Metrobank provides online banking thru their MetrobankDirect website and has recently step up their campaign against online phishing. I have 4 online banking accounts (BPIExpressOnline, MetroBankDirect, FastNet, & UCPB Connect) but only Metrobank seems to be doing steps to inform their customers.
I received this email from them this week.
There are con artists posing as legitimate businesses who send emails to clients requesting that clients verify confidential information online, such as usernames, passwords, and account numbers. This scam is called “œphising” (sic).
What is “œPhising?” (sic)
Phising is the act of sending an email falsely claiming to originate from a legitimate source””such as a bank or credit card company””in order to steal clients’ confidential information to commit fraud and/or theft. These email messages usually contain links that, when clicked, leads clients to what appears to be a trusted organization’s website, or which generates a pop-up window, and requests that clients enter confidential personal and financial information.
Metrobank will never send you an email requesting that you verify any confidential information such as usernames, passwords, account balances or account numbers.
These are the suggested tips to avoid and prevent such activity:
- Be wary of emails requesting that you verify personal and financial information online.
- Be wary of clicking links on email messages””avoid clicking on any links on email messages unless you are very sure of the destination. Phishing usually contains links in email messages that upon clicking, will often take you directly to a phony site where you could unwittingly input your personal or financial information.
- Delete suspicious emails without opening them and do not open attachments even if they seem to come from someone you know to visit your bank’s website, type the URL directly onto your browser or use your personal bookmark.
- Be wary of messages that claim they contain “œpatches” to fix or upgrade your system; no software vendor sends out patches via email””they must be downloaded from the software vendor’s own website.
- Report any suspicious emails to the legitimate originating source for investigation.
- Check for security certificate before entering sensitive information on a website””you can check security certificates by looking for the yellow lock on the lower right of the status bar of your Internet Explorer browser; if the lock is closed, this signifies that the website is encrypted to protect you when you enter sensitive information onto the website. This symbol may only be present when the website is requesting you for your information but unfortunately, even the lock icon can be faked. For further safety, double-click on the lock icon to display the security certificate of the site””it should display the name of the website following “œissued to”. If the name doesn’t make sense, it means that it’s a fake or spoofed website.
Of the 4 accounts I have, I am most confident of the measures taken by BPI to secure my account. Though it’s a little of a hassle to personally go to my branch of account to add or enrol a bill or another 3rd party account for fund transfer, at least it does prevent or delay culprits who may have gained access to my online banking account.
10 comments
You might wanna try HSBC’s online@hsbc Personal Internet Banking service. Security is top-notch and functionality is second to none.
Check it out!
I second what Manila Office Worker just stated. HSBC already had those security initiatives even before phishing became one of the mainstream online scams.
Kudos to Metrobank for their effort! 😉
Btw, Abe, do you Metrobank’s mobile banking service?
@ Manila Office Worker
Actually I am using online@HSBC alreayd to check on my credit card and I like it a lot.
@ Information Security
I haven’t tried those actually. Will check with my branch and enrol on that service next time.
Another way they can steal your username and passwords is on using keyloggers… please use onscreen keyboard from xp… need proof I send u email then auto install it, whatever you type I can see it through keylogging softwares
Hello!
WebSite Subject:SpyPhone
You Visit A My WebSite:
http://www.powerpronet.net
casus telefon, telefon dinleme, dinleme cihazi, ortam dinleme, tr dedektif, özel dedektif, mesaj bildirim
casus telefon, telefon dinleme, dinleme cihazi, ortam dinleme, mesaj bildirim
mirc, chat, sohbet, mirc indir, irc komutları
casus telefon dinleme cihazı
telefon dinleme cihazları ses kayıt cihazı