80% complaints SLCERT receives are related to social media

By Rathindra Kuruwita

Approximately 80 percent of the complaints Sri Lanka Computer Emergency Readiness Team (SLCERT) receives are related to social media, Senior Information Security Engineer at SLCERT, Charuka Damunupola said.

Apart from this, there are complaints of hackers entering websites and deleting data, and ransomware as well.

“Now there is a lot of discussion on phone hacking. These are mainly phishing attacks,” he said.

Phishing attacks are fraudulent emails, text messages, phone calls or websites that are designed to trick users into downloading malware, sharing sensitive information or personal data (for example, Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organizations to cybercrime.

Damunupola said last year they received 31,548 complaints, most of them are issues that arose during social media usage.

“There was a marked increase in online scams. We received 1,609 such complaints. We can divide these scams into several subcategories. You may receive a link by someone who promises you a foreign job. Once you click the link you are taken to a website that asks you for documents such as copies of your NIC, birth certificate, passport, etc. You may pull back at the last moment and not pay them any money, but you are giving very sensitive personal information to malicious third parties. There are many things that such malicious people can do with such sensitive information,” he said.

Damunupola said cyber-criminal can use the copy of an NIC and open an online banking account. If that account is used for criminal activity, investigators might end up suspecting the person whose NIC was used.

“There is currently a scam that is targeting journalists these days. You may receive a message from someone in your friends’ list saying that he or she has applied for a journalism programme that requires votes from his or her Facebook friends. Then you will receive an OTP and the person that reached out to you will ask for the OTP. This is usually the OTP Facebook sends when someone requests a password reset. The moment you give the OTP away, you lose access to the Facebook account,” he said.

Damunupola said that during COVID parents had to buy devices and internet access for their children. There have been many instances where children have used credit cards of their parents for micro transactions, i.e., where users can purchase in-game virtual goods with micropayments. He added that most people are being lured to pyramid schemes in the guise of investing in cryptocurrencies.

“We can’t turn back the clock now. Smartphones have now become indispensable. The entire country was exposed to the QR system during the fuel crisis. We just need to know the limitations and the dark side of technology. Parents also need to think about being a gatekeeper as regard to what the child has access to,” he said.

Damunupola said Sri Lankans must also be weary of what they post on social media. They also need to be weary when taking photos that may compromise them at a later date.

“There are many instances where people at phone shops recover very personal photos and misuse them.