Stay Sharp: Your Phishing and Smishing Survival Kit Body
Cybercriminals are getting smarter but so can you. The National Computer Incident Response Team of The Bahamas (CIRT‑BS) has launched the Phishing and Smishing Survival Kit to help you spot
CIRT‑BS Advisory: Beware of Fraudulent NIB Smart Card Renewal Text Scam
CIRT‑BS warns the public about fraudulent messages impersonating the National Insurance Board (NIB). These scams aim to deceive recipients into clicking unsafe links or sharing personal information under the guise
Smishing vs Phishing: Understanding the Dual Threat
Cyber‑criminals continue to evolve their tactics, targeting both mobile and desktop users. Smishing uses SMS or messaging apps to lure victims into clicking fraudulent links or sharing sensitive data. Phishing
Advisory: Fake Traffic Fine Payment Scam
The National Computer Incident Response Team of The Bahamas (CIRT-BS) is aware of fraudulent websites impersonating legitimate government services and attempting to collect fake traffic fine payments. These scams use
Bahamas Election Security Awareness 2026
Daily Election Checklist: Stay Informed. Stay Secure. Verifying information is everyone’s responsibility: Follow updates from official government channels and the Parliamentary Registration Department Rely on verified Bahamian news outlets for
Child Online Protection Webinar: A Conversation That Matters
On May 20, 2026, the National Computer Incident Response Team of The Bahamas (CIRT‑BS) will host the Child Online Protection Webinar, uniting international experts to explore how we can build
Stay Sharp: Your Phishing and Smishing Survival Kit Body
Cybercriminals are getting smarter but so can you. The National Computer Incident Response Team of The Bahamas (CIRT‑BS) has launched the Phishing and Smishing Survival Kit to help you spot fake messages before they trap you. Verify the URL: Official Bahamas government websites always end with .bs or .com. Spot the fakes: Beware of look‑alike domains such as .bs.com or .lbs — they’re designed to
CIRT‑BS Advisory: Beware of Fraudulent NIB Smart Card Renewal Text Scam
CIRT‑BS warns the public about fraudulent messages impersonating the National Insurance Board (NIB). These scams aim to deceive recipients into clicking unsafe links or sharing personal information under the guise of renewing their NIB Smart Card. The National Insurance Board has officially confirmed that it does not send renewal notifications via text message. Any message requesting Smart Card renewal through a link is fraudulent. How
Advisory: Fake Traffic Fine Payment Scam
The National Computer Incident Response Team of The Bahamas (CIRT-BS) is aware of fraudulent websites impersonating legitimate government services and attempting to collect fake traffic fine payments. These scams use social engineering tactics to create fear, urgency, and pressure individuals into submitting sensitive financial information online. To help protect yourself: ✔️ Verify traffic fines only through official government channels ✔️ Carefully inspect website addresses before
Actively Exploited SQL Injection in FortiClient EMS
ⓘ We are reaching out to let you know that a critical, actively exploited vulnerability has been identified in Fortinet’s FortiClient EMS platform. Attention constituent: A vulnerability has been discovered in Fortinet’s FortiClient EMS platform that allows a threat actor to run unauthorised commands on the server by sending a specially crafted web request. Active exploitation of this vulnerability has been confirmed by threat intelligence
CISCO AsyncOS Zero Day Vulnerability
ⓘ We are reaching out to let you know that there is a newly identified advanced persistent threat (APT) that has been exploiting a zero-day vulnerability in Cisco email security appliances that run AsyncOS. Attention constituent: There has been a newly identified APT, that has been exploiting a zero-day vulnerability in all Cisco email security appliances that have AsyncOS as their underlying operating system. AsyncOS
Threat Actors Hijacking Microsoft Teams Accounts
ⓘ We are reaching out to let you know there is a vulnerability in Microsoft Teams that allows threat actors to impersonate valid users. Attention constituent: A vulnerability in Microsoft Teams can allow both external & insider threat actors to spoof identities, manipulate messages and notifications, and forge caller names in calls. Teams is a trusted collaboration tool, these manipulations make social-engineering attacks (tricks that
New Advisory: Beware Fraudulent Hurricane Melissa Relief Websites
ⓘ We are reaching out to let you know that of fraudulent and malicious websites scamming victims via fake Hurricane Melissa relief donation charities/organisations. Attention constituent: We are issuing this advisory to warn the general public of The Bahamas that there is an increase of fake website domains that are soliciting donations for relief funds with reference to Hurricane Melissa and the impact that it
LockBit 5.0 Ransomware Threat Resurgence Alert
