With the recent move by some Philippine banks to extend the payment dues of loans and credit cards by 30 to 60 days, scammers are using the familiar ploy of sending out emails or calling customers and posing as a “legit” bank personnel offering a loan payment extension. The intention here is to get the account details and OTP (one-time password) of the customers so fraudsters can take over the account.
Because of this, BDO Unibank is reiterating important reminders to clients and the general public to combat fraud:
1. Do not share personal information.
Personal information consists of bank account numbers, usernames, passwords, or One-Time Pins (OTP). Using this information, scammers can steal identities, access online bank accounts, and steal money.
Personal information can also include birthdays, mother’s maiden name, the street where one grew up in—any unique information about the user can be used by the scammer to unlock online bank accounts.
The bank advises all to be prudent in posting personal info on social media channels. If profile is public, best keep it on private mode for added protection.
2. Do not click on website links.
Fraud attacks can also come in the form of emails, SMS messages, phone calls, or messages via social media channels. Scammers introduce themselves as officials of a trusted company. Their messages look and sound very convincing and sophisticated. Gone are the days of imperfect grammar and distorted logos. They even include a website link. Hovering on these website links however will ¬reveal a fake website’s address on the preview.
Do not click on these links. These links will lead to a website identical to a legitimate company’s official site. Here, scammers can harvest personal information.
The Department of Information and Communications Technology (DICT) says: “Be wary of unverified and unproven COVID-19 websites or applications that require you to give your personal data. These websites and applications might be used by online scammers. Cybercriminals will do anything to obtain personal information, especially your financial and banking details.”
BDO assures clients that it will never include links in its official communications.
3. Do not share OTPs.
Companies send out OTPs via SMS messages as an added layer of protection. For banks, OTPs serve as an account holder’s sign off to proceed with a transaction, like paying for utility bills.
The bank warns clients about scammers pretending to be from BDO. They may offer a 60-day loan payment extension and ask for account details including OTPs, so they can proceed with transferring money to their account.
BDO says that real bank officers will never ask for clients’ personal information, such as OTPs, under any circumstances. When in doubt, report any suspicious communications to ReportPhish@bdo.com.ph.
Be cautious at all times
It’s important to be cautious during this time. “Be wary of fake news. Review and confirm information/sources,” said the DICT.
Stay tuned in to trusted government and news sites or social media platforms for real and updated information on COVID-19, and do not share unverified information about the situation as not to spread fake news that could incite more panic among the people.
“If you have time to spare, help your friends by verifying the information or sources they share. Contact them directly to clarify whatever falsehood they shared and share with them verified facts about the COVID-19,” it added.