Can you imagine your life without the use of the internet or cellphone? Probably not! Emails and other electronic devices have become such critical vehicles for communicating and doing business that it is hard to imagine how we ever lived without them. Unfortunately, as great as the internet and other electronic devices may be, they have also become vehicles for scams, viruses and more recently in the workplace, a tool used by employees to engage in character assassination of each other via social networks, online harassment and cyberstalking.
Last week I sat in horror and listened as one of my international clients relayed a story that was so mind blowing, I felt like I was watching a cloak and dagger espionage movie! Obviously the story is too long to relay in this forum but here is the abridged version. My client was a victim of email spoofing! Exactly! I didn’t know what is was either but apparently email spoofing “is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.” In other words someone could send an email pretending to be you and the receiver would have no reason to believe that it was not you because the sender would be using your email address! Yep it could happen! Needless to say my client was in the hot seat and almost lost her job when she was confronted by the President of the company for supposedly sending mass emails to the entire staff highlighting the fact that he was “clueless, incompetent, lacked vision and was running the company to the ground.” Luckily for my client someone in the IT department decided to run a trace on the IP address of the email and was able to track it to its real sender – a disgruntled employee who was recently demoted – go figure!
Having been a victim of online harassment and cyberstalking myself recently, (and for those of you who may not know what cyberstalking is, Ladies and gentlemen “Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress.” Wikipedia)
I knew exactly what my client was going through and how quickly these so called “I was only joking, I didn’t mean anything by it, somebody needed to tell him or her what was going on, somebody needed to expose him or her, I wanted to express my love (feel free to add any other twisted reason here) could escalate out of control.
So this week I interviewed Royal Bahamas Police Force Cyber Crimes guru, Sargent Dale Strachan, to shed some light on this growing problem. Here is what he had to say:
Question: Have you seen a rise in cybercrimes in The Bahamas, eg. on Facebook, Twitter and other social networks?
Answer: Yes. We have seen a rise in cybercrime in the following areas:
Threats of harm or death
Emailing of slanderous images or comments
Email hacking
A crime called phishing (Where a website is created to look like the original but it is actually a fraud.) This fake site is use to gather personnel information from unsuspecting persons to defraud them of money. These complaints are mainly from foreign victim reporting that a financial institution situated in the Bahamas posted the site.
Question: Why do you believe we are experiencing such a spike in cybercrimes? What seem to be the motive/s of the perpetrators?
Answer: The fact that the perpetrator thinks his/her identity will remain anonymous seems to be the driving force. Ultimately the perpetrators intent is to embarrass the victim or put them in fear.
Question: Is sending malicious or defamatory emails a crime in The Bahamas? Define malicious, define defamatory.
Answer: Yes both are crimes. Malicious is defined as nasty, hateful, mean, wicked, cruel emails continually being sent to the annoyance of the receiver. Also referred to as annoying email, malicious emails are similar to a common offence known as annoying telephone calls. We can add that emails threatening or implying harm or death is also an offence and amount to threats of harm or threats of death. Defamatory is defined as slanderous, derogatory emails that are distributed to other and used as a vehicle to attack a person’s character.
Question: What recourse does the receiver of malicious or defamatory emails have? Can they seek Police help?
Answer: Depending on the offence committed victims have the following recourse:
Police action can be taken
You can have the person bond-over to keep the peace
You can take civil action in a court / file a law suit
You can report the email address of the sender to the hosting company as abuse and it will be removed
Question: How can you track the sender of a malicious email?
Answer: The sender is tracked by the header information (contained in the original email.)
Question: What suggestions can you give persons to safeguard their email accounts?
Answer: Many persons in the Bahamas reported that their email accounts were hacked. Our investigation proved that the following methods were used to obtain their personal information:
Individuals received a “pop up” asking them to reset their password information. The “pop up” claimed that if the password was not reset that the individual would loose his/her account. Once the password is reset hackers have full access to your account.
Individuals received a “pop up” asking for personnel information. Specifically the question that were used when you created your account. Once you answer these questions you give hackers access to your account
Using public computer - When you “log off” a public computer, persons can come behind you and run a password recovery software and extract your information.
Using computers at friends house or the work place, to access you email account - Again the password can be extracted using a recovery software. In the workplace many companies have software installed on computers that monitor employee action online. These software also capture password information.
Your wireless network – When you put a password on it, anyone with access to your network also has access to all of the computers on that network and they can “sniff” traffic to capture you password.
Be aware of putting other people’s jump drives in your computer. These jump drives may contain programs that auto run with one purpose - to extract all password information that might reside on you computer.
Do not accept the browser suggestion to save password.
Set the cache on your browser to delete on exit.
