Beware of phishing scams! (Nabiktima ka na ba?)
The most common complaints we hear about banks these days are poor and slow service. Among the funny ones I heard recently goes, “Why is this big bank charging us for convenience fee for the inconvenience that they’re giving us?” 
But there is one banking-related crime that is on the rise today, but may actually be under-reported: phishing scams. Unlike other banking service complaints that are easily expressed on social media, this one is not easily ranted because of two main points:
1. If you’re the phishing scam victim, you hesitate because you feel like it was your fault, “Bakit ka kasi nagpaloko?” There’s stigma in admitting being victimized by these unscrupulous predators.
2. Who are you complaining to? It was not the bank that did that to you, so you cannot ask the bank to compensate you for the loss.
So, who do you run to?
My husband and I are both trained in the banking industry and we have made life-long friends in this field. So, it is with care that I write today’s column about the increase in the phenomenon of phishing scams in the banking industry.
I remember one of my first bosses back in the day who avoided press interviews. He said that banks are better off shying away from publicity. He used to say, “Just do your job well and take care of the trust given by your clients. No need to grant those interviews.”
It is probably along this line of thinking that we don’t see banks openly warning their clients against phishing scams because they think that doing so may make their clients nervous and may actually put their reputation at risk.
What happens when bad things are not openly talked about? The perpetrators are rewarded!
So, for today, I wish to talk about three stories that narrate phishing scams experienced by people we know who sought help from us, and my own encounter. I do not wish to discredit the two banks I will mention here. I acknowledge that they, too, are victims. But I guess, talking about it will warn other people and may give valuable insights to the banks, maybe even BSP, and other stakeholders. Here are the stories.
Na-123 ako!
Last week, someone dear to me made a frantic text message while I was in a meeting, “Please help me, I think I was just scammed!” Soon after my meeting, I called her up and asked, “How much was stolen from you?” Her answer, “P123 thousand. Literally, na-123 ako!”
This is what happened. She received an email from her bank.
To protect herself, she clicked the button. She was led to a website that looked like the official bank website. She ended up writing her password, because that’s always the way to replace your password, right? You write down your old password, then later on write your new password. Unfortunately, there was no writing of new password because when the scumbags got her password, they lost no time in wiping out everything from her account.
She reported it to the bank. We helped her in following up her case with the bank. Hopefully, she will be able to recover her money. Here’s my advanced thank you to all those who responded.
Our driver’s sister
Last year, our driver asked for our help, “Sir, Ma’am may kilala po ba kayo sa BPI? Yong kapatid ko na-scam, nakuha po lahat ng cash nya sa ATM account nya!” The story is that the sister received a text message telling her about a certain purchase made. I can’t recall the exact details anymore, but she also ended up giving her password. We went through the process of filing a complaint, filling up some forms and other steps. After quite some time, nothing was recovered. The sister was even sick at that time. She had to undergo a heart operation. Needless to say, this incident added stress to her that made her very sick.
Uy wrong grammar ka!
Here’s my own encounter with a phishing scam. I received this email.
My first reaction was, “What kind of email language is this? Mali-mali pa ang grammar! Isusumbong ko ‘to kay _________ (name of my friend who works at the bank).” Whenever I receive an email like this, my first step is to hover over the sender’s address and if it’s very far from the institution it claims to be, I just delete it. I don’t know what mood I was in at that time because when I hovered over the sender’s email address, I remember seeing a “bpi.com.ph” so I clicked then received a text message on my cellphone. This is the text message:
After receiving this text, that’s when I got alarmed. So, I looked at the message again. Then that’s when I saw all the suspicious elements of the message. Something in that one-click already activated an internal data base because I didn’t give my password nor cellphone number but I was sent a text message!
I immediately forwarded it to my friend. A closer look at the email address revealed that it was nets.card@bpi.com.ph. I don’t know about you but doesn’t that look like a legit email address?
Upon investigation, they concluded that it was a phishing scam. Thank God, no single centavo was taken from my account. Thank you also to all those who responded to my report.
I already consider myself careful when it comes to these matters. And yet, I was still hood-winked into clicking that button.
What can we do to combat phishing scams like the above?
1. As we are always reminded, banks do not ask for our passwords. However, in the above examples, we can see that the scumbags have changed their tactics. They are now using words that will warn you and they are asking you to do something to protect yourself. In my case, I didn’t give any password, and that is why nothing was taken. But I got myself close to being victimized.
2. Check the language. Years ago, I read an article on avoiding scams and it said that sometimes the wrong grammar is intended because they try to attract a certain kind of victims. Ouch! But those were for the likes of “I inherited millions of dollars and I need an account so I can deposit the proceeds…” kind. Gone are those days. As discussed in no. 1, they are now in the guise of protecting you.
3. The email address. I wonder how my scammer was able to get that email address that looks so legitimate. Last Monday I received another email with the same look, same grammatical errors, but now the email address is less legit-looking no.reply-b.p1-22@bpicariph.com, but could still fool someone not paying close attention. I hope banks would be on the perpetual lookout for those who create websites bearing similar names as theirs in order to protect themselves and their clients from this harm.
4. The default maximum allowable transfer. In the “Na-123-ako case” the default maximum allowable amount that can be transferred is P500,000. What if they lower the default amount, especially for accounts of retirees as was the case in the story? The depositor can just change the default amount if needed.
5. Let’s remember that we all have moments of… how should we call it? Low rationality or slow moments. I write about scams, I warn people about scams, and yet, I could have been a victim if I didn’t jolt out of that low moment on time. An intel study reveals that 97% of people worldwide cannot identify sophisticated phishing email.
6. While writing this article, I saw a phishing filter. I haven’t tried it yet because I don’t want to install anything that I don’t trust but I do hope that there will be some sort of a filter that we can all have.
7. When checking one’s emails, be alert. Watch out for words such as:
a. “We have noticed some suspicious activities or log-in attempts in your account.”
b. “There seems to be a problem with your account or payment information.”
c. “Please confirm your personal information.”
d. “You are eligible to register for refund, prize, etc.”
e. “You can get free stuff by clicking link.”
f. “Please update your information.”
8. Report any suspicious emails received without clicking anything.
I do hope that banks will not remain quiet about this, but take a more pro-active stand. Maybe they should even put a banner on their websites right now to help protect their depositors. We need more reminders right now. NBI’s Cybercrime Division has recorded a staggering 200% increase in phishing incidents since the quarantine in March. This is an attack not just on the depositors but also on the banking system. There should be a more systematic and significantly faster handling of these cases, similar to a dedicated 911 because in a matter of seconds cybercrimes can be committed and lives can be devastated!
ANNOUNCEMENTS
1. I will be the guest at Secret Ladies Club on Kumu on Thursday.
2. I will give a talk at AXA on Friday (November 6) at 9:30 a.m.
3. I will be a guest at Real Talk by Modern Parenting on Saturday (November 7) on FB Live at 2 p.m.
4. My son Enrique and I will give a talk to doctors at Zeta Mu Fraternity on Saturday at 4:30 p.m.
5. Have you visited our new home recently? Please do, click http://fqmom.com and let’s continue the conversation.
6. If you want to enhance your FQ through stories, check out FQ Mom books, available in print (with autograph) and ebook versions.
