Heeding the advice of the Bangko Sentral ng Pilipinas (BSP), the Rizal Commercial Banking Corp. (RCBC) and RCBC Bankard said they have removed all clickable links in all its communications to clients – including emails or electronic direct mailers (eDM), SMS, and Viber – as part of efforts to intensify drive against anti-cybercrime attacks.
RCBC chief information security officer Carlos Tengkiat, said the move is part of the bank’s advocacy to increase protection for clients against cybercrimes, and at the same time educate them about transacting safely online.
“The removal of clickable links in all forms of communications that we send out to the public could help our clients more easily distinguish legitimate communications from phishing, smishing, vishing and other cybercrime attempts,” Tengkiat said.
Phishing is the term for a cybercrime attack wherein criminals pose as legitimate institutions and send out emails with links leading to fake websites to collect sensitive information from targets, such as credit card details and passwords.
Smishing and vishing, on the other hand, are forms of phishing attack but carried out through SMS messaging and voice calls.
Moving forward, Tengkiat also shared the bank’s plans to intensify its client education efforts to empower clients to fight cybercrimes.
“This is a shared responsibility between banks and clients, and RCBC pledges to continuously educate our clients on how to protect their accounts and stay safe when making financial transactions online,” Tengkiat said.
The bank’s removal of clickable links in all forms of communications is in support of the Bangko Sentral ng Pilipinas (BSP) Memorandum No. M-2022-015, which contained recommended control measures against cyber fraud and attacks on retail electronic payments and financial services.
Upon the issuance of the memorandum, BSP said it wants to minimize, if not eliminate, opportunities for hackers to victimize the public. One of the other recommendations includes the conduct of an information campaign on the removal of clickable links.
Another measure is by sending notifications to clients through their registered mobile or email address whenever there is a request to change a customer’s contact information, or account credentials.