Cybercriminals who are constantly on the run to steal not just personal information but also money aren’t picky of their prospects, and even those who are expected to be wary of their online security are among the vulnerable.
Although many of the tactics used by cybercriminals are revealed and often warned about by cybersecurity experts, a lot of people often overlook these attacks, leading them to be victims of online phishing and scam. BPI’s Head of Corporate Affairs and the Executive Director of BPI Foundation, Owen Cammayo, tells a story related to this, plus some tips on how not to be a victim of online fraud schemes.
Just last week, my dad received something that looked like an email from his bank (complete with logos and security warnings) telling him to click on an embedded link to update his account information and that failure to do so immediately would mean he gets locked out of his account. He mildly panicked, but thankfully was able to show it to me first so I was able to tell him that it was a phishing email.
A friend of his who received a similar email wasn’t so lucky and ended up providing his username and password to the fake bank website. The fraudsters behind it used his information and proceeded to withdraw nearly P50,000.00. He couldn’t get it back because his bank said that since the correct login information was provided, it was considered a valid transaction.
This is something we don’t want to happen to us. But sometimes, without our knowing it, we do things that make us vulnerable to fraud and scams.
I spoke with some friends who also work in the banking industry to ask about how and why so many people fall to fraud these days, and consistent to our own assessment — scammers take advantage of some very common mistakes that people make such as:
- Using easy-to-crack PINs and passwords
Don’t use birthdays, addresses, anniversary dates, or other personal information in your passwords. Do you honestly think fraudsters won’t be able to find out this information? Think of a number or a combination of letters and numbers that are harder to guess. Also, it may seem like a hassle to have so many passwords, but remember that having one password for multiple accounts means that a hacker now just has to crack one to get into all of them.
- Clicking on malicious links
According to an online advisory of the BangkoSentral ng Pilipinas (BSP), text scams, phishing, and spoofing are common. Fraudsters trick people into clicking on malicious links found in text messages, emails, messaging apps, fake bank websites, and banner ads.
Follow this simple rule: think before you click. Always check if the links you receive are from trusted sources, and be vigilant about fake bank websites by confirming the web address or domain. You can do this by simply hovering your mouse over the link to see where it actually leads to.
When accessing websites that require your information, ensure that you have a secure connection. Check for a lock icon beside the https:// on the address bar of your browser.
Remember that a legitimate bank wouldn’t make you update your account information through embedded links and wouldn’t just lock you out of your own bank account, so don’t panic.
- Logging onto banking apps or online banking accounts using public WiFi.
You can say public WiFi is a godsend. For scammers, however, it’s more like a bonanza. Seemingly harmless acts such as using free, public WiFi while transacting online can make you very vulnerable to being hacked.
As a security measure, it’s best to use your banking apps via a secure WiFi connection at home, or through your phone’s mobile data. Make sure that you’re using the latest updated version of your app, as banks continually add layers of security on their respective apps through these updates.
- Not maximizing the security services and features of banks
Security features and services are there for a reason. For banks, it’s one of their ways to keep clients’ funds safe and protected. Be in the know and always be updated about existing and new features and services of your bank, and learn how to maximize them. After all, keeping your account safe is a shared responsibility between you and your banking provider.
Just to share, in BPI (my employer), we continue to implement security-driven features for clients. We believe that customers can have a convenient banking experience without compromising security. To support the hardware and software security in place, we also actively raise awareness about bank fraud through various channels, including our award-winning online campaign #BPIcybersecuriTips.
Among our online security features are the biometric login on our mobile app, one-time PIN (OTP) for authentication of transactions, as well as email and text notifications to update clients about any activity done through their bank accounts.
In this time of COVID-19 and enhanced community quarantine, I strongly recommend activating our Mobile Key feature, through our mobile app, as an alternative to the OTP. This will allow BPI clients to perform transactions through the app and online platforms even if they are unable to receive an OTP via SMS.
This helps eliminate the unintended distribution of OTPs, and is useful when a client is out of the country and doesn’t have a mobile network or roaming access, as long as there is a safe and stable WiFi connection. With the Mobile Key, BPI clients can opt to nominate a 6-digit PIN, or use touch ID or face recognition for authenticating transactions.
Let’s stop fraud together. Know more about BPI’s security efforts through this link: https://www.bpi.com.ph/digital-banking/security-features
