‘Digital hygiene’ cuts probability of being scammed
Create a separate email address solely for your bank transactions that you will never use for social media accounts. Turn on the one-time pin (OTP) feature on your accounts and never share these OTPs.
Such forms of “digital hygiene” can easily reduce one’s probability of getting scammed by “budol-budol,” or swindlers, who are now exploiting digital channels, a cybersecurity expert from Union Bank of the Philippines said in a webinar on Wednesday.
Joey Rufo, Union Bank vice president and chief information security officer, said that just like in the physical world, there was no silver bullet against swindling.
By simply separating banking email from social media, business/profession and other emails, Rufo said this would go a long way in warding off online fraudsters who were always lurking to steal people’s credentials to gain access to their bank accounts.
“Emails are for free, you can create many of them, each one for dedicated purpose,” he said.
Another effective deterrent to scams would be to employ different passwords and make sure to switch on the OTP, also known as two-factor authentication.
“Even in the remote event that someone gets your password, you will still have the OTP that is generated when you need it. Never share that OTP. That already solves the 90-percent chance rate of you being scammed,” he said.
Rufo likewise warned against oversharing in social media.
“It’s common for fraudsters to look into your profile: what are your likes, interests, hobbies. Sometimes, we unconsciously use the names or birthdays of our family members—the wife, the kids—as the password, so when they know this kind of information when they profiled you, they can somehow guess your information,” he said.
Rufo also echoed the frequent warnings from various banks to transact only with reputable sites and businesses and beware of latest phishing or social engineering tactics employed by fraudsters to steal credentials.
He advised logging on directly to a digital service provider’s website and mobile application, and verifying emails and links before clicking.
Since the coronavirus (COVID-19) pandemic-lockdown protocols imposed in mid-March, Rufo noted that fraudsters have proliferated in digital space, using COVID-19 for their scare tactics or as an excuse to hawk fake charities, engage in fake selling of face masks or induce people to log on to fake websites posing as legitimate bank websites.
Mobile apps are harder to hack than regular websites especially for those with biometric features, Rufo added. “You can put a very complex password, and forget about it, and then use fingerprint or face biometrics. That’s a strong feature of the smart phones,” he said.
For business owners, Rufo said it’s best to have more than just one person who would be authorized to transact online. “So if one person got phished, more than one-person approval will help curb fraud,” he said.
Rufo highlighted the serious threat posed by cyberattacks to digitization, saying that individuals and enterprises must always be on their toes since these attacks could come in new forms and can affect any industry that has digitized.
“If you’re an individual or an organization that has a digital footprint, the bigger you are, the more digital you are, the more likely you become a target,” Rufo said.
In the first month of the pandemic, UnionBank saw an increase of about 50 percent in its digital transactions, which it attributed to the shift to digital channels among banking customers due to social distancing measures that are in place in order to control the spread of COVID-19. With health experts expecting the pandemic to last until at least next year, Rufo said that digital transactions would continue to grow, which would likewise widen the hunting ground of online fraudsters.
To ensure that its digital ecosystem is secure, Rufo said Union Bank, for its part, had been investing in the latest data security technologies, 24/7 interception and monitoring of attacks through its Integrated Operations Center, regular security tests, and awareness campaigns via communication channels on how customers can protect themselves.
Cybersecurity, Rufo said, should be part of everyone’s daily routine.
“We need to keep in mind that while cybersecurity measures are there to protect us, we must also play our part in protecting the digital channels that we use for our transactions,” Rufo said.
