Phishing is not new in Jamaica. But the phishing arriving in your inbox, your WhatsApp, and even your voicemail in 2026 is fundamentally different. Generative AI has industrialised the scam economy, and Jamaica — with its high mobile-banking adoption, growing digital economy, and well-known household names — is squarely in the crosshairs.
Why Jamaica Is a Top Target in 2026
Generative AI has eliminated the classic giveaways of a scam — broken English, awkward grammar, suspicious phrasing. A criminal in any country can now produce a flawless email in Caribbean English, complete with local references to Kingston, NCB, Scotiabank Jamaica, JN Bank, Sagicor Bank, and current events, in seconds.
73% of Jamaican SMEs surveyed by the JCC reported at least one cyber incident in the past 12 months, and the trend is accelerating sharply in 2026.
According to IBM's 2025 Cost of a Data Breach Report, the global average cost of a breach reached US$4.88 million — and small economies like Jamaica feel each incident disproportionately because incident-response capacity is more limited.
The Four AI-Powered Attacks Hitting Jamaica Right Now
1. Hyper-personalised email phishing. Attackers scrape LinkedIn, Facebook, and company websites, then ask an AI model to draft an email impersonating your CEO, your bank, or the Bank of Jamaica (BOJ). The message references your real role, your real colleagues, and a real ongoing project. Over J$1.2 billion lost to lottery and online scams in 2024 according to the Major Organised Crime and Anti-Corruption Agency (MOCA).
2. Voice cloning (vishing). A 30-second voice sample — often pulled from a public Zoom recording or social media video — is enough to clone a person's voice. Finance staff at Jamaica businesses are receiving urgent calls 'from the CEO' authorising wire transfers. The voice is correct. The accent is correct. The instruction is fraudulent.
3. Smishing at scale. AI-generated SMS messages claiming to be from Digicel and Flow, NCB, Scotiabank Jamaica, JN Bank, Sagicor Bank, or the customs authority arrive on your phone, with a link to a near-perfect cloned banking portal. The fake site harvests credentials and one-time passwords in real time.
4. Deepfake video calls. A finance officer is invited to a Zoom or Teams call with what appears to be the CFO and external auditors. Every face is an AI-generated deepfake. Hong Kong saw a single such attack drain US$25 million from one firm in 2024; the same playbook is now being run against Caribbean SMEs.
Real Jamaica Numbers
Conservative estimates from Ja-CIRT (Jamaica Cyber Incident Response Team) and aligned bodies suggest losses to AI-enabled cyber-fraud in Jamaica reached J$2.4 billion in 2025, with the true number likely higher because reporting remains under-developed.
The Caribbean as a whole is now identified by Interpol and the OAS as a 'rising fraud hot-spot' for AI-enabled financial crime, with attacks growing roughly 3x faster than the global average between 2023 and 2025.
Reports to the Jamaica Constabulary Force (JCF) Cybercrime and Digital Forensics Unit of AI-assisted scams nearly tripled between Q1 2024 and Q1 2026.
A 10-Minute Defence Checklist for Jamaica Households
Switch on multi-factor authentication (MFA) for every email, banking, and social media account today — preferably using an authenticator app, not SMS.
Agree a family 'safe word' that anyone calling in an emergency must say before any money moves. Voice cloning collapses if the criminal doesn't know the word.
Treat every unexpected link in WhatsApp, SMS, or email as hostile until proven otherwise. Type NCB, Scotiabank Jamaica, JN Bank, Sagicor Bank URLs by hand. Do not click.
Review your bank's alert settings. Enable real-time SMS or app notifications for every debit so a fraudulent transaction is caught in minutes, not days.
Freeze your credit file with TransUnion or the relevant Jamaica credit bureau if you are not actively applying for credit.
A 30-Day Defence Plan for Jamaica Businesses
Week 1 — Identity: Roll out MFA for every employee. Migrate from SMS-based codes to app-based or hardware-key authentication for finance and admin staff.
