• 2020
  • BPI urges public to be mindful of cyberfraud

Press Release


BPI urges public to be mindful of cyberfraud amid surge in phishing sites

The Bank of the Philippine Islands (BPI) is urging its clients and the public to be wary of cyberfraud after noting a surge in phishing sites, especially those with coronavirus-related keywords.

BPI quotes a recent Kaspersky Lab report that revealed that around 1.5 million phishing sites are created globally, every month, to enable cyber-profiteers to steal sensitive data. The same study also determined that Filipinos as more likely to fall victims to scams compared to its Southeast Asian neighbors.  “The easy migration of everyday activities online, particularly purchases and other transactional tasks, has been a great help in improving the quality of life for society. Unfortunately, scammers also saw an opportunity to step up their cybercrime schemes,” said BPI Enterprise Information Security Officer and Data Protection Officer Jonathan John B. Paz.

The most common phishing emails detected have COVID-19 themes that offer cures, preferential priority for vaccines or other breaking news, which aim to lure victims into phishing sites that collect their personal data such as internet and email login credentials, credit card details, government IDs, among others.

BPI added cybercriminals also use vishing or voice call phishing to deceive people to reveal their confidential data like OTPs, and to enable SIM hijacking to take over a target’s mobile number.

Handling of information

On top of activating online banking security features, the bank is also urging the public to take other precautionary measures and be mindful of the different exposure risks. 

To avoid falling victim to increasingly complicated scams, Mr. Paz recommended several safe online practices.  First, avoid oversharing personal data on social media. Second, when doing important transactions, avoid using unprotected networks such as free public wifi and use home or office networks instead. Third, use separate email addresses for banking or ecommerce transactions from those used for social media, online forums, and other various activities. Finally, avoid opening suspicious file attachments.

“A legitimate email is usually sent by a familiar email domain. For example, official BPI emails are sent using the domain ‘@bpi.com.ph’.  Second, BPI, and most banks for that matter, will not ask for sensitive info such as your online banking login and password, credit card info, one-time-passwords or OTPs, which can be used to defraud people,” he added.

As cybersecurity is a shared responsibility between banks and its clients, BPI also advised the public to make it a habit to visit BPI’s official social media pages and familiarize themselves with the latest cyber scams and tips on cyber hygiene.

For its part, BPI continues to invest on technology and processes, which include the Mobile Key to authorize transactions initiated on registered mobile devices. 

“We are doing our part in elevating our efforts to raise awareness on social media to regularly provide information about the latest scams and modus operandi to protect people from cybercrime,” said Mr. Paz.

Published on September 3, 2020

Get the latest news on how we support financial inclusion, our digitalization journey, and more.
Read More