Anyone who has a mobile phone has most likely received an SMS message purportedly from their bank advising them that their account has been compromised and urging them to act promptly by opening the link provided in the message.
This is one of the most common types of scams targeting banks these days. In fact, it has become an everyday thing that it has lost its effectiveness as a fraud attempt to some. But many are still unaware and fall prey.
According to the Bankers Association of the Philippines (BAP), an estimated Php1 Billion was lost to online bank schemes in 2021. In 2020, the Bangko Sentral ng Pilipinas (BSP) reported that 13% of the 20,000 consumer complaints were due to fraudulent and unauthorized transactions.
The Philippine National Police Anti Cybercrime Group (PNPACG) says that the growing dependency of most Filipinos on the internet resulted in the increase in cybercrime cases in the country. This was reflected in the consistent rise of cybercrime cases handled by the PNPACG since its activation from 2013 to 2020.
“The pandemic has even fueled the emergence of cybercrimes in the country since the whole nation was forced to adopt the new normal and the drastic digitalization of things,” the PNPACG notes.
BDO Unibank also acknowledges that despite depositors being increasingly savvy, the fight against fraud is ever-continuing.
“BDO is committed to continuously protect its clients by constantly arming them with timely information and advisories on how to secure their accounts, even as we constantly upgrade our systems and improve our services,” says the Bank.
As with health problems, prevention is better than cure, especially because bank scams, once successfully executed, are rather difficult to fix. With these alarming situations, here are some of the most common bank scams, and helpful tips on how to avoid the pitfalls.
Account takeover
A form of identity theft where fraudsters are able to gain access to someone’s account by using stolen information to make unauthorized transactions. There are three subtypes: phishing (via email), smishing (via SMS), and vishing (via phone calls).
One of the most common ways for fraudsters to get access to information is through emails pretending to be from a trustworthy source with instructions to click a given link.
The fraudsters send SMS messages to notify the accountholder that the account has been suspended or deactivated.
The message contains instructions to the receiver to click the link to access an account. This link leads to a fake website that looks like the bank’s official website. The fake site will require the customer to input account details and personal information. When all details have been supplied, the fraudster then uses them to take over the account.
If via phone call, the fraudster makes an online purchase and asks the would-be victim to enter the One-Time PIN (OTP). The fraudster, posing as a representative of the bank, calls the cardholder. The fraudster then informs the cardholder that an OTP was sent to check the security of the account. Afterwards, the fraudster asks for the OTP and, once they have it, will use the OTP to make unauthorized transactions without the knowledge of the real account holder.
To prevent these, BDO Unibank advises the banking public to never click the links sent via suspicious email or SMS. The bank also reminds its clients to report any incident to reportphish@bdo.com.ph right away, and for any suspicious SMS received, to report it to 22567888. After reporting, the client should delete the email/SMS.
“If the link was inadvertently opened, do not input any information and close the browser immediately. For suspicious phone calls, do not give card details and OTP. Ignore all calls asking for OTP or any personal information,” BDO points out.
Familiar fraud
In this type of fraud, fraudsters take over the identity of people they actually know such as friends and close relatives by taking advantage of their trust. Familiar fraud happens when a relative or a friend receives a newly approved card on behalf of the client, then does not give the card to the client and instead begins using it. The relative/friend shares all the same personal information as the client, so they use it to apply for credit cards or make online purchases. The relative/friend then creates an online banking account using the same information as the client.
A study by Javelin Strategy & Research in 2020 found that about 1 in 20 people nationwide were affected by identity fraud in 2019. Losses rose to a total of $16.9 billion, up 13% from 2018.
To avoid this scam, BDO advises accountholders/cardholders to never share card details with others, even with relatives.
The BSP also advises every cardholder to stay on top of their account information to alert them of potential fraud, “Activate multi-factor authentication such as OTP, security questions, biometrics, email and text alerts to get notified every time there is a transaction involving your accounts and cards.”
Lost or stolen cards
This happens when a card has been misplaced or taken from the original cardholder without their knowledge and is subsequently used by the person who has recovered or obtained it.
The bank advises its clients to report the card as lost/stolen to the bank’s customer contact center immediately upon learning about the loss. Neglecting to do this, BDO stresses, keeps the stolen card open for use by fraudsters to make unauthorized transactions.
BDO cardholders are also advised to immediately call the BDO Contact Center at (+632) 8631-8000 to suspend their lost or stolen cards and visit their branch of account to have the card replaced.
Merchant fraud
In this scenario, fraudsters recruit and collude with merchant personnel to copy credit card data from customers using a skimming device. Fraudsters create a duplicate credit card with the copied data.
To prevent this, BSP advises cardholders to ”keep an eye on their card and the cashier when transacting with a merchant using a POS device.”
As an option, BDO recommends that cardholders ask the cashier to bring the terminal to them so they can personally insert/dip or tap their card on the machine. BDO also warns against clients allowing their card details to be written down on any piece of paper.
Further vigilance is advised in the days or weeks following card loss or theft. BSP recommends regularly checking account balances and billing statements. ”As long as you check your accounts regularly, you should be able to catch any unauthorized purchases and take the appropriate steps to resolve the fraud.”
Internet/online shopping
This is an unauthorized transaction committed online using compromised account information. Fraud occurs when a fraudster gathers account information and then uses it to purchase from online stores. The fraudster gets the OTP by calling the cardholder to finalize the purchase online.
BDO advises all cardholders to never share personal information, such as credit card number and the three-digit code on the back of the card called CVV, on unsecured websites. OTPs should also never be divulged to anyone who calls.
According to former PNP chief Gen. Dionardo Carlos, people can avoid being targeted by cyberattacks by being more discerning. “The best way to avoid a cyberattack is to be more discerning whenever your information is asked and to immediately report to the authorities when suspicion arises,” he says.
Fraud victims can also seek assistance with the PNP by contacting PNP Anti-Cybercrime Group through e-mail at acg@pnp.gov.ph or telephone number (632) 723 0401 local 7483.