- Ways to Bank
- Online
- Cybersecurity
- Social Engineering Attacks
What are the types of social engineering tricks?
Phishing
A type of social engineering attack wherein an attacker attempts to trick you into giving your account information such as log-in credentials, bank account information, or security information such as the One-Time PIN (OTP).
If you receive an email urging you to “verify/update” your account to prevent it from being deactivated, ignore it! The sender only wants to steal your information.
Smishing (SMS Phishing)
Smishing is a combination of “SMS” (short message services, better known as texting) and “phishing”. When cybercriminals “phish” they send fraudulent emails that seek to trick the recipient into opening malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email.
If you receive text messages warning you about suspicious activity on your account and telling you to click on an embedded link to update or secure your account, ignore the message and block the sender immediately.
Vishing (Voice Phishing)
Vishing (voice or VoIP phishing) is an electronic fraud tactic wherein individuals are tricked into revealing critical financial or personal information to unauthorized entities. A vishing attack is conducted by voice email, VoIP (voice over IP), landline, or cellular phone.
Have you ever received a call from someone claiming to be a representative of the bank and asking for your confidential account details like OTP and password for verification or updating? This is a scam. Do not fall for this trick.
Spoofing
Fraudsters “mask” their identity by sending messages and making them appear to be coming from a legitimate organization or company, such as a bank or a telecommunications provider. The perpetrators will then try to phish for personal and sensitive information.
Sim Swap / Upgrade Scam
If a stranger contacts you, tells you that he or she is a representative of a telco company, and offers you a SIM upgrade, do not entertain. It may be an attempt to hijack your phone to gain access to services linked to your mobile number, including security protocols and verification for your bank accounts, money transfers, and related transactions. Always be vigilant in protecting your online accounts, SIMs, and devices used to access your bank accounts.
Immediately contact your telco provider if you suspect a SIM swap scam.
Spam Email
Spam is the electronic equivalent of the “junk mail” that arrives in your mailbox. Spam emails are sent out in bulk by spammers and cybercriminals who are looking to run phishing scams in order to obtain passwords, credit card numbers, bank account details, and more or spread malicious code onto recipients’ computers.
Here are some tips to help you reduce the amount of email spam you receive:
- Set up at least one private and one public email address.
- Never respond to any spam.
- Think before you click “unsubscribe” on links in emails that come from unknown sources as it may be fake and actually increase the amount of spam you receive.
- Keep your browser updated.
- Use anti-spam filters.
Malvertising
Derived from “malicious” and “advertising”, scammers inject malicious code into legitimate online advertising networks. The code typically redirects users to malicious websites and would later on damage the system. They can now gain access to sensitive information.
Spear Phishing
Spear phishing targets specific individuals, organizations, or businesses. And it happens when an email sender pretends to be someone you know or trust, with an urgent request for information. Sometimes they may also ask you to install malware on your computer.
Always verify the identity of the sender, even if they seem to know a lot about you, and especially if they have unusual requests. Think before you send any data or information. Ask yourself, Why is there an urgent need to take action?
Whaling
This is a variant of phishing. It is also called CEO fraud, and the scammer usually pretends to be the CEO or a senior executive of an organization in order to steal money or information, or gain access to computer systems to wreak havoc.
Don’t overshare on social media. You never know who can make use of your photos and posts to gain enough information to impersonate you, or learn how to manipulate you in some way. A well-thought verification process for requests for data or money transfers can be useful.
Reminder
We will never contact you to ask for your OTP and other confidential information, or confirm details of your account for deactivation. Remember, OTPs are used to complete transactions.
If you did not initiate the transaction indicated in the SMS, the transaction is fraudulent and should be reported immediately.
For inquiries and comments, send us a message or call our 24-hour BPI Contact Center at (+632) 889-10000.
BPI is a proud member of