Go easy on posting your personal details online in this day and age when scammers prowl the digital space to steal bank credentials.
This was the warning of Bank of the Philippine Islands (BPI) in a statement issued on Thursday, to mark the global “CyberSecurity Awareness Month” this October.
From a national effort that began in the United States in October 2003, CyberSecurity Awareness Month is now a worldwide activity.
BPI, Southeast Asia’s oldest bank, provided tips on how bank account holders can protect themselves from cybercriminals as digital transactions become the norm during the COVID-19 pandemic.
First: “Do not overshare,” BPI said. “Whether on social media or in person, never share sensitive information and bank credentials with anyone.”
In social media platforms, such as Facebook, some people tend to “overshare,” even posting documents with sensitive personal data, such as passports or visas, when announcing overseas trips, or even vaccination cards.
Just like social security cards and other official documents, these papers contain birthdates and other information that cybercriminals can easily use for social engineering, or for tricking the unwary into divulging confidential data that may be used for fraud.
“Most especially, keep your one-time passwords (OTPs) and credit card details to yourself,” BPI said.
‘Passphrase’
Second: Use a strong and unique “passphrase,” instead of a password, for your account.
A passphrase is a sentence-like string of words used for authentication. It is longer than a traditional password, but easier for the user to remember and more difficult for hackers to crack.
However, users must not employ the same passphrase for all their accounts.
Embedded links, attachments
Third: Beware of embedded links and attachments in emails. “Always be cautious whenever you receive emails. A logo, company header, and even complete employee details in an email can be faked,” BPI said.
Fourth: Always double-check. “Whenever you receive emails, calls, SMS, promos, or discounts, always confirm with your service provider through official channels,” BPI said. “Remember, if it’s too good to be true, then it probably is.”
It’s best for account holders to follow their bank’s official pages for cybersecurity tips and other important information.
While cybercriminals increasingly use social media to scout for victims, banks and other financial institutions are fighting back by using the same platforms to educate the public.
Phishing
The Philippines continues to be a convenient target for cyberattacks.
The Anti-Money Laundering Council has seen a 57-percent increase in suspicious transaction reports during the initial phase of the pandemic last year. As more consumers use digital platforms, cybercriminals are trying to exploit those platforms.
Phishing is now the most prevalent cyberattack targeting the banking public, according to the Bankers Association of the Philippines.
A typical phishing operation is when a cybercriminal pretends to be an employee of the bank and emails customers about “problems” with their accounts.
According to the Philippine National Police Anti-Cybercrime Group, there were 869 recorded online scam cases from March to September last year—a 37-percent increase from the 633 cases in the same period in 2019.
Credit card concerns
In January, Sen. Sherwin Gatchalian disclosed that his credit card had been hacked and he was hit with charges of about P1.1 million for food deliveries made through a delivery app.
In the same month, the Bangko Sentral ng Pilipinas (BSP) said it had tightened regulations governing credit card operations in response to the spike in fraud complaints from the public.
BSP Governor Benjamin Diokno noted that of the 23,000 complaints lodged with its online chatbot activated last year, about a fourth of the complaints from bank clients on financial services were credit card concerns.
The BSP said fraudulent credit card transactions commonly involved information and identity theft, phishing and its variations, and card skimming and card replacement schemes. —With a report from Inquirer Research INQSource: Inquirer Archives, PNA