Phishing 101: How to spot and avoid phishing
MANILA, Philippines – Philippine banks and other financial institutions are taking stronger and more concrete steps to protect and to educate the public on ATM and card-based fraud and safety, the first of which is migrating from magnetic stripe to EMV chip technology.
However, the public is strongly advised to remain vigilant because as a result, fraudsters have reportedly been refocusing their sights on phishing – which means thieves can still steal money even though they don’t physically have the cards with them.
The difference between ATM and card-based fraud and phishing is that with the former, fraudsters tamper with cards and machines to steal. To counter this, the Bangko Sentral ng Pilipinas (BSP) has already mandated all banks to migrate from magnetic stripe to EMV chip card technology. Banks, in turn, have urged the public to switch their magstripe cards to EMV chip cards as a major step to protecting their accounts.
On the other hand, with phishing, fraudsters gather user information directly from the account holders themselves through dubious personas claiming to be from legitimate and trustworthy entities. It’s usually done through emails, often written in an urgent tone to lure its recipients into clicking into external links and divulging personal information such as passwords, credit card numbers, and bank account numbers without question.
Phishing has become so rampant that it has become a problem in the banking industry. What’s alarming about phishing is that the messages, even the websites that the external links lead to, are built to look as authentic and sophisticated as possible to easily deceive recipients. If you don’t look closely enough, you won’t see the subtle details that give away their true fraudulent nature.
Here are the different ways fraudsters could try to fish your personal information directly from you.
Emails and websites
Email is the most common form of phishing. Although content may vary and landing sites may even use a trusted company logo, phishing emails usually pose as legitimate bank communications and tell its recipients to click through a link in order to verify, update, or activate their account with a sense of urgency. Sometimes, they are even threatening.
Check the URL of the website. The biggest telltale sign that it’s a fake website, no matter how real it looks like, is the URL. Make sure that nothing else comes before the hostname other than https:// and the padlock icon. Double check to see that spellings of the website or company name are accurate, too.
Phone calls and SMS
Phishing happens through mobile, too. Fraudsters posing as bank officials ask for important information such as passwords and account numbers through phone calls and texts.
You can easily verify the authenticity of the phone call or text you receive. If it’s from a generic phone number (the usual 09…) instead of a hotline, where usually the brand name appears as the subscriber, it’s most likely fake. For safety and security purposes, know that banks won’t call or text you and ask for your personal or banking information such as username, password or one time PINs. No matter how pushy, threatening, or urgent they sound, refuse and stand your ground.
In this day and age, phishing happens on social media, too, through private or direct messages. Much like the emails, texts, and calls, these messages are meant to sound authentic so that you will be convinced to share your personal details.
Although the message might look official, just remember that official representatives will never ask for your personal or security information like bank account passwords and PINs.
Don’t be vulnerable. Learn how to spot signs of phishing across different platforms. Report any suspicious messages you receive so you and your bank can work hand-in-hand to ensure your account’s safety. – Rappler.com