^

Opinion

Caution, logic and rigor

TOWARDS JUSTICE - Emmeline Aglipay-Villar - The Philippine Star

For most of us, there are steps we take to keep our families and possessions safe that we consider a matter of course. We lock our doors when we leave the house, we don’t leave our wallets out on the front lawn, and so on. Neither would we turn over the keys of our car to a stranger who says he can use it as collateral to procure for us a fleet of vehicles. We are on our guard against these types of physical invasions and face-to-face crooks… and yet for many of us, this guard lowers when the interactions are remote, or when the invasions happen online.

Sometimes this may just come down to a case of unfamiliarity: Those of older generations who did not grow up with the internet or mobile phones can find it hard to distinguish what is real and what is fake in a world that is not physical. But even the most tech-savvy of us can fall victim to scams – it’s not technical savvy that matters most here, but caution, logic and rigor.

The caution should arise from the awareness that there are many people that are willing to prey upon others to enrich themselves; and for many of these criminals, using phone calls, text messages or the internet enables them to spread their net much farther in an attempt to catch the unwary. And the onset of the pandemic – which made remote payments and online transactions a necessity in many instances – caused explosive growth in this sort of fraud. BSP Governor Benjamin Diokno has said that hacking and other malware attacks surged by 2,324 percent in 2020 from 2019, while phishing and other social engineering schemes soared by 302 percent.

While the use of technical terms can make protecting yourself from these scams seem complicated or intimidating, that’s not really the case. The cautious practices that we adopt when it comes to our own homes can transition to the realm of telecommunications. If a stranger arrives at our door and asks to be let in, would we immediately usher them inside? Likely not. We can and should apply the same caution to messages from strangers. As a cybersecurity expert said, it can be helpful to start from a position of paranoia and mistrust.

This does not only apply to unknown senders, but to unknown packages… or in this case, links. Any message – whether through email, social media or SMS – which contains a clickable link should be treated with particular caution, and you should never click on it unless you are both (1) expecting it to be sent to you and (2) completely sure about who it comes from. It is important to remember that a seemingly innocent link is capable of many deceptions: The URL of the text displayed can be different from the actual URL embedded in the text and to which your browser will be sent (one way to check is to hover your cursor over the blue text – the site it will actually go to will be revealed).

Deceptive links are one of the primary tools of what are known as “phishing” attempts, where an unsolicited message (usually claiming to be from a bank or the government) uses the link to direct you to a website under the scammer’s control where you are made to enter sensitive information such as your full name, account details and passwords. The ease with which links can be used to misdirect and deceive has already led to some banks to abandon their use in official communications, to lessen the risk to their customers.

Nevertheless, it is we who remain the last, best option to safeguard ourselves from these kinds of fraud. Another key defense is the use of simple logic. Many scammers ask for your personal information in the guise of getting you to “confirm” something, whether this be a transaction or the information itself. But, logically speaking, an entity which already has that information shouldn’t need to ask you to fill it in – they should be able to present you with the information themselves before asking you to confirm.

Likewise, invitations to invest in an enterprise that will double or triple your money in a short time are unlikely to be true. Logically, something that effective would be advertised and reported on heavily, and you’d hear about it from multiple sources and not just a lone text.

The BSP has compiled a useful primer on their website with tips on how to protect yourself from frauds and scams, as well as who to contact if you become a victim. It lists some of the most common scams, which include: text scams that claim you won a prize/free upgrade and simply need to provide them your personal information so that you can claim it; “spoofed” websites made to look like the real thing; and romance/dating fraud where the scammer earns the trust and affection of the victim through a fake profile, then later proceeds to ask for money or personal data.

One of the best defenses against this multitude of scams is simple rigor – the diligence of not simply believing what you are told, but double-checking the information using multiple reputable sources. If someone says that they are a graduate of your school, or an agent of a multinational company, it’s a simple matter to contact the school or company concerned to hear it straight from the horse’s mouth.

It’s important to be able to think critically about the information you receive, to separate your desire for something to be true from the likelihood that it is true. We would all like to receive an unexpected gift, or a dream job offer, or the love of an ideal partner… and unscrupulous persons know this too. Miracles and good fortune do at times occur, but if that’s the case they will not fade away if you simply delay and do your research first.

Caution, logic and rigor. Let these be your watchwords against those that would deceive you.

FACE TO FACE

Philstar
  • Latest
  • Trending
Latest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

FORGOT PASSWORD?
SIGN IN
or sign in with
no session for state
no session for code
no session for id_token
no session for user