Bank warns public vs fund transfer scams

As cybercriminals become more adept at phishing, or stealing credentials to access bank accounts, bank clients are urged to guard against new fund transfer scams.

In support of Bank Marketing Association of the Philippines’ (BMAP) #FightFraudTogether information campaign, Security Bank warned of phishing emails disguised as fund transfer notifications from Instapay or Gcash or online banking emails.

“Scams like this work by telling customers they paid a certain amount to an entity. Those who are unaware of this scam are then tricked into clicking the link provided to them and entering their confidential information. Those links may direct you to a fake bank website designed to steal data and money,” Security Bank said.

When using a computer, the bank advised account holders to hover over the link or button for a preview of the actual URL provided in the email before clicking and pursuing a transaction.

Phishing is a type of social engineering attack. In most cases, a cybercriminal pretends to be an employee of the bank and emails customers about “problems” with their account.

Customers are then prompted to click on a link, leading them to a fraudulent website where they can enter data such as account or credit card number, online banking details, and a one-time password (OTP). This allows fraudsters to gain access to their confidential information. Fraudsters then immediately change the password to take full control of the customer’s account and use it to perform illegal transactions, such as unauthorized fund transfers.

“What makes phishing so effective is that it easily lures people to believe that the email they received came from a legitimate source. Other sub-types of phishing include scams perpetrated through SMS (smishing) and phone calls (vishing),” the bank said.

To avoid being victimized by scammers, the bank urged bank users to keep the following in mind:

– Do not give your sensitive data to anyone under any circumstances. Your bank will never ask for your OTP, CVC/CVV, and PIN via call, text, or email. Do not share this sensitive information with anyone. Customers who initiate the call to the bank may be required to verify information, but not the other way around.

– Examine the email, texts, or calls you receive. For example, are there grammatical errors? Are you being asked to click on a link? If the answer is yes to these questions, then a fraudster is most likely waiting to trick you.

-Verify the claims. If you receive an email saying you paid for something and need to validate the transaction, do not click the link. Instead, check your bank account directly. Double check your account if money has been deducted. If your account balance did not change, then that email is likely a scam.

-Know and follow your bank’s official channels like its website and Facebook page. Take note of official customer service hotline numbers. If you receive a suspicious email, verify its legitimacy through these official bank channels before clicking anything. A fake FB bank page or a telephone number that does not belong to the bank is an automatic red flag.

Aside from knowing how to protect themselves, consumers are urged to report cybercriminals. Amid ongoing mobility restrictions brought about by the COVID-19 pandemic, more people rely heavily on digital transactions. This has spurred increased online usage and a growing preference for cashless payments. However, this has been accompanies by the rising incidents of cybercriminals creating new ways to steal confidential data and profit off bank customers.