CEBU CITY, Philippines – As the use of financial tech (fintech) services in the country widens, so does the risk of cyber attacks.
Filipinos around the world were shocked to learn when a systemwide maintenance and downtime of a popular electronic wallet (e-wallet) app was reportedly caused by an attempt to steal funds stored in these e-wallets.
The company managed to stop scammers from siphoning off up to P37 million worth of funds from thousands of its e-wallet app users. They detected a pattern of relatively small withdrawals from multiple users sent to only two recipient accounts at another bank late Monday night, May 8.
The transfers initially looked “legitimate” but were later suspected of having been validated by the perpetrators using information gathered from users through phishing techniques, a company official said.
What is Phishing?
Phishing is one of the many forms of cyber attacks that plague the online realm of the Philippines, which still fares poorer compare to other countries in the Asia-Pacific region in terms of cyber security.
According to a 2022 State of Incident Response: Asia-Pacific report from security risk advisor Kroll, phishing and malware emerged as the most common types of cyber attacks in the Philippines.
At least 1.8 million phishing attacks were recorded in the country during the first half of 2022, data from market research firm Statista showed.
Cybercriminals use phishing to steal sensitive information from unsuspecting individuals, including personal data such as credit card numbers, bank account numbers, and login credentials.
Phishing attacks can come in various forms, the International Business Machine Corp. (IBM) said. They may be fraudulent emails, phone calls, websites, and even text messages.
Phishing tricks users into clicking malicious links by pretending to be legitimate brands or organizations. Unbeknownst to the victim, the moment they click the link, malware has been downloaded into their device.
“The attacker typically masquerades as a person or organization the victim trusts—e.g., a coworker, a boss, a company the victim or victim’s employer does business with—and creates a sense of urgency that drives the victim to act rashly,” IBM explained.
“Hackers and fraudsters use these tactics because it’s easier and less expensive to trick people than it is to hack into a computer or network,” they added.
Prevention
Organizations as well as private individuals can protect themselves from potential cyber attacks, including phishing sites.
For companies, it is recommended to train employees as well as end-users, like customers, in spotting phishing scams. Cybersecurity experts also advised firms to reinforce their cybersecurity protocols by investing in technologies designed to protect, detect and contain online threats. They also suggested that users always double-check the source of the link.
Some of the most common characteristics of a phishing email or text include spelling errors, poor grammar, poor quality of graphics, and ‘unnecessary urgency’ like verifying your email address, said cybersecurity firm Kaspersky.
Companies and individual users are also advised to review the domain of the source of the email or text. When reading urgent messages, it is also best to take a pause before taking action, Kaspersky added.
To prevent future phishing scams, cybersecurity experts suggest deleting malicious emails, manually blocking the sender or source of suspicious attachments, and staying vigilant while using their fintech or banking apps.
RELATED STORIES
GCash foils P37-M hack try; seized funds to be returned to users
GCash explains temporary downtime
Manhunt ongoing for masterminds of credit card phishing in Cebu City
