This week, the country’s No.1 and No. 2 banks respectively – BDO Unibank and Bank of the Philippines – issued statements warning clients to guard against fraudulent schemes to illegally acquire sensitive information and use their bank accounts for unauthorized transactions.
“In the recent months, there has been an increased number of clients that have experienced suspicious bank account transactions involving withdrawals and purchases done without their knowledge,” said BDO in a statement posted on its Facebook page on January 9th. “In the 4th quarter of 2017, we have seen an extraordinary rise in fraud attacks towards the entire industry with an increase in the number of claims for unauthorized transactions taking place in other countries.”
BPI, on the other, reiterated an advisory detailing measures that clients should take to avoid becoming victims of phishing schemes to illegally acquire confidential information about their accounts with the bank amid reports of a new fake log-on site for BPI Express Online, its online banking platform.
“Phishing is a method used by cyber criminals to obtain confidential information by impersonating a legitimate or reputable company via fraudulent emails, text messages or social media accounts,” said the BPI advisory. “The information is then used to commit identity theft or fraud which can lead to other forms of cyber threats such as malware, ransomware, and denial-of-service attacks.”
BDO said it is carrying out a thorough investigation to trace individual transactions, check any irregularities and identify signs of fraud from millions of valid transactions every day. Meanwhile, it urged its clients to take the following precautions to avoid being victims of fraudulent transactions:
1. Keep your account information private;
2. Be mindful of people requesting for your personal account details through phone, SMS, email, or websites. Unscrupulous individuals and groups are constantly preying on unsuspecting clients to collect their bank information through skimming, phishing, social engineering, and other devious ways; and
3. To help our affected clients, we encourage you to formally file a report via email (email@example.com), its international toll free number (IAC +800-8-631-8000), or its domestic hotline (631-8000).
Similarly, BPI advised its customers to carry out the following measures to frustrate phishing schemes:
1. Be wary of messages asking for confidential information;
2. Think twice before clicking links on emails that direct to a website. Such links can lead to malicious websites that can cause your PC or mobile phone to be infected;
3. Hover your mouse pointer over the link and copy of the URL. The hyperlinked URL will be shown in the status bar at the bottom of your email. If it does not match the URL you intend to visit, it is most likely a fake website;
4. Do not share your personal information such as username, password, email address, and credit card details (like the three-digit security code and expiry date) with anybody;
6. Verify site security. A secure website begins with https: and has a lock icon in the page, which means that it uses an SSL protocol;
7. If possible, check your accounts and change your passwords regularly. Update apps in your mobile as well because these include bug fixes and new security features that prevent criminals from exploiting the app’s flaws; and
8. Contact and report to the company that has been “spoofed” in the phishing scam.
Though it hasn’t reported any phishing attempts on its online banking site or cases of clients complaining of unauthorized withdrawals or transactions, Security Bank, the country’s sixth bank by assets, has also come up with tips to help its clients avoid ATM and debit card fraud. In an advisory posted on its website, it urged its customers to protect themselves from skimming, phishing and other forms of fraud by following these tips:
1. Regularly update the contact information (i.e. mobile number, e-mail, address, etc.) that you gave to the bank. This will make it faster for the bank to notify you of any suspicious transactions;
2. Prevent hackers from getting access to your personal/sensitive information;
3. Be smart with online transactions. Shop with credible merchants and look for secure transaction symbols like the “lock” icon on your browser. Avoid using public hotspots for online payments;
4. Regularly check your account balance and transaction history. If you see anything suspicious, immediately report it to the bank;
5. Take note of the emergency hotline/customer service number at the back of your card and call it immediately in case your card gets stolen;
6. If you’re planning to use your card abroad, let the bank know your travel dates and destination;
7. Watch out for anything suspicious on the ATM. Shake the card reader (where you insert your card) to ensure that there are no foreign objects attached to it. Check the pin pad if there are any hidden cameras or false key pads. If anything looks crooked, loose, or damaged, it might have been tampered;
8. Be vigilant of your surroundings when approaching and using an ATM. Make it a habit to cover your hand and pin pad as you enter your PIN on the ATM;
9. Never share your ATM PIN with anyone; and
10. If you receive a new card, make sure to destroy your old one. Make sure to cut across the magnetic strip and destroy the chip.