As cybercriminals become more adept at phishing, or stealing credentials to access bank accounts, bank clients are urged to guard against new fund transfer scams.

In support of Bank Marketing Association of the Philippines’ (BMAP) #FightFraudTogether information campaign, Security Bank warned of phishing emails disguised as fund transfer notifications from Instapay or Gcash or online banking emails.

“Scams like this work by telling customers they paid a certain amount to an entity. Those who are unaware of this scam are then tricked into clicking the link provided to them and entering their confidential information. Those links may direct you to a fake bank website designed to steal data and money,” Security Bank said.

When using a computer, the bank advised account holders to hover over the link or button for a preview of the actual URL provided in the email before clicking and pursuing a transaction.

Phishing is a type of social engineering attack. In most cases, a cybercriminal pretends to be an employee of the bank and emails customers about “problems” with their account.

Customers are then prompted to click on a link, leading them to a fraudulent website where they can enter data such as account or credit card number, online banking details, and a one-time password (OTP). This allows fraudsters to gain access to their confidential information. Fraudsters then immediately change the password to take full control of the customer’s account and use it to…

Read more…