Got an email from my online banking provider a while ago:
We have received reports that an email has been circulated by unscrupulous individuals asking for account details from our Metrobankdirect clients.
Please be advised that Metrobank will NEVER ask for your personal information, account numbers or passwords via e-mail. If you have responded to any e-mail that asks for such information, please perform the following immediately:
(1) log-in to the metrobankdirect website http://www.metrobank.com.ph/ to change your password;
(2) report the incident to help@metrobank.com.ph.
Of course, I’m not one to just haphazardly click on links or send details over emailed or web-forms. However, I do imagine that majority of web and email users would more than easily succumb to such phishing schemes, especially if they think these are either harmless, or that bad stuff would happen to their acounts if they did not comply. These types of social engineering tactics used to affect only those in the west, in terms of the danger of losing your financial information to unscrupulous individuals/groups. After all, only a handful of Filipinos buy stuff online. And only a handful of Filipinos use the Internet to do banking transactions.
However, it seems that phishers are now directly targeting Filipino depositors and cardholders–such as what had been done with clients of one of my banks. So this means there are already local operators of these phishing scams, or perhaps counterparts of foreign phishers, who hold local bank accounts. This way, they can more easily transfer funds from accounts they gain access to.
I, personally, did not receive such an email, though. But I do know what the S.O.P. would be when one gets such messages: report the email immediately to your bank’s management, and also to the authorities.
7 comments
“These types of social engineering tactics used to affect only those in the west, in terms of the danger of losing your financial information to unscrupulous individuals/groups.”
Not true. A lot of Filipinos with accounts in Citibank have been attacked by these scams.
“Not true. A lot of Filipinos with accounts in Citibank have been attacked by these scams.”
Oh yes, I forgot the foreign banks.
Good thing I only use bookmarks or type the actual address of the online banking site.
For Firefox users, I think there is an anti-phishing extension they can use.
asking account number and password is an obvious way of collecting personal information. Trojan and Viruses collect information without our knowledge on its activities
Unfortunately, not everyone is aware of the dangers of clicking email links or filling in web forms without adequately checking the authenticity of the email/site.