New strategies to curb cybercrime, enhance online experience

THE TIMES KUWAIT REPORT

In a recent statement, the Communications and Information Technology Regulatory Authority (CITRA) announced that it would soon introduce a slew of measures designed to curb mobile phone frauds and other cybercrimes in the country. This follows a spate of instances where individuals and institutions were defrauded by cybercriminals using new and sophisticated technologies and techniques.

Cybercrimes were also a topic of discussion at the Council of Arab Ministers of Communications and Information held in Abu Dhabi on 18 January. Speaking on the occasion, Chairman and CEO of CITRA, Omar Al-Omar affirmed the need for a unified Arab network to develop regional communication systems that provide the quality, security and speed of information transfers to meet the aspirations of users in the region, as well as enhance confidence in the online experience.

According to the latest available figures from CITRA, the mobile penetration rate in Kuwait stood at 158 percent; 130 percent of the population subscribed to mobile broadband services; 99.7 percent of households had access to internet; and 100 percent of the country was covered by Long-Term Evolution (LTE) mobile service — an international standard for wireless broadband communication for mobile devices that improve on the previously used GSM and UMTS standards.

Other online usage data from CITRA show that 82.5 percent of people have social media accounts, 95.7 percent of people use the internet on a daily basis, and 97.7 percent of households own a portable device such as a laptop or tablet. In addition 73.8 percent of households have a smart home device such as a smart TV, and 84.8 percent of households use the internet routers supplied by the Mobile Network Operators (MNO). Moreover, around 95 percent of the country’s population is now covered by the latest 5G mobile service.

Given the depth of mobile penetration and the widespread use of broadband and wireless services in the country, it is no surprise that cybercriminals have increasingly targeted mobile users in Kuwait. The rise in online fraud and other cybersecurity threats in recent years has become an issue of growing concern to the authorities, MNOs, and to the public alike.

Considering the growing number of people using their mobile devices to access various services, including from the government, financial institutions, healthcare centers,,and retail organizations, there is an urgent need for a robust, safe, and secure cyber framework that ensures enhanced broadband, wireless, and online services, while concomitantly thwarting cybercrimes.

In Kuwait, Executive Regulation Law No. 37 of 2014, which led to the establishment of the Communication and Information Technology Regulatory Authority (CITRA), has been the mainstay of cybercrime regulations. The law mandates CITRA to oversee the telecommunications sector, as well as monitor and protect the interests of users and service providers in Kuwait. The Authority is also tasked to license and regulate telecommunication networks and services in the country, while ensuring transparency, equality of opportunity and fair competition.

The increase in cybercrimes and growing threat from cybercriminal groups in recent years, led CITRA to form a dedicated Information Security and Emergency Response Department. The department works in consonance with the vision of the National Cybersecurity Strategy, and is equipped with all necessary administrative and legal authority to exercise jurisdiction over cybersecurity tasks and responsibilities at the national level.

In a recent media statement, Director of Information Security and Emergency Response Department at CITRA, Eng. Layali Abdullah Al Mansouri, elaborated on an ambitious strategy being designed by the Authority to deter mobile fraud, in particular those utilizing phone numbers that impersonate local ones. The new national ‘Caller ID’ project, which will involve all MNOs operating in Kuwait, seeks to impede the phenomena of online impersonation known as ‘Caller ID Spoofing’.

In future when calls originate through any of the MNOs, the name of the network operator will be displayed above the caller’s number on the receiver’s mobile screen. This will help to increase trust in the caller’s identity and put an end to ID spoofing, where voice phishing scammers use a blocked number or a fake or spoofed phone number to impersonate a legitimate person or organization.

The Authority is also collaborating with the Central Bank of Kuwait to authenticate the identities of local and foreign banks, as well as money exchange companies operating in Kuwait. This initiative aims to block avenues for those attempting to impersonate financial institutions. An upcoming phase of the project will include all companies operating in Kuwait under the Caller ID system.

For its part, the government in a bid to increase public sector efficiency and offer enhanced services to the public has made digitalization of public services a key plank of its development strategy. To increase uptake and boost confidence in these digital services, the government has taken several proactive measures designed to provide a seamless and secure transaction process.

However, a major chink in the security chain is the lack of awareness and unsafe online practices of users that make them vulnerable to cybercrimes. To mitigate this drawback, the authorities have sought to raise awareness among the public on the need to employ safe online practices and engage in responsible internet use. In addition, the MNOs as well as the Central Bank and major commercial banks in Kuwait have frequently warned customers against online scams and offered fraud prevention tips.

Despite the multiple awareness campaigns, frequent warnings, and constant media reports of cybercrimes, human frailties, naivety, and sometimes the desire to make a quick profit, has meant that people continue to become victims of cybercriminals.

Meanwhile, cybercriminals are increasingly leveraging the latest digital technologies to capitalize on human failings to commit their various malicious acts, including frauds, scams and identity thefts.

Cybercriminals or groups also exploit vulnerabilities in computer systems and networks to spread viruses, gain unauthorized access, steal sensitive information. They could also disable or disrupt access to online networks and services to make a point, or a profit, or cause financial or reputational harm to individuals, organizations, and governments. Estimates indicate that as much as one percent of global GDP, or around USD800 billion is lost each year to cybercrimes.

Some of the cybercrime tactics employed by online criminals include: Using phishing phone calls, emails, SMS, or fake websites, scammers impersonate legitimate entities such as government agencies, banks, retail outlets and others, to deceive users into revealing sensitive personal or financial information or to make money transfers. Phishing emails may also contain links to other websites that are affected by malware that then gains control over the user’s computer. Some scams may direct users to product sites that offer goods or services at low cost, but then steal the credit card details of the user when they attempt to purchase the product.

Other online scams and frauds occur through attractive shopping scams that fail to deliver; ponzi investment schemes that promise high returns but ultimately defraud investors; and lucrative loan scams that assure easy loan approvals that steal personal information. In addition, social media scams, fake profiles or hack contact lists to request money from users or spread misinformation on the net. There are also instances where cybercriminals hijack computers to propagate illegal activities.

By staying informed and taking basic precautions, users can significantly reduce their risk of falling victim to online fraud. These include making sure to maintain and update computer software and operating systems to benefit from latest security patches; using anti-virus software that can detect and remove malicious threats; employing strong passwords with a variety of characters that are not easy to guess; and changing passwords regularly.

Other steps include refraining from opening attachments or clicking on links from suspicious emails; not revealing personal information over the internet or mobile phone unless you can verify that the destination or person is authentic; contacting companies or banks about suspicious requests for your information; and informing the authorities of cybercrimes or attempts to commit them.

In Kuwait, the Department of Electronic and Cyber Crime at the Ministry of Interior is the responsible entity to receive reports and complaints regarding all cyber crime activities. You can report cybercrime in Kuwait through the Ministry of Interior’s website or by calling their emergency number (+965)97283939. Remember, if some deal appears to be too good to be true, it probably is. If anything seems suspicious online, it is always better to err on the side of caution, and not become yet another victim of cybercrime.