Amid Holy Week, the Bank of the Philippine Islands (BPI) doubles down on encouraging the public to strictly observe different digital hygiene measures against fraudulent digital activities and scams. This is in response to the continuous reports of social engineering attacks by cyber-criminals via emails, phone calls, and text messages to fraudulently solicit information from unsuspecting users.
BPI Enterprise Information Security and Data Protection Officer Jonathan Paz shared valuable
insights on how cybercriminals continue to change their tactics to scam people.
“We have often received reports where a would-be victim got a call from someone allegedly from the bank and that the caller is asking for their ‘activation’ or ‘confirmation’ number. Based on the conversation, it’s the OTPs they were after. With the many OTP-related reminders being put out not just by BPI but the entire banking industry, these scammers tweak their spiels to convince potential victims, which is what social engineering is all about,” Paz noted.
“Keeping with developments in online services, cybercriminals diligently learn information about a bank’s products and marketing programs and use these in creating fake promotions or bogus web pages that try to get people to disclose sensitive information for use in their fraud schemes. As many people rest from work this Holy Week, scammers continue to work hard hoping to strike when people’s guards may be down. This is a call to everyone to remain vigilant and conscious about digital security, holiday or not,” he said.
BPI encourages the public to practice the following measures to better avoid falling victim to fraudulent social engineering schemes and other types of attacks by cybercriminals.
- If you are unfamiliar with the contact details of the sender, treat the email or SMS with suspicion.
- Are there any hyperlinks attached in the message? If the message was not expected, do not open the links without verifying its legitimacy.
- Are there any file attachments? Do not automatically download attachments as this could be malware.
- Did the caller say he/she is from the bank? Do not immediately believe it. BPI will NEVER SOLICIT information such as One-Time PIN (OTP), CVV / CVC and other confidential details.
Another concrete way to avoid being victimized by phishing, vishing, or smishing schemes is to familiarize yourself with the different protocols an institution or organization employs in communicating with its customers.
Still not sure whether what you’re seeing is legitimate or not? Feel free to contact the 24-hour hotline of the BPI Contact Center for further assistance at (+632) 889-10000.