Press release
Sep 03, 2020

So you think you’re safe while staying at home? Well, not totally. As you do your online transactions at home, cybercriminals are lurking in the shadows, targeting networks that are easy to steal personal information from.


Kaspersky Lab conducted a study in 2019 and discovered that around 1.5 million phishing sites are created globally, every month, to enable cyber-profiteers to steal sensitive data. The same study also determined that Filipinos as more likely to fall victims to scams compared to its Southeast Asian neighbors.  


“The easy migration of everyday activities online, particularly purchases and other transactional tasks, has been a great help in improving the quality of life for society. Unfortunately, scammers also saw an opportunity to step up their cybercrime schemes,” said Bank of the Philippine Islands (BPI) Enterprise Information Security Officer and Data Protection Officer Jonathan John B. Paz.


The most common phishing emails detected have COVID-19 themes that offer cures, preferential priority for vaccines or other breaking news, which aim to lure victims into phishing sites that collect their personal data such as internet and email login credentials, credit card details, government IDs, among others.


BPI added cybercriminals also use vishing or voice call phishing to deceive people to reveal their confidential data such as OTPs, and to enable SIM hijacking to take over a target’s mobile number.



Handling of information

On top of activating online banking security features, the bank is urging the public to take other precautionary measures and be mindful of the different exposure risks.  


To avoid falling victim to increasingly complicated scams, Mr. Paz recommends several safe online practices. First, avoid oversharing personal data on social media. Second, when doing important transactions, avoid using unprotected networks such as free public Wifi and use home or office networks instead. Third, use separate email addresses for banking or ecommerce transactions from those used for social media, online forums, and other various activities. Finally, avoid opening suspicious file attachments.


“A legitimate email is usually sent by a familiar email domain. For example, official BPI emails are sent using the domain ‘’. Second, BPI, and most banks for that matter, will not ask for sensitive info such as your online banking login and password, credit card info, one-time-passwords or OTPs, which can be used to defraud people,” he says.


As cybersecurity is a shared responsibility between banks and its clients, BPI also advised the public to make it a habit to visit BPI’s official social media pages and familiarize themselves with the latest cyber scams and tips on cyber hygiene.


For its part, BPI continues to invest in technology and processes, such as the Mobile Key to authorize transactions initiated on registered mobile devices.  


“We are doing our part in elevating our efforts to raise awareness on social media to regularly provide information about the latest scams and modus operandi to protect people from cybercrime,” said Mr. Paz.  


So yes, you may be safe from the coronavirus at home, but not entirely from the viruses and malware used by hackers pretending to be you. To be safe, stay informed and remain vigilant.



Cybersecurity tips

Ensure the safety of your account information and online banking transactions.

Need more help?

Get all the help for your banking needs.