Every crisis presents an opportunity. Unfortunately, this holds true even for scammers. They are very opportunistic even during the most trying situations like a pandemic.
While we hear about the ingenuity of a lot of people these days to augment or protect their finances like converting their own kitchen into small-scale bakeries to sell baked goods online, or converting a garment shop to produce and sell face masks, or shifting to a digital business model like an online palengke, scammers have become very creative, as well, in their modus operandi.
From their usual scheme of sending out threatening “deactivation” emails to force bank clients to unwittingly give their personal information and card details, also known as phishing, to launching fake COVID donation drives, scammers are now sending emails and texts that warn clients of unauthorized transactions in their credit or debit cards.
Sounding like what a bank might actually say and do, the email or text would go as far as telling cardholders what items were purchased, where, and when they were bought. But here’s the catch, if a cardholder would like to confirm or reverse such transaction, he or she will have to click a link to an “official” refund page. This link then leads to a FAKE landing page, where clients’ personal bank details are going to be “phished” or stolen if provided.
Truth is, opportunistic scammers are learning how to commit crime by adjusting their schemes to how banks do their advisories. Phishing emails and texts have recently become so professionally written that clients really need to spot fake links and websites than grammatical errors.
Outsmart scammers by taking these reminders to heart
There is, however, no reason to feel helpless. Phishing and vishing (the telephone equivalent of phishing) are still easy to spot if bank clients just go back to the basics of what their banks will never do or ask from them.
First, banks will never send deactivation threats. According to BDO Unibank, banks do not deactivate accounts or ask clients to “verify” via email, text, or call. Banks, it added, will also never send a link, not even to a “refund” page as now being circulated by scammers. These will lead to a fake website where clients’ personal information will be stolen.
Second, banks will also never ask for personal bank details through an embedded link. Reminding its clients and all cardholders as well, BDO said, banks will never ask for card details, such as account number and the CVV (3 digit number at the back of the card). These important details will allow scammers to make unauthorized transactions using other people’s cards.
Third, BDO said, banks will never ask for login details and more importantly the One-Time PIN (OTP). An OTP is sent by a bank once clients successfully log in using their username and password. This is the bank’s final security measure. Providing these details to scammers, is like handing them access to money and credit.
BDO believes that scammers will run out of opportunities if all people are armed with these three basic but very important reminders.