ⓘ We are reaching out to let you know that a new variant of the LockBit ransomware, known as LockBit 5.0, has recently emerged. Attention constituent: A new version of the LockBit ransomware, known as LockBit 5.0, has been observed following the disruption of the group’s operations earlier in 2024. The threat actors behind LockBit remain active and continue to refine their ransomware. The new version
Cisco IOS: SNMP Denial Of Service and Remote Code Execution Vulnerability
ⓘ We are reaching out to let you know that Cisco IOS is vulnerable and can be exploited via Remote Code Execution by attacker to gain unauthorized access to critical systems. Attention constituent: A vulnerability has been discovered in the SNMP (Simple Network Management Protocol) subsystem of Cisco IOS and IOS XE software. An attacker who has certain SNMP credentials can exploit this by sending
Cybersecurity Awareness Month: Enable MFA; Disable the Hackers
Last week, we kicked off Cybersecurity Awareness Month, detailing strong passwords as your first line of defence against a cyber attack; this week, we cover the second: multi-factor authentication (MFA). Multi-factor Authentication adds an extra layer of security by requiring two or more methods of verification to access your accounts. Rather than relying solely on a password, MFA can come in several forms. These include
Cybersecurity Awareness Month: Use a Strong Password + a Password Manager
Cybersecurity professionals always say it, but it’s true: passwords are your first line of defence against data breaches. Because of this, it is crucial to make them strong and difficult to crack. Remember these three keys to make your passwords stronger: Make them long. The longer a password is, the more challenging to crack. CIRT-BS and other industry experts recommend passwords of 16 characters minimum.
Help Secure Our World this Cybersecurity Awareness Month
Welcome to Cybersecurity Awareness Month, an international initiative that educates everyone about online safety and empowers individuals and organisations to protect their data from cybercrime. Amidst large-scale data breaches and cyber-attacks, Cybersecurity Awareness Month reminds us about simple, effective ways to remain safe online, protect personal data, and ultimately help secure our world. The National Computer Incident Response Team of The Bahamas (CIRT-BS) is proud
Cash or Card? 10 Tips to Outsmart Card Fraud
In its 2022 Annual Report, the Bahamian monetary regulator, Central Bank of The Bahamas, reported over $15M in fraud complaints from debit and credit card users.[1] In many instances, better handling of financial cards could help to protect potential victims. This article shares ten practical but effective recommendations for protecting your financial accounts through your bank cards. (1) Invest in an RFID-blocking wallet to store
Don’t Get Reeled In! Recognising and Reporting Phishing
Have you ever received an email from a foreigner requesting financial assistance? How about a text message claiming you’ve won a particular prize for a competition you’ve never entered? In cybersecurity, these scams are commonly known as “phishing” attempts. Believed to come from the term “phoney fishing,” the Internet Engineering Task Force defines phishing as a technique for attempting to acquire sensitive data (e.g.
Spring Forward into Cyber Hygiene
Remember that time changes this Sunday! We move forward one hour. As you take time to update your clocks and declutter your homes this weekend, CIRT-BS reminds you to ensure that your cyber hygiene is being taken care of, too! Organise Your Files Clean folders make spotting malicious files and viruses easier. Review Bank Statements Check for unauthorised transactions and query them.
Build Better Passwords for Online Security this “Change Your Password Day”
What do your bank, social media, and email accounts share? A password! Passwords are one of the most critical lines of defence against cyber attacks. They help ensure our data is only accessed by authorised users, even in the event of device theft or loss. Many people choose passwords found in the dictionary and reuse them across multiple accounts, meaning that once a cybercriminal has
Data Privacy Week: 4 Ways to Protect Your Data
So what’s the big deal about privacy, anyway? When you avoid taking measures to take control of your data, you make yourself susceptible to identity theft, which can lead to several issues, including financial loss and damage to your online footprint. Throughout this Data Privacy Week, CIRT-BS covered topics around practising discernment in sharing specific data with various services and taking action on our decisions through
Data Privacy Week: Get Comfortable with Privacy
We may feel despair about how our data is collected and used by our apps and web services—especially as they often request more data than necessary. But here’s the silver lining, thanks to privacy rules like the GDPR and Data Protection Act: you have some control! Privacy rules help protect us, the users. Websites and apps are now increasing transparency around the info they collect and how
- RFC 2350