Photo from freepik

Cases of online fraud and cyber theft have made headlines in the past weeks. In fact, over 40,000 online fraud complaints were received by the Bangko Sentral ng Pilipinas (BSP) from 2020 to 2021. These situations serve as a reminder for consumers to vigilantly keep their accounts and transactions secure, especially as digital platforms are increasingly used for banking and payments in the new normal.

A key in keeping transactions secure is strong and unique passwords. According to a primer developed by the Financial Consumer Protection Department of the BSP, a strong password should be long and contain a combination of characters. It should not contain personal information such as birthday, name of partner or child, or mobile number.

Consumers are also recommended to make different passwords for each of their accounts in order to prevent all accounts from being compromised by a hacker or phisher.

Moreover, Credit Information Corporation, on its website, tells consumers to avoid pattern combinations. “Instead, think of a long, complicated, words-number-character combination for your password that will make not make sense but is guaranteed unique,” CIC wrote.

Having strong passwords, however, is not enough to keep one’s online transactions secure.

Consumers must beware of suspicious links, especially those that are used in online fraud. These attacks typically come in the form of phishing emails and spoofed websites.

Phishing attacks often start in unexpected emails asking for one’s personal information, bank account or credit card details, or passwords. These emails might deceitfully advise consumers to “update” their account lest their account might be deactivated or due to a “detected unauthorized transaction.”

“The email looks legitimate but often has a generic greeting, grammatical errors, sense of urgency, and no verifiable contact information of the sender,” BSP wrote in a primer on frauds and scams.

To avoid getting attacked by phishing, keep in mind that banks or financial institutions will never ask for personal information, even the one-time pin (OTP), through email. Such suspicious emails cannot be trusted, so do not click the links or attachments in these emails.

Unless the email site warns of phishing beforehand, one way to determine if such email is a phishing attempt is to check the address used by hovering — or placing the cursor (but not clicking) — on the address. If it consists of numerous characters or looks longer than a typical address, consider it suspicious.

“Always call your bank or financial institution directly to verify if an email is legitimate”, BSP added.

Not only do scammers use email to trick consumers, but they also use websites that look legitimate. Personal information, bank account, or credit card details are also sought by these websites, which are usually linked to phishing emails or other fake websites.

To avoid such attacks, BSP advises, always check the address bar or properties of a website to verify if it is legitimate. Check the website address for https:// at the beginning and a visible closed padlock icon. Be familiar as well with legitimate addresses and domain names, since fake websites have addresses that mimic banks, popular brands, and companies. — Adrian Paul B. Conoza

RELATED ARTICLESMORE FROM AUTHOR