As more people switch to online banking channels during the COVID-19 pandemic-induced lockdown of key cities, cyberspace has become a fertile ground for scammers who are becoming more and more sophisticated in stealing credentials and hard-earned money.
In the Philippines, the banking community has flagged the proliferation of cybercriminals during this current state of national public health emergency.
“Scammers are stepping into high gear with their attacks as the country continues to observe the enhanced community quarantine,” the country’s largest bank, BDO Unibank, said on Thursday.
A prevalent scam has them posing as a bank personnel and urging clients to verify their bank accounts by clicking on a link, BDO said. This link then opens a website that looks exactly like a bank’s official website. On this fake website, they trick clients into divulging their personal information, such as account numbers, credit card information, online banking login details like usernames and passwords, and onetime PINs (OTPs). “Upping their ante, their attacks now are more sophisticated than ever—their grammar is correct; their communication style is convincingly professional; their fake websites look exactly like their legitimate counterparts. As a result, many, especially first-time users of online banking, are getting victimized and losing their money,” BDO warned.
While online banking is encouraged to promote social distancing, the Bankers Association of the Philippines (BAP) has urged clients to observe the following:
– Ignore any suspicious emails, calls or text messages and report it to your respective banks immediately, and do not open or click on any links.
– Use only the official apps of your banks and check your bank’s official pages/websites to learn more.
– Remember that your banks will never ask for your personal information, account number or OTP via phone, call, text or email.- Change password regularly and create strong passwords to deter potential hackers.
– Avoid using a shared network or a shared computer since these may be traced back or attract nearby hackers.
“There have been emails going around informing clients of account deactivation and asking them to click on a link to prevent deactivation due to COVID-19. We would like to advise against doing so since it will compromise your account security,” BAP said.
Meanwhile, the Securities and Exchange Commission (SEC) urged the public to be cautious when dealing with individuals or groups pitching reseller business partnerships as a front for their unauthorized investment schemes.
In separate advisories issued on April 14, the SEC flagged the investment-solicitation and -taking activities of JOCALS688 Beauty and Wellness Products Trading Inc., TBCMMP Masa Mart Inc. and CashCowRobot.