Today’s digital age now makes it more convenient to do such things as pay one’s bills. This seemingly routine task can now be done with a few simple clicks on a laptop or mobile phone. What’s more, one isn’t limited by banking hours anymore—transactions can be performed any time, even on weekends.
Yet all this advanced technology comes with a price—the risk of falling victim to what is known as phishing. This cybersecurity threat essentially involves scammers (or social engineers, as they are called) tricking people into giving confidential information by pretending to be from a legitimate entity or organization such as a bank.
While there are many types of phishing, scammers use five common ways to pounce on their victims:
1. First, there is Spear Phishing. This one involves social engineers who target specific individuals or organizations by using their personal data. They often take advantage of information from social media accounts.
2. Then there is Malvertising. Keen observers will note that this term is a play of words combining malicious and advertising. As the term suggests, malware is embedded in these malicious adverts, allowing social engineers to gain access to their victim’s devices, as well as sensitive data.
3. Whaling is another way scammers gain access to sensitive information. This one involves using the identity of the CEO or top executive of a company to gain access. Social engineers often send out emails that were allegedly written by these honchos. Unsuspecting folks get fooled into thinking they are so important that the big boss would take the time to reach out to them. They unwittingly disclose personal information to impostors.
4. Vishing: Short for Voice Phishing, the scam involves social engineers using fake caller IDs in order to fool people into keying in their valuable data.
5. Lastly, there is Smishing. It uses the ever-popular text messaging (SMS) to gain access to would-be victims’ data. It involves sending a link that is essentially a malware-infested site embedded with data-grabbing software.
Yet all is not lost. Banks such as BPI have already taken steps to ensure that clients are protected from such tricksters. The Bank has put in place cybersecurity measures aimed at protecting everyone who transacts with them and those who use the Bank’s various digital channels.
Of course, cybersecurity is a shared responsibility between institutions and the end user. So here are a few tips from BPI to help ensure one’s peace of mind:
a. Make sure to double check e-mails from your bank and online sellers. Banks will never ask you to verify your personal information. If any action is requested by the bank through e-mail, you should contact the bank through its official channels.
b. Leave out your birthday, contact details, and even vacation plans on social media. These may be used by scammers already in possession of your log-in credentials to steal your identity and pass security checks by your bank and credit card companies.
c. Be careful with online games or applications that request for personal information like your birthday, email, and mother’s maiden name. Do not overshare.
d. It’s always good to pause and check for the telltale signs of phishing, like incorrectly spelled URLs in e-mail links and requests for personal data and confidential information.
e. And if you receive an e-mail from a source that you know but looks suspicious—for instance, the e-mail was unsolicited, it contains grammatical errors, or it redirects you to another site—write that source with a new e-mail, instead of just hitting reply.
The best way to ensure one’s safety as a digital channels user is to never give out your private or confidential information, especially if the party you’re dealing with is questionable. Always remember, BPI will never ask for confidential information (account details, PIN, OTP, etc.) via email, phone, text message, or social media.