How to avoid phishing scams in times of COVID-19


While parents work from home and children learn online, cybercriminals also stay home to look for more victims. Scammers have capitalized on the pandemic to target more victims to collect their personal information and eventually steal from them. By employing phishing methods, these internet bad guys use devious techniques to entice users to click or engage with cleverly disguised emails and other forms of communication.

Phishing is a practice of communicating via email, call, or a message where the sender pretends to be someone you know or someone from a reputable company or your bank asking you to act on an urgent request or claim a reward immediately. The purpose of phishing is to get your sensitive details such as passwords, debit and credit card numbers, mobile numbers, and other personal information that could be used against you in the future. It could also trick you into clicking on a malicious link that would download malware to your computer. Once fraudsters have your information they can even take over your online account or mobile number via a SIM swap scam to make sure they can control your transactions.

In January 2021, Google has registered 2,145,013 phishing sites, 27% more than the 1,690,000 recorded in January 2020. Scammers use these phishing sites to create fake pages of banks, social media platforms, and other online services that need login and password access.

When you get an unsolicited call, message, or email, you need to check the source carefully, and if you're in doubt, don't engage with the sender. This could be a phishing attempt.

Since checking the source could be difficult for many internet users, you need to check the email itself to know if it is legitimate or a phishing attack.

Here's how to spot a phishing email.


Metrobank phishing attempt

1) It's a red flag if the email creates a sense of urgency.

2) If the email is sent from a free email domain, it's a scam. Your bank or credit card company will never send an email from yahoo or Gmail accounts

3) Check the FROM field of the email carefully. Don't touch it if it looks like your bank's email but has a slight iteration or the domain is misspelled.

4) The email is poorly written. Your bank will not commit simple grammatical mistakes in their emails. (see arrow 1)

5) The email includes suspicious attachments or links. The link may look like a legitimate bank's URL, don't click. Just hover your mouse about the link (see arrow 2). Now, check the lower-left corner of your browser. You will see there the actual URL of the link in your email(see arrow 3)

Remember: Metrobank will NOT initiate calls, SMS, emails or chats to ask for your bank account details.

When in doubt, validate requests and offers by sending a message via Metrobank’s official Facebook Messenger or @Metrobank Twitter account before you give out any information.

For suspected fraud, call Metrobank Contact Center at (02) 88-700-700, 1-800-1888-5775, or email them at [email protected] using “Report on Possible Fraud” as the subject. Visit https://metrobank.com.ph/learn/fight-fraud for more fraud tips, news, and advisories.

If you clicked the link or opened the phishing email attachment, it is not your bank's fault. You will never get a refund from your bank because you unknowingly fall victim to a scam.