The National Bureau of Investigation (NBI) on Tuesday, March 23, warned the public against entertaining e-mails purportedly sent by the agency.
NBI Cybercrime Division (NBI-CCD) Chief Victor V. Lorenzo said a number of individuals have received e-mails from nbi.gov.ph in what he observed to be apparent phishing attempts.
Lorenzo said his office will investigate these incidents.
Phishing is a cybercrime where perpetrators attempt to get personal information from their victims to gain access to their online accounts, including bank information.
Perpetrators call or send messages purportedly from legitimate institutions and ask victims for their personal information or advising them to go to websites where they can input their details.
“You do not put in your personal details especially mga bank information mo in any site kahit sa government site and at the same time financial institutions (Do not put in your personal details, especially your bank information, even in government websites and in financial institutions),” Lorenzo told the Manila Bulletin in an interview.
“Doon lang naman magiging successful ang phishing kung makuha nila personal information mo at yung financial details (Phishing will become successful if those behind it will be able to get your personal information and financial details),” he pointed out.
“We will look into this kasi ginagamit yung nbi.gov.ph at baka may mga nabiktima (because it used nbi.gov.ph and there could be victims),” he said.
“So titingnan muna namin kung ano ang mekanismo na ginagawa nila. We have to determine kung ano ang motibo, financial gain ba yan or to promote a specific software or what (So we will look into what mechanism they are using. We have to determine their motives, if it is for financial gain or done to promote a specific software or what),” he added.
He recalled that he encountered phishing activities dragging the name of the NBI in 2019 but since then he has yet to receive complaints from any person who fell victim to it.
He also assured that that the actual nbi.gov.ph domain can’t be used in phishing activities nor has anyone gained illegal access to it.
“Inii-spoof lang nila yung nbi.gov.ph (Those involved in phishing are just making a spoof of nbi.gov.ph,” Lorenzo explained.
Even if anyone could gain illegal access to the NBI domain, the perpetrators cannot even use nbi.gov.ph to retrieve personal information from their victims nor have their victims input their personal details there.
“Hindi ka pupunta sa network or server ng NBI kahit nai-spoof mo yung nbi.gov.ph. Pupunta ka, hindi mo lang nakikita, sa ibang domain na controlled ng mga scammers para makuha nila yung information na i-input mo (Victims will not go to the network or server of the NBI even it is spoofed. You just don’t notice it but the victims are made to go to another domain controlled by the scammers where they can get the information that have been filled up by their victims),” he added.