

Iranian malware targets

Bapco A few months ago, the Bahrain Petroleum Company (Bapco) was targeted by scammers, suspected to be sponsored by Iranian regime, who planted malware in the company’s network designed to delete data from infected computers.

The data-wiping malware called ‘Dustman’ was allegedly used to target the company website.

Online banking fraud

The Daily Tribune has been carrying many reports in the last few months about fraudsters targeting the online banking and financial transaction network in the Kingdom.

The published articles carried the plight of many citizens and expatriates, who together lost thousands of Bahraini dinars to the scammers. Most of the victims have launched a complaint with the police department, pleading for an intense probe into the matter.

It is learnt that many banks are flooded with calls from frantic customers saying they have been conned out of their money by scammers after hacking their bank accounts or fund transfer system. Earlier, speaking to The Daily Tribune, Ali Beshara, the Head of Information Security and Risk Management at The BENEFIT Company, attributed the rise in online fund transfer scams to lack of alertness from the part of users.

Mr Beshara also pointed out that this kind of cybercrime involves ‘social engineering’ - a term used by information security professionals to describe the action from the part of hackers, who deploy their highest social engineering skills to get information, which is supposed to be kept secret, private and never shared, from their victims.

Call for unified payment interface

Cybersecurity experts have always been highlighting the need to protect Unified Payment Interface and online transactions from scammers in light of increasing online payments.

They include not responding to calls and text messages from strangers along with putting up different passwords on different accounts and UPI apps. The Central Bank of Bahrain, many a time, has carried out campaigns and circulated messages alerting over the possibility of falling victims to online fraudsters.