The COVID-19 has made the people from everywhere in the world searching the internet for information. While everybody's focus is on the present crisis we are facing, there are still people who will take this as an opportunity to commit crime.
These cybercriminals are taking full
advantage of the situation and exploiting people’s fear and anxiety. They send
out fraudulent but highly believable bait messages that trick people into
divulging their personal information.
In the US, some scammers call and claim to be from the Centers for Disease
Control and Prevention (CDC). They offer a COVID-19 vaccine and to complete the
purchase, ask for people’s credit card and Social Security numbers. To date,
there is still no cure for the virus. Already, US officials have called out
this phishing scheme.
Taking advantage of pandemic in PH
With the recent move by some Philippine banks
to extend the payment dues of loans and credit cards by 30 to 60 days, scammers
are using the familiar ploy of sending out emails or calling customers and posing
as a “legit” bank personnel offering a loan payment extension. The intention
here is to get the account details and OTP (one-time PIN) of the customers so
fraudsters can take over the account.
BDO Unibank is reiterating
important reminders to clients and the general public to combat fraud:
1. Do not share personal information.
Personal information consists of bank account numbers, usernames,
passwords, or One-Time PIN (OTP). Using this information, scammers can steal
identities, access online bank accounts, and steal money.
Personal information can also include birthdays, mother’s maiden name, the
street where one grew up in—any unique information about the user can be used
by the scammer to unlock online bank accounts.
The bank advises all to be prudent in posting personal info on social media
channels. If profile is public, best keep it on private mode for added
protection.
Fraud attacks can also come as in the form of emails, SMS messages, phone calls, or messages via social media channels. Scammers introduce themselves
as officials of a trusted company. Their messages look and sound very
convincing and sophisticated. Gone are the days of imperfect grammar and
distorted logos. They even include a website link. Hovering on these website links
however will reveal a fake website’s address on the preview.
Do not click on these links. These links will lead to a website identical
to a legitimate company’s official site. Here, scammers can harvest personal
information.
The Department of Information and Communications Technology (DICT) says:
“Be wary of unverified and unproven COVID-19 websites or applications that
require you to give your personal data. These websites and applications might
be used by online scammers… Cybercriminals will do anything to obtain personal
information, especially your financial and banking details.”
BDO assures clients that it will never include links in its official
communications.
3. Do not share OTPs.
Companies send out OTPs via SMS messages as an added layer of protection.
For banks, OTPs serve as an account holder’s sign off to proceed with a
transaction, like paying for utility bills.
BDO says that real bank officers will never ask for clients’ personal
information, such as OTPs, under any circumstance. When in doubt, report any
suspicious communications to ReportPhish@bdo.com.ph.
Be cautious at all times
It’s important to be cautious during this time. “Be wary of fake news.
Review and confirm information/sources,” said the DICT.
“Stay tuned in to trusted government and news sites or social media
platforms for real and updated information on COVID-19, and do not share
unverified information about the situation as not to spread fake news that could
incite more panic among the people.
“If you have time to spare, help your friends by verifying the information
or sources they share. Contact them directly to clarify whatever falsehood they
shared and share with them verified facts about the COVID-19.”