About three weeks ago, a friend forwarded a free Jollibee meal message. All we have to do is answer a few questions and then forward the same message to friends. I answered the short survey and forwarded the message to friends. I stopped when I felt there was something wrong.
One of my friends to whom I forwarded the message to completed the task. After a few minutes, she got a notification that someone attempted to open her GCash. Another friend had a similar experience. We then concluded that the Jollibee message aims not to give a free meal but to get access to our GCash.
Such fraud act is called phishing.
What is Phishing?
Phishing is more than a fraudulent attempt. It is a fraudulent practice to induce individuals to reveal their sensitive, personal information, such as usernames, passwords, credit card details by disguising as a reputable company in an electronic communication.
Typically, it’s done through email or text messaging. It also often directs users to enter personal information at a fake website, the look and feel of which is identical to the legitimate website. These emails frequently use threats or they scare user so that they will actually respond. The information entered through the fake website becomes stolen user data which includes login details and other confidential personal information. The fraudsters then use the stolen data to access legitimate accounts. And if that happens, they are free now to transfer money to their accounts.
Phishing is also an example of social engineering. It’s a technique used to deceive users. It is like a bait. Just like fishing, they aim to catch fish; with phishing though, they aim to get data.
How is phishing done?
In the context of BDO, there are people out there who are sending fake emails that look very real. They send these emails to as many people as they can hoping to reach BDO clients, so it’s a broad approach. Some BDO clients will be fooled by what appears to be an authentic communication from the bank. Based on the samples, many of this communication appears authentic. They have the BDO logo and even the email address looks authentic. The only clue—and this is important—that will alert the reader to phishing, is the content of the email.
To remind their clients, BDO will never ask for any sensitive, personal information.
What happens to a client’s account?
They pretty much get everything. Once you go to the fake website and starting entering personal information, that’s it. Ultimately the information that is harvested will be used to steal money from you, from your accounts.
How is BDO thwarting phishing attempts?
BDO uses a service to take down suspected, phishing websites. Reported phishing attempts are investigated by a BDO cybersecurity partner. The goal is to take down the website that the phishing email uses to acquire sensitive, personal information.
The fraudsters are also always a step ahead because stealing is their full-time job. Thus, in partnership with their clients, BDO educates its clients about phishing.
Join the advocacy: #saynotophishing!
Again, these fraudsters seem to enjoy their job and they love it best when they were able to hack our accounts. We should do our part. More than the bank helping us stop this kind of stealing method, we should also not allow the fraudsters to win by reporting any suspected phishing attack. Report to email@example.com.