With the rise of digital banking comes more and more sophisticated means of fraud. Metrobank wishes to warn our clients about the various debit card and credit card fraud schemes that are becoming increasingly rampant these days.
Scammers use your bank’s email template – this can include the logo, bank name, and sometimes even an actual employee’s name – to make the scam look legitimate and to gain your trust. Mimicking official bank correspondence enables scammers to acquire your personal information and use that to access your online accounts. Once they are in, they can empty your account or do various fraudulent credit card transactions.
Please be reminded that Metrobank will never text, email, or call to ask for your personal information.
One of the more recent online banking fraud schemes is the “Add Device” modus operandi. Through this scheme, fraudsters trick you into adding a new “trusted” device to your account. The “Add Device” function is part of our two-factor authentication process which recognizes unique devices and grants access to the ones you approved. This is to safeguard you from unauthorized transactions. If you reply to the system-generated message, scammers are given access to your online bank account.
Again, we wish to remind account holders to beware of this scheme and approve only the devices you own to your Metrobank Mobile App. If possible, limit your linked devices to only one. Do not reply to any “Add Device” text messages, especially if you did not make the request and report it to Metrobank right away.
Luring in their victims
The scam starts with a deceptive email or text message that asks you to urgently reply or click on a link. The body of the message can include possible deactivation, verification of details, system upgrades, or announcement of prizes that you “won.” A common factor between all of these that you should look out for is the urgency that the sender requires to keep you from experiencing any inconvenience from the bank.
Drawn into the ploy and not wanting to face certain consequences, you may mistakenly click on the link immediately and lead you to what looks like the bank’s website. But in reality, it is a duplicate website. The duplicate website then asks you for your username and password to “log in” to your online bank account. Once you input your personal details, the scammer harvests them and logs in to the real Metrobank app or website.
As an added security measure, Metrobank sends a text message to your registered mobile number when an unknown or a new device attempts to access your account. The message will confirm if you’re currently adding a new device and would like the app to recognize it. Once you confirm, you’ll receive a One-Time Pin (OTP).
The scammers are of course aware of this, hence as part of the steps in hacking into your account, they will send a follow-up email, prompting you to reply “Add Device” to Metrobank’s text message and eventually ask for the OTP. Since the OTP expires after a few minutes, expect the urgency in the scammer’s messages.
Metrobank reminds clients to NEVER share your OTP with anyone else.
The final blow
If you mistakenly complete the process, the scammers get access to your online bank account. This allows them to send money from your account to their own or purchase expensive items under your name. When a transaction is successful, Metrobank will send a confirmation email to your registered email address, which can be used as evidence for dispute later on.
How to keep your OTP secure
Your OTP is your last line of defense and protection. As part of our two-factor authentication process, we send our clients a unique six-digit number to their registered number to confirm an online transaction. This OTP can only be used once and expires within a short timeframe. Do not share your username, password, and OTP with anyone.
How fraudsters obtain your contact information
Fraudsters typically obtain your information by browsing the web and social media to look for email addresses or mobile numbers. Another way fraudsters obtain personal information is through data breaches such as when a company’s collection of data is hacked and leaked online or sold to another individual. Therefore, it is so important to take note of the information you share online especially on social media sites, even if it’s just with your friends and family. If possible, use a separate email address just for your bank accounts to avoid the chances of it getting compromised.
Help us #Fightfraud
Metrobank takes fraud seriously. You can be part of the fight. Browse through our articles and learn more about how we can work together to fight fraud.
If you suspect you’ve been a victim of fraud, call us immediately and report the fraud incident to (02) 88-700-700 or 1-800-1888-5775. You can also email us at customercare@metrobank.com.ph using “Report on Possible Fraud” as the subject.