A common front against cybercrime

Thousands of Puerto Ricans experience unfortunate conditions due to the different effects of the COVID-19 pandemic which becomes fertile ground for Internet-facilitated fraud schemes primarily targeting unemployed people or older adults seeking government financial assistance.

The risk of exploiting the misfortune of the most vulnerable demands measures to protect these citizens with basic and safety needs from suffering further damage resulting from identity and public assistance theft.

The Banker Association warned that scamming and other criminal practices that have increased include "phishing" or "smishing" attacks- the use of calls or text messages – asking for personal information and payments in exchange for processing requests for local and federal assistance.  The situation has prompted the government to repeat and insist that businesses or individuals requesting assistance must use only the government's official digital platforms. Not sharing personal passwords or delegating these procedures to others are crucial protections.

Asking for donations to allegedly help charities, but which turn out to be for illegitimate organizations, is another form of digital fraud. Other unscrupulous people assume the false identity of doctors or health professionals to obtain payments for treatment to third parties or the sale of fake treatments against COVID-19.

Social distancing measures seeking to fight the spread of COVID-19 have increased interaction time in the virtual world, as part of working hours or when carrying out essential personal or leisure activities. Therefore, the government, businesses, and citizens need to avoid circumstances that make them easy targets for cybercrime. Stricter operational protocols and retraining staff to prevent malicious programs or harmful viruses from affecting digital structures will be highly appropriate.

Government agencies and private companies in Puerto Rico have already seen attacks on information systems seeking to access confidential files or modify data. Proactive cybersecurity responses have prevented extreme harmful impacts. But in other situations, the loss of valuable information led to paralyzing or hampering operations.

In 2016, the Treasury Department's Virtual Collection program was the target of a cyberattack, however, the government said the integrity of the data was not compromised. Similar attacks were recorded in 2018 at the Electric Power Authority and other agencies called upon to strengthen their systems. The Treasury, for example, recently completed the modernization of the Unified System of Internal Revenue, which it claims operates with greater anti-fraud protections. However, substantial improvement of the entire state's cyber infrastructure is still pending.

As for citizens, it has been unfortunate that some have lost moneyor the possibility to receive immediate state and federal aid, such as Social Security, as well as banking, commerce, or other services, because of identity theft or other remote criminal attacks.

Private and government security experts warn of new attacks based on artificial intelligence. Authorities will need to be vigilant and confront criminal trends to neutralize them on time. An aggressive cyberattack has the potential to block or steal files with millions of pieces of data.

It is up to citizens to avoid sharing personal passwords and giving personal information when asked security questions by phone or online and to strengthen controls on accessing their accounts. Meanwhile, businesses and the government are called to strengthen their information systems' security infrastructure in the face of cybercrime attacks.