Being a victim of online fraud and account takeover is like having the COVID-19. If you get it, you're not the only one who would be affected. Like the virus that could infect people you have close contact with, being a victim of cybercrime could also put your families and friends in danger. Cybercrime has become another pandemic. As parents work from home and students do online learning, cybercriminals seek vulnerable victims who easily believe their scamming techniques.
In my past story about thousands of IDs for sale online, I asked Roren Marie Chin, the Chief for Public Information and Assistance Division of the National Privacy Commission (NPC), what's the worst that could happen if a person's ID is publicly available online? She said that if your ID with personal information is exposed, it could lead to financial or reputational repercussions, and identity theft is the worst that could happen to you. With your ID revealed in leaks, criminals could easily use your identity to commit fraud like unauthorized purchases using your name.
The same thing could happen if scammers could access your social media username and password. Once they take over your accounts, these criminals could pretend to be you and ask for information or money from people you usually engaged with on your social media accounts. Scammers would target the people you regularly talked to in your messenger apps.
When you click unknown links from your email and text messages, there's a danger that your financial and personal information could be compromised. That one click could cause you an unsurmountable problem and could ruin you financially.
Here are some of the common reasons how scammers could take over your accounts:
1. If your bank account is compromised because you believed in that email saying you need to immediately reply with your username and password to verify your identity, then you have a problem here. A compromised account because of the user's ignorance is not the bank's fault. It's like someone claiming to be your mother who asked for help, and without any verification, you gave her the money. It's not your mother's fault, the same thing when you give scammers access to your financial information. It's not your bank's fault.
2. When you click sponsored posts on Facebook, you need to be careful. I would say this again and again. Many Facebook-supported scams could take over your accounts when you engage with the links the scammers asked you to click. When you see these scams on your Facebook wall, it means the criminals target you because you are more likely to engage with the link they want you to see. When the links redirect you to a page that looks like the Facebook login page, stay away from it. It's a scam. If you log in, you will give the scammers access to your account. Never trust Facebook-sponsored posts immediately. Verify first before engaging with it.
3. Data leak is one of the reasons why scammers could get sensitive information about you. If this happens, you could not do anything about it. You need to immediately report this to the National Privacy Commission (NPC) to guide you on what to do next.
Last month, we informed the National Privacy Commission that an unknown individual had posted sensitive information from what looks like the Department of Environment and Natural Resources (DENR) server. Just recently, someone forwarded me an article from a cybersecurity website that talks about the DENR breach. After weeks of informing them in advance, I hope the DENR had already fixed the issue before it was made public.
What's disturbing about the leak is how our government agencies manage user passwords. Passwords like 1234567, admin, and all-lower-case passwords with eight characters found in the dictionary are common in the alleged DENR system. There is a need for government agencies to craft a password policy and encourage users to use strong passwords to protect the individual accounts and the whole system.
Always be careful when you click links. Never trust sponsored posts on Facebook immediately. Do not send information when you get emails asking you to verify your account by sending your password. Use 2FA to secure your accounts. Use a strong password that's easy to remember but hard to crack.
Below are examples of how scammers use persuasive techniques to trick users into clicking and engaging with them.
