Work-from-home Pinoys are under attack

Published August 13, 2020, 12:20 PM

by Art Samaniego

Amid the pandemic, Filipino Internet users and local businesses are once again targeted by scammers. Filipino cybersecurity practitioners told MB Technews that many successful hacks against users and businesses were not reported as big businesses and individuals view being breached as a stigma on their reputation. With protecting their image as the top priority, victims of cybercrimes chose to keep silent.

Here are some interesting cyberattack figures: In 2019, Phishing accounts for 90% of data breaches. According to Webroot a cybersecurity solutions provider, around 1.5 million new phishing sites are created every month. A study conducted by Verizon found out that more than 30% of phishing messages get opened by targeted users and 15% of people successfully phished will be targeted again (and could be victims again) within the year.


In order to convince you to reveal personal information such as passwords and credit card details, phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, or a message from your friend on Facebook.

While employees are working from home and students are doing online learning, phishing attempts using Facebook have tremendously increased to a new record high. Scammers have become sophisticated that they could trick anyone to click a link that points to fake websites and get the users’ credentials.

But while the top reason for breaches is Phishing, some companies readily blame this method when successful cyber attacks happen without investigating further, placing the blame on users.


Joey Regala, President of the country’s Information Security Officers Group an organization of information security leaders in the financial industry in the Philippines reminds internet users to be careful. “Phishing emails, text messages, and even messaging apps often tell a believable story to trick users to click a link or open an attachment,” Regala said.

Phishing attempts may:

  1. say they noticed suspicious log-in attempts using your account
  2. claim there’s a problem with your account
  3. claim that your account will be disabled if you don’t log in
  4. say you must confirm some personal information
  5. want you to click on a link to make a payment
  6. say you’re eligible for a promo

Here are some real life examples of Phishing attempts in the Philippines:

This looks like a legitimate email from a local bank, but checking the link will show a different URL that directs you to a fake site of the bank.
Always check the URL of the bank, again, check the URL before submitting any information.
The page looks like the real website of UnionBank but this is part of a phishing campaign by hackers against those who are working from home.

If scammers tricked you to give your personal details, it is not the bank’s fault but yours. You need to be extra careful when clicking links and opening files.


Secuna co-founder and cybersecurity practitioner AJ Dumanhug said that scammers now are using advanced methods and techniques to trick users. Here are his suggestions to avoid being a victim of phishing attacks: “First, do not trust HTTPS and check the domain carefully. Cybercriminals can imitate a legit website that looks like the real thing. Attackers can use Homograph attack to imitate a domain and use “Let’s Encrypt” to have the HTTPS in the URL. Second, do not trust any email as scammers can imitate any email that would look like a legitimate email from your trusted institutions. ( We have tried this and the result is scary — Art). And, third, do not download and open any media file type such as JPG, PNG, PDF, etc. Cybercriminals can now inject malicious script in these file types, that’s the reason why we really need to be careful, lastly please do install AntiVirus and update it regularly.

Cyber Security PH CERT co-founder Milo Pacamara reminds users that sometimes even just opening a document or applications posted in the cloud or downloading locally can do serious harm. “Some files and links are designed with embedded scripts to run silently upon click and execution to run malicious command in the background and could scrape your phone or computer with vital data” warned Pacamara.

If you think you’re a victim, file a complaint thru the PNP Anti Cyber Crime Group at or to the National Bureau of Investigation (NBI) Anti-Cyber crime division at