Metrobank campaigns against online phishing
Metrobank provides online banking thru their MetrobankDirect website and has recently step up their campaign against online phishing. I have 4 online banking accounts (BPIExpressOnline, MetroBankDirect, FastNet, & UCPB Connect) but only Metrobank seems to be doing steps to inform their customers.
I received this email from them this week.
There are con artists posing as legitimate businesses who send emails to clients requesting that clients verify confidential information online, such as usernames, passwords, and account numbers. This scam is called “phising” (sic).
What is “Phising?” (sic)
Phising is the act of sending an email falsely claiming to originate from a legitimate source—such as a bank or credit card company—in order to steal clients’ confidential information to commit fraud and/or theft. These email messages usually contain links that, when clicked, leads clients to what appears to be a trusted organization’s website, or which generates a pop-up window, and requests that clients enter confidential personal and financial information.
Metrobank will never send you an email requesting that you verify any confidential information such as usernames, passwords, account balances or account numbers.
These are the suggested tips to avoid and prevent such activity:
- Be wary of emails requesting that you verify personal and financial information online.
- Be wary of clicking links on email messages—avoid clicking on any links on email messages unless you are very sure of the destination. Phishing usually contains links in email messages that upon clicking, will often take you directly to a phony site where you could unwittingly input your personal or financial information.
- Delete suspicious emails without opening them and do not open attachments even if they seem to come from someone you know to visit your bank’s website, type the URL directly onto your browser or use your personal bookmark.
- Be wary of messages that claim they contain “patches” to fix or upgrade your system; no software vendor sends out patches via email—they must be downloaded from the software vendor’s own website.
- Report any suspicious emails to the legitimate originating source for investigation.
- Check for security certificate before entering sensitive information on a website—you can check security certificates by looking for the yellow lock on the lower right of the status bar of your Internet Explorer browser; if the lock is closed, this signifies that the website is encrypted to protect you when you enter sensitive information onto the website. This symbol may only be present when the website is requesting you for your information but unfortunately, even the lock icon can be faked. For further safety, double-click on the lock icon to display the security certificate of the site—it should display the name of the website following “issued to”. If the name doesn’t make sense, it means that it’s a fake or spoofed website.
Of the 4 accounts I have, I am most confident of the measures taken by BPI to secure my account. Though it’s a little of a hassle to personally go to my branch of account to add or enrol a bill or another 3rd party account for fund transfer, at least it does prevent or delay culprits who may have gained access to my online banking account.