BDO warns clients of fraud amid COVID
(The Philippine Star) – March 27, 2020 – 12:00am
MANILA, Philippines — People all over the world are eagerly searching the internet to learn more about COVID-19. However, as medical experts are still learning about it themselves, there is a shortage of trustworthy information online.
Paying no mind to the global health crisis, cybercriminals are taking full advantage of the situation and exploiting people’s fear and anxiety. They send out fraudulent but highly believable bait messages that trick people into divulging their personal information.
In the US, some scammers call and claim to be from the Centers for Disease Control and Prevention (CDC). They offer a COVID-19 vaccine and to complete the purchase, ask for people’s credit card and Social Security numbers. To date, there is still no cure for the virus. Already, US officials have called out this phishing scheme.
With the recent move by some Philippine banks to extend the payment dues of loans and credit cards by 30 to 60 days, scammers are using the familiar ploy of sending out emails or calling customers and posing as a “legit” bank personnel offering a loan payment extension. The intention here is to get the account details and OTP (one-time PIN) of the customers so fraudsters can take over the account.
Because of this, BDO Unibank is reiterating important reminders to clients and the general public to combat fraud:
* Do not share personal information.
Personal information consists of bank account numbers, usernames, passwords, or One-Time PIN (OTP). Using this information, scammers can steal identities, access online bank accounts, and steal money.
Personal information can also include birthdays, mother’s maiden name, the street where one grew up in–any unique information about the user can be used by the scammer to unlock online bank accounts.
The bank advises all to be prudent in posting personal info on social media channels. If profile is public, best keep it on private mode for added protection.
Do not click on website links.
Fraud attacks can also come as in the form of emails, SMS messages, phone calls, or messages via social media channels. Scammers introduce themselves as officials of a trusted company. Their messages look and sound very convincing and sophisticated. Gone are the days of imperfect grammar and distorted logos. They even include a website link. Hovering on these website links however will ¬reveal a fake website’s address on the preview.
* Do not click on these links. These links will lead to a website identical to a legitimate company’s official site. Here, scammers can harvest personal information.
The Department of Information and Communications Technology (DICT) says: “Be wary of unverified and unproven COVID-19 websites or applications that require you to give your personal data. These websites and applications might be used by online scammers… Cybercriminals will do anything to obtain personal information, especially your financial and banking details.”
BDO assures clients that it will never include links in its official communications.
* Do not share OTPs.
Companies send out OTPs via SMS messages as an added layer of protection. For banks, OTPs serve as an account holder’s sign off to proceed with a transaction, like paying for utility bills.
The bank warns clients about scammers pretending to be from BDO. They may offer a 60-day loan payment extension and ask for account details including OTPs, so they can proceed with transferring money to their account.
BDO says that real bank officers will never ask for clients’ personal information, such as OTPs, under any circumstance. When in doubt, report any suspicious communications to ReportPhish@bdo.com.ph.