The COVID-19 pandemic and its ensuing quarantines have dramatically affected the economies of the world. In the Philippines, it has wreaked havoc on many industries, leading to retrenchments and closures of businesses.
Unfortunately, this increased financial burden has subsequently increased the incidence of fraud. According to reports, fraud activity more than doubled in 2020, and, sadly, the perpetrators are getting more creative with their modus operandi -- particularly because of the vulnerabilities of those who are new to online banking.
In the Philippines, banks are duty-bound and regulated to employ best practices in order to keep our money safe. That’s why they always utilize the up to date security features (two-factor authentication, OTPs, encryption, etc.) to make sure that our accounts are secure. In a manner of speaking, they must provide us with complicated “locks” to which only we possess the “keys”. If we inadvertently give these keys to anyone else, (leading to unauthorized access to our accounts) the banks may no longer have control over the transactions that may transpire.
That’s no reason to shy away from digital banking, though. Simply by being mindful of “keeping our keys to ourselves”, we can enjoy all the benefits of online and cashless transactions, relatively stress-free.
Prep up your privacy
Scammers usually won’t take the direct approach. Breaking through bank security systems is one of the most difficult things to do, and they opt for the quickest way to get money by simply fooling the innocent.
Accordingly, most fraudsters will always try to get our “keys” from us through social engineering, a form of psychological manipulation to get our pertinent information, and thus unlock the proverbial front door. Prevention, therefore, needs to start with regulating the flow of information, especially vital data that allows access to our accounts.
One of the best ways to prevent easy access to our info is to make sure that our privacy settings display only the barest minimum information about ourselves in social media. There is certainly no practical need to state our full birthday, full address, e-mails, and phone numbers for the public to access freely.
We should also never post any photos of our IDs, credit or debit cards, and any other personal effects that may contain information that can be used to open our accounts. Likewise, we should never share our credit and debit card information, CVVs, OTPs, and other vital information to anyone, not even to people who claim that they are from the bank. It cannot be over-emphasized that banks will never be the ones to initiate calls, messages, or emails requiring their account holders to divulge sensitive personal information.
Always go to your bank’s official pages
Given that scammers potentially have our contact information, some of them may already attempt to apply social engineering on us so that we can give them more to work with.
It is important to know our banks’ respective official websites, contact information, and social media pages. It will at least help us identify if what we're receiving through our contact channels are coming from official sources. The moment that a bank, or someone claiming to be a bank, contacts us, we should be ready to verify by actually going to official channels.
Again, we need to remember that banks will never ask us for our usernames, passwords, CVVs, and OTPs, especially through email, social media, text, or phone. Banks will also never send us shortcut links via these channels for any sort of verification. As a rule, it is always prudent to check official channels the moment we receive something (that we did not request for) containing links of any kind.
Know the tricks
This one requires going the extra mile, but it’s also important to know what are the latest scams going around so we can identify if we are being targeted. There’s always a general pattern to how these scams work, especially on e-mail or SMS.
It would usually involve a message saying that we need to reactivate our account, or a warning that our account may be compromised and verification is needed. These would also typically contain links to what may look like the banks’ pages, and ask for our username and password. When we receive something like this, never click on any link or take any other action until you’ve verified through your bank’s official channels if it is legitimate.
Banks always advise us to go directly to their app, or to manually type in their known legitimate website to ensure that we are going to the correct pages.
There are other ways that these scams are being perpetrated, which is why the banking industry is also using aggressive information campaigns to inform people about them. One of these efforts is Scam Proof (https://www.scamproof.ph/) a website from which we can learn about the latest scams. We can also report to the website our close calls or our misfortune of falling victim to a scam to ensure that the database is always updated.
To reiterate, we also have a responsibility to keep our accounts secure. So we have to be mindful of the information we share and of the actions we do when it comes to our online financial transactions. If we can keep our accounts safe from fraudsters, we can then fully enjoy all the benefits and conveniences of digital and online banking.
Immediately report on possible fraud incident to your bank
Report fraudulent activities to Metrobank Contact Center at (02) 88-700-700, 1-800-1888-5775, or email us at customercare@metrobank.com.ph using "Report on Possible Fraud" as the subject.
Join Metrobank in its fight against fraud. Visit https://metrobank.com.ph/fight-fraud for more fraud tips, news, and advisories.
Article was first published at CNN Philippines