HAVE you ever received an e-mail from your bank or credit card company that looks like the “real thing?”

The Bangko Sentral ng Pilipinas warns the public of circulating e-mails that “phish” from unsuspecting consumers: you receive a “real-looking” e-mail from what you think is your bank or credit card company, you give them your financial information (credit card or bank details), and before you know it, your money disappears faster than you can say poof!

According to the BSP Financial Consumer Affairs Group (FCAG), phishing is a common online virus spreading and identity theft method.

The term obviously comes from the word “fishing” — that is, “to fish for information.”

Phishing involves an unscrupulous person sending a fraudulent e-mail message that appears to come from a reputable source.

This e-mail message aims to entice an individual to provide personal and confidential information such as user IDs, passwords, account and Personal Identification Numbers (PINs) that the phisher may illegally take advantage of.

Here are the common characteristics of phishing that the FCAG says we should watch out for:

• Phishing is often accompanied by spoofing.

In a phishing e-mail, a hyperlink is often provided.

When clicked, the hyperlink leads the user to a phony or spoofed website.

It is here that the unsuspecting victim keys in his personal and financial data.

• Phishing is difficult to detect at a glance because it contains official-looking logos and other identifying information from legitimate organizations.

• A phishing e-mail normally starts with a generic greeting, such as “Dear Customer” or “To our valued client.”

Phishers send out millions of messages to randomly generated e-mail addresses hoping that people who can relate to the message would reply to them.

Banks, on the other hand, personalize their greetings and indicate your full name when sending official correspondences.

• Most phishing e-mails include threats requiring immediate action.

They contain phrases such as “Verify your account, “Update your account,” and “Failure to do so will result in account suspension.”

• Phishing scams always request for your personal information.

Most legitimate banks will not demand this information online or through e-mail.

• Phishing e-mails frequently misspell words or construct grammatically poor sentences.

The FCAG reminds us that professional organizations such as banks usually have a team of copy editors who proofread and edit advisories/notices before they send them out to the public.

The FCAG has given us a list of what-to-dos in case we receive suspicious-looking mails:

• Do not reply to it.

Just ignore and delete the message.

• Do not click any links in the message.

Instead, type the company’s website address directly on your browser or use your personal bookmarks when going to certain sites.

• Check if a website is secure by checking if the URL begins with an “https” and if a closed padlock icon is displayed on the browser’s status bar.

• Be cautious about opening any attachment or downloading any file from e-mails that you receive.

Scan files for viruses.

• As much as possible, do not disclose personal or financial information being asked through e-mail.

• If you think you have given out information to a phisher, report the incident immediately to the company that was spoofed.

• Routinely review bank and credit card statements for unexplained charges you did not initiate.

• Change the passwords and PINs of all your online accounts that you think may have been compromised.

If possible, close those accounts.

The FCAG further warns us that phishing is not exclusive to e-mail form: scammers have become more resourceful and seek out victims through cell phone or SMS, chat rooms, fake banner ads, message boards and mailing lists, fake job search sites and job offers, and fake browser toolbars.

Vigilance is the best way to avoid being hooked by phishing.


Note: You may e-mail us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Past articles may be viewed at http://speakingout.ph/speakingout.php

Add comment

Security code

Latest comments