Got an email from my online banking provider a while ago:
We have received reports that an email has been circulated by unscrupulous individuals asking for account details from our Metrobankdirect clients.
Please be advised that Metrobank will NEVER ask for your personal information, account numbers or passwords via e-mail. If you have responded to any e-mail that asks for such information, please perform the following immediately:
(1) log-in to the metrobankdirect website http://www.metrobank.com.ph/ to change your password;
(2) report the incident to [email protected]
Of course, I’m not one to just haphazardly click on links or send details over emailed or web-forms. However, I do imagine that majority of web and email users would more than easily succumb to such phishing schemes, especially if they think these are either harmless, or that bad stuff would happen to their acounts if they did not comply. These types of social engineering tactics used to affect only those in the west, in terms of the danger of losing your financial information to unscrupulous individuals/groups. After all, only a handful of Filipinos buy stuff online. And only a handful of Filipinos use the Internet to do banking transactions.
However, it seems that phishers are now directly targeting Filipino depositors and cardholders–such as what had been done with clients of one of my banks. So this means there are already local operators of these phishing scams, or perhaps counterparts of foreign phishers, who hold local bank accounts. This way, they can more easily transfer funds from accounts they gain access to.
I, personally, did not receive such an email, though. But I do know what the S.O.P. would be when one gets such messages: report the email immediately to your bank’s management, and also to the authorities.