The Bank of the Philippines Islands (BPI) said it has been spotting at least 10 phishing sites daily since the Covid-19 pandemic broke out, as several phishing attacks are repeatedly launched to trick clients into giving their personal information online.
The Ayala-owned lender said it has already detected a total of almost 2,000 phishing sites during the lockdown from March to August 2020.
BPI executive vice president and COO Ramon Jocson said that most of the attacks are perpetrated by Filipino syndicates that have been taking advantage of the current global health crisis.
“They send out malicious emails with Covid-19 themes to steal information and put up fake crowd-funding pages for supposedly PPE donations,” said Jocson.
“A lot of the crimes being committed involve Filipinos targeting fellow Filipinos — getting their credentials, posing as clients of the banks, and then doing unauthorized withdrawals.”
He said the scams have become more pervasive partly because of widespread tutorials which have made it easier for cybercriminals to put up phishing sites.
This, Jocson said, demands an increased focus on security among it clients. “BPI has rolled out awareness campaigns over the past several months. On our non-technical side, we heavily count on the infomercials that we post on our social media channels to inform our clients about the different fraud schemes that have sprung up. We also give them tips on how to remain cyber safe, secure, and smart during these times,” he said.
He added that BPI has taken a technical precautionary measure by enabling security operations centers to work around the clock to detect potential threats.
“We try to detect abnormal behaviors. We track around close to 22,000 events per second — every ATM withdrawal, log on, and so forth — and we have analytics to track any aberrant behavior,” he said.
Even as BPI continuously employs world-class tools, methods, and processes to ensure the security of clients’ account information, Jocson reminded the public that creating a cybersecurity culture is a shared responsibility between banks and its clients.
This means that clients also have to do their part in improving online safety and security by adopting basic cybersecurity habits in their everyday transactions, Jocson said.
“As we move into a digital world, let us remember that digital means presence-less. We don’t need to be there in order to complete the transaction. As we do this, remember that security starts and ends with us. It’s about guarding our credentials,” he said. “That is why banks have instituted security features such as the one-time PIN, biometrics, and other online banking security features. We all need to use them.”