BPI reports mushrooming of scammers during lockdown

Since the lockdown was imposed in several parts of the country to prevent the spread of COVID-19 in mid-March, Ayala-led Bank of the Philippine Islands (BPI) said it had flagged daily at least 10 websites of scammers posing as legitimate banking or philanthropic sites to steal banking credentials and people’s hard-earned money.

These brought to almost 2,000 the total number of phishing sites flagged by BPI from March to August this year, indicating the need for greater vigilance and cyberhygiene as more consumers embrace digital banking channels.

Based on BPI’s daily battle against phishing sites, scammers have increased by more than threefolds since mid-March as they used the lockdown protocols to trick more people into giving their personal information. In 2019, BPI flagged down an average of only three phishing sites per day.

In a statement on Tuesday, BPI executive vice president and chief operating officer Ramon Jocson said most of the attacks were perpetrated by Filipino syndicates that were taking advantage of the global health crisis.

“They send out malicious emails with COVID-19 themes to steal information and put up fake crowd-funding pages for supposedly PPE (personal protective equipment) donations,” Jocson said. “A lot of the crimes being committed involve Filipinos targeting fellow Filipinos—getting their credentials, posing as clients of the banks, and doing unauthorized withdrawals.”

These cybercrimes have become more pervasive partly because of widespread tutorials, which made it easier for scammers to put up phishing sites. Banks, in turn, have to work harder in educating their clients on cyberhygiene while encouraging their migration to online banking.

“BPI has rolled out awareness campaigns over the past several months. On our nontechnical side, we count on infomercials on our social media channels to inform our clients about the different fraud schemes that have sprung up. We also give them tips on how to remain cybersafe, secure and smart during these times,” he said.

Jocson said BPI had also taken a technical precautionary measure by enabling security operations centers to work around the clock to detect potential threats. “We try to detect abnormal behaviors. We track close to 22,000 events per second—every ATM (automated teller machine) withdrawal, log on, and so forth and we have analytics to track any aberrant behavior,” he said.

Even as BPI continuously employs world-class tools, methods and processes to ensure the security of clients’ account information, Jocson reminded the public that creating a culture of cybersecurity was a shared responsibility between banks and its clients. This means clients must do their part in improving online safety and security by adopting basic cybersecurity habits in their everyday transactions. INQ

Read more...