You are in
Personal Banking
Personal Banking
Wealth Management
SME Banking
Institutional Banking
About BPI
You are in
Personal Banking
Personal Banking
Wealth Management
SME Banking
Institutional Banking
About BPI
  • What would you like to search today?
    Type in atleast 3 characters to begin your search

You're exiting this website

Once you leave our page, you’ll be covered by the policy and security measure of the site you are visiting

Proceed
Cancel

What are the types of social engineering tricks?

Phishing

A type of social engineering attack wherein an attacker attempts to trick you into giving your account information such as log-in credentials, bank account information, or security information such as the One-Time PIN (OTP).

 

If you receive an email urging you to “verify/update” your account to prevent it from being deactivated, ignore it! The sender only wants to steal your information.

Smishing (SMS Phishing)

Smishing is a combination of “SMS” (short message services, better known as texting) and “phishing”. When cybercriminals “phish” they send fraudulent emails that seek to trick the recipient into opening malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email.

 

If you receive text messages warning you about suspicious activity on your account and telling you to click on an embedded link to update or secure your account, ignore the message and block the sender immediately.

Vishing (Voice Phishing)

Vishing (voice or VoIP phishing) is an electronic fraud tactic wherein individuals are tricked into revealing critical financial or personal information to unauthorized entities. A vishing attack is conducted by voice email, VoIP (voice over IP), landline, or cellular phone.

 

Have you ever received a call from someone claiming to be a representative of the bank and asking for your confidential account details like OTP and password for verification or updating? This is a scam. Do not fall for this trick.

Spoofing

Fraudsters “mask” their identity by sending messages and making them appear to be coming from a legitimate organization or company, such as a bank or a telecommunications provider. The perpetrators will then try to phish for personal and sensitive information.

Sim Swap / Upgrade Scam

If a stranger contacts you, tells you that he or she is a representative of a telco company, and offers you a SIM upgrade, do not entertain. It may be an attempt to hijack your phone to gain access to services linked to your mobile number, including security protocols and verification for your bank accounts, money transfers, and related transactions. Always be vigilant in protecting your online accounts, SIMs, and devices used to access your bank accounts.

 

Immediately contact your telco provider if you suspect a SIM swap scam.

Spam Email

Spam is the electronic equivalent of the “junk mail” that arrives in your mailbox. Spam emails are sent out in bulk by spammers and cybercriminals who are looking to run phishing scams in order to obtain passwords, credit card numbers, bank account details, and more or spread malicious code onto recipients’ computers.

 

Here are some tips to help you reduce the amount of email spam you receive:

  • Set up at least one private and one public email address.
  • Never respond to any spam.
  • Think before you click “unsubscribe” on links in emails that come from unknown sources as it may be fake and actually increase the amount of spam you receive.
  • Keep your browser updated.
  • Use anti-spam filters.
Malvertising

Derived from “malicious” and “advertising”, scammers inject malicious code into legitimate online advertising networks. The code typically redirects users to malicious websites and would later on damage the system. They can now gain access to sensitive information.

Spear Phishing

Spear phishing targets specific individuals, organizations, or businesses. And it happens when an email sender pretends to be someone you know or trust, with an urgent request for information. Sometimes they may also ask you to install malware on your computer.

 

Always verify the identity of the sender, even if they seem to know a lot about you, and especially if they have unusual requests. Think before you send any data or information. Ask yourself, Why is there an urgent need to take action?

Whaling

This is a variant of phishing. It is also called CEO fraud, and the scammer usually pretends to be the CEO or a senior executive of an organization in order to steal money or information, or gain access to computer systems to wreak havoc.

 

Don’t overshare on social media. You never know who can make use of your photos and posts to gain enough information to impersonate you, or learn how to manipulate you in some way. A well-thought verification process for requests for data or money transfers can be useful.

 

 

Cybersecurity tips


Ensure the safety of your account information and online banking transactions.

 

Reminder

We will never contact you to ask for your OTP and other confidential information, or confirm details of your account for deactivation. Remember, OTPs are used to complete transactions.

 

If you did not initiate the transaction indicated in the SMS, the transaction is fraudulent and should be reported immediately.

Need more help?

Get all the help for your banking needs.

  • 123
    456
    789
    *0#

EXPLORE HELP & SUPPORT
prefered
We use cookies

We use cookies to improve your experience and provide you with better services. By continuing to browse our website, you agree to our privacy policy.

ABOUT - BPI
Who we are
Investor Relations
Governance
News
Sustainability
Careers
Site Links
Data Privacy
Financial Consumer Protection
Corporate office
Bank of the Philippine Islands

Ayala Triangle Gardens Tower 2, Paseo de Roxas corner Makati Avenue, Makati City 1226 

 

appStore
googlePlay

BPI is a proud member of   | BPI is regulated by the Bangko Sentral ng Pilipinas https://www.bsp.gov.ph

© Copyright 2023. All rights reserved.