A number of clergymen here have fallen prey to fraudsters - some of them operating from right here on the island - who have hacked into their e-mail accounts and sought to swindle money from contacts listed in their address books.


"There have been about six or seven ministers in recent weeks, including the general secretary of the Jamaica Council of Churches (JCC), who have been affected," JCC President Rev Karl Johnson told the Observer last week.

The other names include Revs Devon Dick of Boulevard Baptist Church; Peter Garth of Hope Gospel Assembly; Len Anglin, executive chairman of the Church of God in Jamaica; Stanley Clarke, bishop of the Moravian Church in Jamaica; and Garth Minott of the United Theological Seminary.

Detectives assigned to the Cybercrimes Investigation & Research Unit of the Jamaica Constabulary Force said they have received reports numbering into the "upper teens" from "influential people" across the country over the past year. Included in this list they said, were members of the clergy, ambassadors and their relatives, politicians, entertainment managers, lawyers, business people and at least one doctor.
"The first case reported to us was by a weather forecaster and since then we've been seeing too many," Detective Sergeant Patrick Linton told the Observer.

"It's perpetrated by persons sending phishing e-mail. It is sent to many, many persons from sites masquerading as Microsoft Hotmail or Yahoo for example, to say that the particular company wants you to update your account, or to say you might have travelled somewhere abroad and your e-mail might have been compromised so you should change your credentials," he explained.

The term phishing is the process of attempting to acquire sensitive information such as user names, passwords and credit card details by pretending to be a trustworthy entity in an electronic communication environment. It is a world-wide phenomenon which is usually done by e-mail or instant messages but also occurs with banking and other sites that require financial information.

"The page with the request will look like [the legitimate one] with all the logos and the updates field so you put in your current password and there's also a field to enter the new one. When you hit that submit button however, the information does not go to Microsoft or to Yahoo but redirects to another address," Linton explained.

"When they get your password, they log in immediately to your account and watch the kind of communication that you make. The trend that I've noticed is that they tend to send e-mail to people who are more influential. They track the trend of your e-mail to see what you talk about, who you e-mail, the kind of business you're in and as such, after a few days, they lock you out of your account, change your security test questions, and then start sending mail to all of your contacts, asking them to send money," Linton said.

This was pretty much the experience of the clergymen to whom the Observer spoke last week. The text of the various e-mail in their cases have generally said the men were either travelling abroad and had lost their wallets, becoming effectively stranded, or that a relative was very ill and they needed money for hospital fees.

In the case of Rev Dick, one of the most recent victims, the following message - dated Wednesday, May 6, and with the subject line marked "URGENT" - was sent to his contacts:

"Hello, how are you doing? Hope all is well. I'm sorry that I didn't inform you about my travelling to England for a seminar. I need a favour from you as soon as you receive this e-mail because I misplaced my wallet on my way to the hotel where my money is and other valuable things were kept. I will like you to assist me with a loan urgently. I will be needing the sum of $2,200 to sort out my hotel bills and get myself back home. I will appreciate whatever you can afford to help me with. I'll pay you back as soon as I return. Kindly let me know if you can be of help so that I can send you the details."

Speaking with the Observer last week, the Rev denied that he had anything to do with the e-mail and its request for money. He said he had not even been to the United Kingdom recently.

"They hacked into my e-mail and have sent it [request] to people all over the world. I have reported it to the police and we will be working together to try and catch the person who is responsible," he said. "Fortunately no one has been caught, because those who have thought of sending money called first to find out exactly where I was and I was able to tell them it was a hoax."

Rev Garth, who is also vice-president of the Jamaica Association of Evangelicals, explained what happened in his case.

"Mine was that my brother in England was to do surgery and he needed £2,000 extra to do it," said Garth. "I have not heard anybody in Jamaica say they got the message, but people in the US and Canada have got it."

Rev Garth said he does have a brother in England but that he was not sick or scheduled to do any type of surgical operation. And, he said, on occasions where he has sent out requests for funding, he always made sure to ask that the cheques be made payable to his church, Hope Gospel Assembly, since the basis for the request has always been church-related.

"Actually, somebody was going to put up £1,000 and he kept calling me but I had been travelling so initially he didn't get me. When he finally did I told him it was not true," said Garth, adding that he subsequently sent an e-mail from a new account to advise his e-mail contacts about the breach.

Reverend Harriott remembers clearly the phishing attempt on his own e-mail account.

"I was online and got a message that I was to confirm my e-mail so it wouldn't be discarded, something to that effect," he said, explaining how he went ahead after brief hesitation.

"Sometime afterward, I don't remember how long after, I just could not get into my account and then somebody sent me a mail to say that there was this letter circulating in my name. He had got it and I asked him to send me a copy of what he received so I could see it.

"It said I had an aunt who was very sick and needed some money and was asking persons to send, so I asked him to send a message to everybody in his box to say there was no truth to that. Fortunately, I had a radio programme that night and I went on air to say there was no truth to it.

"After a while I was able to retrieve my Hotmail account," he said.

Neither Garth nor Harriott made official reports to the police.

Earlier this month, contacts of Rev Anglin received a message advising that neither he nor his wife were behind any request for money with their names on it.

"Dear all, our e-mail address has been compromised and someone has been sending letters of request for money. Please disregard. We are not in the UK, we are right here in Jamaica," he said in that message.

The JCC, the umbrella group for churches in Jamaica, and the police agree that it doesn't necessarily mean church folk are being specifically targeted by online fraudsters since other groups of people have been affected as well.

"I don't know if we are targeted in anyway different from anybody else but all the people I know of who have been affected have been clergymen," Rev Harriott said.

According to Detective Sergeant Linton, most of the phishing activity is being perpetrated from Nigeria, the West African country notorious for other types of cyber crimes including the 419 lottery scam. But, he said, investigations so far have shown that some of them are being done from within Jamaica.

<span style="font-weight: bold">&quot;It's the same Nigerian scam but a lot of it is being done from right here in Jamaica.</span> Fake websites are being set up here to say there's a job offer here,&quot; said Linton. &quot;They advertise positions for engineers and all that. I got a report from some Germans who came here about a month-and-a-half ago, who were stranded because they came on that job offer. They had to send money to pay for a lot of stuff but when they came no jobs were here, so they got scammed.&quot;

The case, he said, was still being investigated but he admitted that there was some amount of difficulty apprehending phishing perpetrators in general, owing to the &quot;nomadic approach&quot; of their operations. Police are, however, hopeful, given collaboration from the Nigerian High Commission, Interpol and Scotland Yard.

&quot;Organised crime is taking on a new face in Jamaica and with the advent of technology these kinds of crimes are being perpetrated by cell phones and by the Internet.so persons need to be vigilant,&quot; the cyber crimes cop said.

Outside of the Electronic Transactions Act, there is as yet no legislation in Jamaica that speaks specifically to conduct over the Internet. Currently, law enforcement officers use common law legislation such as the Fraud Act with respect to phishing and other cyber crimes.

Tips to protect yourself from phishing and other types of cyber fraud:

. Look for &quot;s&quot; at the end of &quot;http&quot; in the address bar. The &quot;s&quot; means secure socket layer which is a type of encryption.

. Look for the padlock icon on sites that require financial information such as credit card numbers.

. Never ever click on a link from inside an e-mail to go to a website. Go to the site by typing in the URL yourself.

. Make sure have updated anti-virus software.

. Never send money to anyone to redeem a prize from a lottery you may or may not have entered.