DOJ tells public how to spot, avoid online banking scams

The Department of Justice (DOJ) has issued an advisory on how the public could spot and avoid online banking scams.


DOJ Office of Cybercrime (DOJ-OOC) Officer-in-Charge Charito Zamora issued the advisory on Tuesday, Oct. 6, “in light of the increasing reports from the general public involving phishing electronic mails (emails), vishing (voice/phone call), and smishing (SMS/text) in relation to online banking.”

“If you receive suspicious emails, text messages, or calls, immediately mark the emails as ‘spam’ and block the number that sent the message or made the call. Moreover, avoid opening or clicking any links, and downloading any attachments from suspicious and unverified senders. It is also advisable to contact your bank immediately and check the authenticity of the email, message, or call,” read the advisory.

Otherwise, Zamora advised victims of phishing, vishing or smishing schemes to “contact your financial institutions immediately and prevent further damage on you account” as well as “to report and file a complaint with the appropriate law enforcement authority for the necessary conduct of investigation.”

“Phishing, vishing, and smishing are forms of cybercrimes in which the perpetrator posing as a legitimate institution, such as a bank, online payment site, or an online commerce site, devises a message through electronic, phone call, or text message, respectively. The objective thereof is to lure individuals into providing sensitive data, such as personally identifiable information, banking and creadit card details, and usernames and passwords,” the DOJ-OOC chief explained.

“In these forms of cybercrime, it is very often that the perpetrators convince and deceive victims that the latter’s immediate action is required. The urgency usually involves a recent system upgrade or a threat of account suspension that requires the victim to click the link provided in the email in order to unlock or reactive their accounts. Clicking the link will redirect the victim to a dummy of the legitimate company’s website, where the victims are asked for their login credentials and potentially credit card information or similar data. Once such sensitive information is obtained from the victim, the perpetrator will access the victim’s account to perform illegal or fraudulent transactions,” she added.

Among the tips she imparted, Zamora told the public that they can spot the suspicious emails or messages when these “contain grammatical and spelling errors.”

Also, Zamora said the emails use “website addresses that resemble the legitimate website but are slightly altered by adding, omitting, or transposing letters.”

Zamora reminded the public that banks will not ask for their one-time password (OTP) and their personal information through emails, text messages or calls.

“Make it a habit to scrutinize and validate the website addresses before entering any login credentials and personal information. Moreover, make it a habit to enter the full website address into your browser address bar instead of clicking the embedded links in the emails you received. Only enter your login credentials and personal information on a secure website,” the DOJ official advised.

Zamora said the public should “not download and use apps from unknown and unverified sources” and only download officials apps of the banks through their official website, Google Play or the Apple App store.

To ensure better security, Zamora advised the constant updating of mobile phone apps, installation of security software in computers and the use of multi-factor authentication in online bank accounts.

“Avoid divulging personal information to anyone you don’t know thru emails, text messages, or calls. Do not even share sensitive information, such as a password and log in credentials, to someone you know,” the DOJ official told the public.

Zamora advised against conducting online transactions using public WIFI, internet cafes or shared computers.

“However, if this cannot be avoided, make sure to properly log-out from the site after (each) online transaction, and clear both browser history and browser cache of the browser you used,” she said.