Bank clients beware! This pandemic, scammers have moved from their usual scheme of sending out threatening “deactivation” emails (also known as phishing) and launching fake COVID donation drives to sending emails and texts that supposedly warn clients of unauthorized transactions in their credit or debit cards.
These emails or texts would go as far as telling cardholders what items were purchased, where, and when they were bought. But here’s the catch, for the cardholder to reverse such transaction, he or she will have to click a link to an “official” refund page. This link then leads to a FAKE landing page, where clients’ personal bank details are going to be “phished” or stolen, if provided.
Truth is, opportunistic scammers are learning how to commit crime by adjusting their schemes to how banks do their advisories. Phishing emails and texts have recently become so professionally written that clients really need to spot fake links and websites than just simple grammatical errors.
“There is no reason to feel helpless. You can outsmart scammers by taking our reminders to heart. If bank clients just go back to the basics of what their banks will never do or ask from them, phishing and voice phishing or vishing scams become easy to spot,” BDO Unibank, Inc. said in a statement.
The Bank believes that scammers will run out of opportunities if all people are armed with these basic but very important reminders:
First, banks will never send deactivation threats.According to BDO, banks do not deactivate accounts or ask clients to “verify” via email, text, or call. Banks will also never send a link, not even to a “refund” page as now being circulated by scammers. These will lead to a fake website where clients’ personal information will be stolen.
Second, banks will also never ask for personal bank details through an embedded link. Clients and all cardholders should be reminded that banks will never ask for card details, such as account number and the CVV (3-digit number at the back of the card). These important details will allow scammers to make unauthorized transactions using other people’s cards.
Third, BDO said, banks will never ask for login details and, more importantly, the One-Time PIN (OTP). An OTP is sent by a bank once clients successfully log in using their username and password. This is the bank’s final security measure. Providing these details to scammers is like handing them access to money and credit.
“As people continue to stay safe at home to protect themselves from the virus, so should they continue to be vigilant with their online activities to keep their money and personal information protected from scammers,” the bank added.