The Bank of the Philippine Islands (BPI) is urging the public to remain vigilant this Holy Week as financial cybercrimes remain rampant. This is after the Bank noted a rise in the number of emails and text messages containing bogus vacation vouchers and donation pledges.
“The public should be careful of these scams and fake offers, as fraudsters use various tactics, such as phishing, to obtain personal information,” said Jonathan Paz, BPI Enterprise Information Security Officer and Data Protection Officer.
Paz explained that cybercriminals are able to acquire confidential personal information by initially using data about a person available online and then gain other details and information directly from targets through a combination of messages, fake websites, and phone calls.
To protect the public from these kinds of schemes, BPI enjoins everyone to follow these tips in identifying phishing emails or calls (voice phishing or “vishing”) in order to protect themselves from scams.
Verify the Sender
- Do you know the sender? If not, then best to ignore the message.
- Do you usually communicate with the sender? If you’re getting a message that is suspicious, try to verify first with this person by contacting them thru other means.
Check the Subject
- Is the subject relevant to you? If you suddenly receive an email maintenance notification randomly and there was no official announcement from the Bank, then treat the email with suspicion.
- Did others receive the same email? Ask. Always try to verify the legitimacy of suspicious messages.
Examine the Message
- Are you addressed too generically? This could’ve been sent to many and the scammer is waiting for someone to fall for the scam.
- Is there an urgent scenario and the sender is asking you to do something immediately? Social engineering attacks usually start with these themes. Stay calm and think about the situation carefully.
- Is there an offer that’s too good to be true? They probably are so best to be skeptical.
Check the Links and Attachments
- Is there a link or attachment embedded in the email? Think twice before you click.
- Are you able to hover your cursor over the button? If you can, check the embedded URL if it is what you expected it to be. Forward to your security team, if available, to validate.
“Fraudsters are getting more sophisticated so best to stay vigilant, informed, and updated. For our part, BPI continues to invest heavily in cybersecurity to ensure we are able to deliver superior user experience, securely,” Paz assured.