Beware of scammers: Two truths and a lie


As the digital landscape evolves, so too do the tactics of cybercriminals, where scams targeting unsuspecting bank customers are on the rise. 

The Bank of the Philippine Islands (BPI) has recently alerted the public to a trend that mirrors the childhood game "Two Truths and a Lie," where fraudsters manipulate personal information to deceive victims and gain access to their accounts.

Jonathan John Paz, BPI Enterprise Information Security and Data Protection Officer, explains that these scams often begin with a call from a scammer who presents three statements—two of which are true and one that is a lie. 

“The scam follows a general pattern. A person receives a call, and the caller proceeds with his or her prepared spiel. It can start with the caller giving your existing bank account. That will be the first truth. Second will be your name, address, and some other personal information. Then comes the lie: the caller is not an employee of the bank and only pretends to be to perform the vishing scheme,” Paz warns.

Among the most common scams is the fraudulent offer to convert expiring bank points into cashback. Scammers will contact victims, claiming that they can help convert these points, but will subsequently request sensitive banking information. BPI is keen to emphasize that points earned from credit card transactions do not expire, and no legitimate bank representative will ever ask for confidential information such as your One-Time PIN (OTP).

Another prevalent tactic involves scammers alerting customers about unauthorized charges on their accounts. They claim that these charges can be reversed by visiting a BPI ATM, leading victims to unwittingly follow instructions that compromise their account security by changing the mobile number linked to their BPI online profile.

This rise in scams is not unique to BPI; the Philippines has seen a wave of similar fraudulent activities across banks and financial institutions. 

Reports indicate that scammers are increasingly utilizing social engineering techniques, preying on the trust of individuals and exploiting their vulnerabilities. In many cases, these scams are meticulously crafted, with fraudsters conducting extensive research on their targets to make their deception more convincing.

The Philippine National Police Anti-Cybercrime Group has reported a significant uptick in cybercrime cases over the past few years, with phishing and vishing scams among the most frequently reported. 

Authorities urge the public to remain cautious, especially with unsolicited communications that request personal information or financial details.

In response to these escalating threats, BPI encourages its customers to utilize the bank’s mobile and online security features. These include activating the Mobile Key, enabling biometric login, linking devices to accounts, using OTPs, and setting up login notifications and email alerts.

“Never share your OTP—the 6-digit code you receive via SMS—with anyone. Cybersecurity is a shared responsibility,” Paz emphasizes. “While we are committed to strengthening our safeguards against cyber fraud, we also urge the public to take proactive steps to secure their accounts.”

Earlier this year, BPI introduced new security enhancements to its mobile banking app, incorporating three new security controls that users can easily activate. 

One of these features is device binding, which acts as a digital lock, ensuring that only authorized mobile numbers and devices can access accounts. This added layer of security is crucial in a time when unauthorized access can have devastating financial consequences.

Moreover, BPI is actively educating its customers about the importance of recognizing red flags in communication. Common warning signs include unsolicited calls from unknown numbers, requests for immediate action, and offers that seem too good to be true. Customers are encouraged to report any suspicious activity to the bank and local authorities immediately.\

As cyber threats continue to evolve, BPI remains dedicated to protecting its customers. However, the responsibility does not rest solely on the shoulders of the bank. Vigilance from account holders is crucial. By staying informed and proactive, customers can help safeguard their financial information against these increasingly common scams.