In the latest cyber threat update report, the Office for Cyber Security and Information Assurance revealed that the scam surfaced in March to April.
The review cites reports of an Instagram account which impersonated the Minister for Justice and Home Affairs, Jane Poole-Wilson, which was used to defraud victims through investment scams.
The account used publicly available photos of the minister for legitimacy.
Mrs Poole-Wilson said: ‘I was very concerned about the fake Instagram account, particularly as it seems the aim was to defraud people.
‘The use of my position as Minister of Justice and Home Affairs was also worrying. In my case, as I am not on Instagram, it proved challenging to have the fake account taken down.
‘So I am really grateful to OCSIA for their assistance on this and to those who took the trouble to contact me to let me know about the fake account.’ She added: ‘I would urge people to ensure they take care online.
‘Make sure you think twice about responding to requests either offering or asking for money. Take time to check it out and don’t be pressured into responding.’
Whilst OCSIA declined to disclose the names of other Tynwald members who have been impersonated, the report says: ‘We have subsequently been made aware of other “fake” accounts involving other Tynwald Members and we are working with departments to have these taken down.’
Joe Chamberlain, cyber intelligence and information governance support officer at OCSIA, said: ‘In these instances the scammer(s) used investment schemes as the preferred choice to target potential victims.
‘The actual proposition scammers use is less important, it’s more the impersonation and social engineering techniques that convince potential victims they are talking to a member of Tynwald or someone they trust.
‘It’s likely that there will be more instances of impersonation of public figures in the future and the proposition may not be investments and instead be something more convincing.’
He added: ‘The message we wanted to present is that scammers will impersonate anyone they believe people will trust, whether this is a business, minister or a known local figure.
‘We’ve seen this recently with the scam texts where scammers impersonate a (sometimes non-existent) son or daughter.
‘We urge people to independently verify who they are talking to and report any concerns to us at OCSIA.’
Online impersonation was also used to sell items that don’t exist primarily on Facebook.
This was the second most reported scam in the period.
The report explains: ‘These scams are often performed one of two ways. One option is the scammer makes a new profile with a fake name and images taken from the internet.
‘For anyone prepared to look, the profile can be identified as fake.
‘The more convincing method involves a compromised account of a legitimate person, where the scammer uses already-established relationships to scam victims out of money.
‘In the period we saw this occur with a well-known local figure whose account was hacked and used to sell non-existent puppies.’
There were more than 10 reports of this in the period, with someone being defrauded out of £950.
The report says: ‘At OCSIA, part of our job involves helping members of the public to understand that the levels of trust you apply to real life should not extend to the internet.’
Earlier this year the Examiner received two spoof emails impersonating two Douglas councillors.
Douglas Council leader Claire Wells’ account appeared to send out an email saying that there was to be an emergency meeting in which a vote of no confidence would be called against her.
A statement released by the council said: ‘Douglas Borough Council can confirm that its council leader did not send e-mails to island media outlets about a suggested emergency meeting, nor has a vulnerability been detected in the local authority’s IT system.’
Another spoof email received by the Examiner in late March, impersonated councillor Frank Schuengel claiming that he was to make an announcement regarding the closure of the Manx Forums website.
When we contacted Cllr Schuengel, he confirmed that he did not send the email and it was a spoof.