Cyber Security Centre reveals new fraud techniques and growing misuse of social media platforms
A new cyber threat update has highlighted a growing range of digital scams affecting the Isle of Man, with impersonation, fraud, and phishing attempts continuing to pose significant risks to residents and businesses.
The report – covering the period from 1 March to 30 April – was issued by the Isle of Man Cyber Security Centre (CSC), part of the Office of Cyber Security and Information Assurance (OCSIA), and provides inside into the most pressing cyber threads based on local reports and intelligence from partner agencies.
Rise in suspicious emails and fraud attempts
More than 700 suspicious emails were submitted via the Island’s Suspicious Email Reporting Service (SERS) during the two-month period. While malicious links continued to dominate, there was a noticeable increase in ‘advance fee frauds’, a scam where you're persuaded to pay a fee upfront with the promise of receiving something valuable, such as money, goods, or services, but never actually receive what you were promised.
Common phishing attempts include fake parcel delivery notifications, romance scams, and messages impersonating Manx.net or anti-malware software providers.
The CSC also logged 100 cyber concerns, with frequent reports of phishing, scam websites, and impersonated businesses or social media accounts. Notably, several cases involved attempts to extract money through false payment requests or deceptive listings on buy-sell platforms, like Facebook Marketplace.
Local impersonation cases
A series of localised scams underscored the risks facing Island-based individuals and organisations.
In one case, a fraudulent website mimicked an Isle of Man law firm, using a real address unconnected to the business. Another site replicated the Financial Services Authority’s branding, while a third closely resembled that of a Manx bank.
The CSC also investigated a fake Facebook page impersonating “No Worries Doggy Homestay”, using stolen photos and false awards to convince pet owners to pay deposits for non-existent services.
In response, the Centre is encouraging small businesses to rely more heavily on their own websites rather than social media platforms, where impersonation is easier and harder to resolve.
Romance scam escalates to blackmail
A serious case of romance fraud saw one Island resident conned out of £1,500 in Apple gift cards by a scammer posing as a soldier. The individual later resumed contact via encrypted messaging service Telegram, threatening to release intimate images unless a further £4,000 was paid.
Deepfakes targeting Manx politicians
The CSC issued a public advisory after detecting AI-generated deepfake videos falsely featuring Manx politicians endorsing fraudulent cryptocurrency investments. Among those impersonated were the chief minister and treasury minister, with videos appearing in sponsored content on social media.
The Centre warns residents to verify financial claims through official sources and not to rely on social media videos, no matter how convincing they appear.
Business invoice fraud results in £9k loss
In a notable commercial case, a local customer was duped into paying £9,000 to a fraudulent bank account, having received a spoofed invoice from what appeared to be a legitimate UK supplier.
Despite a warning that the account name did not match, the transaction was processed – only for the fraud to be discovered later.
Scams exploiting Facebook and Marketplace
A fake rental listing on Facebook led one resident to lose £850. The listing directed the victim to continue the conversation via WhatsApp – a tactic the CSC says scammers use to bypass Facebook’s oversight.
A separate case saw a seller tricked by fake eBay payment confirmation emails, ultimately shipping a parcel worth £965 before realising the transaction had been fabricated.
Smishing and spear phishing
Parcel delivery scams claiming to be from Evri continued to circulate via text, asking recipients to pay redelivery fees via spoofed websites.
In another example, two students were targeted with phishing emails pretending to be from the University of Chester, demanding over £1,000 in fees via bank transfer.
The CSC advised that even convincing messages should be treated with suspicion, especially if they arrive from generic or unverified email domains.
Global trends
While the report primarily focuses on Island-specific threats, it also highlights broader international activity:
- A GitHub supply chain attack targeted cryptocurrency exchange Coinbase and hundreds of other repositories.
- Social media platform X (formerly Twitter) suffered a major distributed denial-of-service (DDoS) attack.
- UK law enforcement linked a wave of retail cyberattacks – affecting M&S, Harrods and the Co-op – to hacker group Scattered Spider.
- The UK Information Commissioner’s Office issued heavy fines to healthcare IT provider Advanced (£3.1 million) and DPP Law (£60,000) for serious data breaches involving NHS systems and criminal case information.
The CSC says these cases highlight the need for strong digital defences, particularly among sectors handling sensitive personal data.
Advice
The Cyber Security Centre urges all residents and businesses to:
- Report suspicious emails to SERS@ocsia.im
- Use multi-factor authentication on all key accounts
- Be cautious with any change in payment instructions
- Verify information through trusted, official sources
- Avoid sending funds or personal information through unverified websites or messaging apps.
Listen to Christian Jones in conversation with Director of the Cyber Security Centre Mike Haywood:
'We want to feel safe on the Island': Family reacts to Newbery decision
'Futureproof' utilities infrastructure needed to support growing population
TT funfair fans call for permanent facility on Island
Dealing with major crimes during TT period 'period challenging' for police
Tattoo shops see huge boost in trade over TT