Going digital has made so many things much more convenient. This is certainly true when it comes to banking transactions. Thanks to online platforms and mobile apps, it’s possible to check your bank account, pay your bills, and transfer money to other accounts without physically going to the bank.
Unfortunately, fraudsters have also come up with clever and sneaky tactics to take advantage of the convenience that people enjoy.
In light of this development, banks have been issuing advisories to their customers against these scams. The Bank of the Philippine Islands (BPI), for one, has an ongoing multimedia cybersecurity campaign to increase people’s awareness and encourage clients to be smarter against online scams.
Here are four nasty digital tricks that you should watch out for.
This is, perhaps, the most popular term associated with digital fraudsters. The Merriam-Webster Dictionary has defined phishing as “a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly.”
One of fraudsters’ favorite phishing moves is to pretend to be representatives of banks. To make these fake emails look legit, they would put the logo of the bank or use the names of real bank officials. They then threaten you that your account is in danger of being cancelled or blocked unless you provide the information they require ASAP.
The information the fraudsters seek include credit or debit card details such as the card number, expiry date, and its CVC or CVV number found at the back of the card. They also want to get online banking log-in credentials such as usernames, passwords, One-Time PINs (OTP), and mobile numbers.
Banks like BPI have cautioned their customers against this. It is best to either ignore and just delete a suspected phishing email. In an advisory, BPI pointed out, “Forms that ask for passwords of personal email accounts are usually fake. BPI also said the bank never asks for personal information using embedded email links.”
BPI also stressed that OTPs are unique for every transaction. OTPs are six-digit codes that will complete a transaction. This serves as the security for the client to ensure only legitimate and valid transactions are done in his account.
This is phishing done through SMS or text messages that come with links. Many of them urge you, “Call me here” or “Your help is needed. Get details here.” By “here,” they are referring to the link and implying that you’ll get more information if you click it.
The objective of the smishing message is to trick you into downloading a virus or malware into your mobile device. Once they access the information you have in the device, there’s no telling what sort of damage they can do.
An article from the US-based University of St. Thomas’ Department of Public Safety warned, “Don’t click on unsolicited links sent to you by text. Do not provide personal data this way, either. Your financial institutions will not do business with you this way.”
The Oxford English Dictionary defines vishing as “the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.”
Fraudsters will make a phone call and ask their target for their personal information, and sometimes, they even ask for the One-Time Password (OTP) that is sent to the target’s mobile number.
For its part, BPI warned, “it is best not to entertain these dubious calls. Again, you can play it extra-safe by calling the BPI hotline or your preferred BPI branch to speak to a BPI representative to verify the authenticity of such calls.
This takes phishing to the next level, as it tries to get your information through domain spoofing. Vangie Beal explained in her Webopedia article: “Rather than being spammed with malicious and mischievous e-mail requests for you to visit, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect.
With this, BPI advised its clients to, “Hover your mouse pointer over the link and copy of the URL. The hyperlinked URL will be shown in the status bar at the bottom of your email. If it does not match the URL you intend to visit, it is most likely a fake website. A secure website begins with https: and has a lock icon on the page, which means that it uses an SSL protocol.”
In any case, you must not let these threats prevent you from enjoying the convenience that online banking brings. Just remain cautious and vigilant, so you immediately sense it when something doesn’t seem right.
A few things to keep in mind are:
- Remember that your OTP is for your eyes only, and you shouldn’t receive one if you did not initiate any transaction that would require one;
- Your bank will not just randomly lock you out of or close your account;
- A legitimate bank officer will never contact you to ask for confidential information such as username, password, OTP, registered mobile number, and security questions.
If you do think that someone is trying to scam you or hack into your accounts, immediately report the suspicious calls or messages to your bank.