Week 2 — Process: Establish a written 'callback rule' — any wire-transfer or payment-change request must be verbally re-confirmed via a phone number on file, never a number provided in the request itself.
Week 3 — Training: Run a live phishing simulation with all staff. Train them on voice-clone red flags: urgency, secrecy, requests to circumvent process.
Week 4 — Detection: Deploy an AI-powered email filter (Microsoft Defender for Office 365, Google Workspace Advanced Protection, Abnormal Security, or similar) capable of catching novel generative-AI phishing patterns. Confirm your incident-response contact at Ja-CIRT (Jamaica Cyber Incident Response Team) is current.
What Bank of Jamaica (BOJ) and Government Are Doing
Cybercrimes Act, 2015 (amended 2021) provides the legal foundation for prosecuting cyber-enabled fraud, and Jamaica's Data Protection Act, 2020 obligates organisations to safeguard personal data — but neither was designed for the AI era.
Bank of Jamaica (BOJ) has issued multiple advisories in 2025 and 2026 directing financial institutions to upgrade fraud-detection systems and enhance customer-facing security education.
Citizens should report incidents promptly to the Jamaica Constabulary Force (JCF) Cybercrime and Digital Forensics Unit and Ja-CIRT (Jamaica Cyber Incident Response Team). Even when funds cannot be recovered, every report helps build the pattern data that protects the next victim.
Frequently Asked Questions
How can I tell if an email or text in Jamaica is AI-generated phishing?
Be suspicious of urgency, secrecy, and any unexpected link — especially links claiming to be from NCB, Scotiabank Jamaica, JN Bank, Sagicor Bank, Digicel and Flow, or government. AI-generated phishing now reads perfectly in Caribbean English and can reference real local names. The safest rule: never click. Open your banking app or type the URL yourself.
Are voice clones really being used against Jamaica businesses?
Yes. Cloning a voice from 30 seconds of audio is now a low-cost commodity service on criminal marketplaces. Jamaica executives whose voices appear on YouTube, LinkedIn, podcasts, or company videos are at elevated risk. A pre-agreed verbal safe word, plus a strict callback rule for any payment instruction, neutralises the attack.
What should I do immediately if I think I've been scammed?
Contact your bank's fraud line within minutes — speed is the single biggest determinant of recovery. Change all related passwords. File a report with the Jamaica Constabulary Force (JCF) Cybercrime and Digital Forensics Unit and notify Ja-CIRT (Jamaica Cyber Incident Response Team). Keep every message, screenshot, and transaction reference.
Is Jamaica's Data Protection Act, 2020 actually being enforced?
Enforcement is still maturing, but breaches involving personal data already carry reputational, regulatory, and civil-litigation risk in Jamaica. The strategic answer is to treat compliance as a floor, not a ceiling, and invest in real security controls.
Does cyber insurance cover AI-enabled fraud in Jamaica?
Some policies do, but coverage is narrowing globally as insurers see AI-driven losses rise. Read the small print on social-engineering and authorised-push-payment fraud. If you run a business in Jamaica, ask your broker specifically about deepfake and voice-clone coverage.
Where can I get free help in Jamaica?
Ja-CIRT (Jamaica Cyber Incident Response Team) publishes free advisories and accepts incident reports. The Jamaica Constabulary Force (JCF) Cybercrime and Digital Forensics Unit investigates cyber-fraud cases. Your bank's fraud team should be your first call if money is in motion. StarApple AI also publishes free Caribbean-focused security guidance.
Need help locking down your Jamaica business against AI-enabled fraud?
StarApple AI works with Caribbean organisations to design AI security policies, train staff on deepfake threats, and implement practical controls that match your budget. Speak with our team for a free initial consultation.
Talk to StarApple AIAbout AI Jamaica
AI Jamaica is the leading platform for artificial intelligence news, education, and community in Jamaica and the wider Caribbean. Powered by StarApple AI, the first Caribbean AI company, founded by Caribbean AI Expert Adrian Dunkley. We publish practical AI guides, sector analysis, and cybersecurity intelligence tailored to the Jamaica context.
Learn More About StarApple AI