Tips Fraud Reference

Phishing Email Links

Phishing emails have not only become more common, but they’ve also become much harder to detect. Gone are the days when fraudsters would begin their emails with “Greetings from the deposed Prince of Nigeria,” or decorate it with flashy graphics.

These days, cybercriminals are all about mimicking credible and legitimate companies you trust – your bank, a subscription platform, or even the government. In these fraudulent emails, victims are asked to click on a phishing link that will redirect them to a page duplicating the official website of that company and will ask you to enter your personal information.

So, how does phishing work?

Phishing is a technique used by hackers to steal your data and personal information. They do this by sending you a fake link that directs you to a site that is a near duplicate of a trusted one (a bank, telephone company, subscription site, government agency, etc.) and will ask you to enter your information. Once they have your information, such as your name, birth date, bank details, username and password, they can use it to either log into your online bank account, create a new account, or install malware into your device to steal sensitive data.

Identifying phishing emails

Here are some red flags you should keep an eye out for:

1. Legitimate companies won’t request sensitive information through email.
If you randomly receive an email from a company with a link to a website or file attached in it and they are asking you to provide personal information like your contact information, birthday, or username and password, beware. What you are dealing with is a phishing scam. Companies are taught to specifically refrain from asking for your password, credit card details, bank account details, PIN, or birthday. They also will not send you a link to click.

Metrobank will NOT initiate calls, SMS, emails, or chats to ask for your bank account details.

2. Legitimate companies will usually address you by your name.
Phishing emails are usually generic and have headers like “Dear valued member,” “Dear account holder,” or “Dear customer.” If a credible company requires information about your account, the email will address you by your name and will likely ask you to contact them via phone.

3. Check for spelling and grammar errors.
This is probably the easiest way to recognize a banking fraud email. Emails from legitimate companies will always be well written and proofread before they are sent out. Fraudulent emails, on the other hand, may actually be written badly on purpose. They know those who do not notice the spelling and grammar mistakes are the ones who are more likely to fall for the ploy.

This may not always be the case though. Some of the spelling mistakes may be very difficult to miss. For instance, some hackers have been known to switch out a lowercase i for a capital L, or perhaps double up on letters that are easily missed (e.g.,i, l, s). They can also remove a letter, for instance, metrobank.com/phishng. In this example, the second “I” in phishing was omitted but is barely noticeable.

To be safe, do not click on any links or if you must, check if the link is safe first using our tips below.

4. Companies won’t include links or attachments.
When a legitimate company emails you, it is assumed that you already know their official website. If there is a link or attachment sent to you, it will be used to phish for your information or may contain malware that can harvest sensitive information or even passwords from your device. Never click on a link or download the attachments from these emails.

How to check for suspicious emails

Keep yourself, and your data, secured by installing an anti-virus or anti-malware software on your computer. This software uses real-time scanning technology to go through any links contained in your emails to alert you of potential phishing email links embedded in them.
Use a link scanner. Link scanners are websites and plug-in that allow you to enter the URL of a suspicious link to check if it’s safe or not, without having to load the website on your device. Norton SafeWeb, URLVoid, and ScanURL are some examples.

Help us #FightFraud

Report suspicious emails. If you suspect you’ve been a victim of fraud, call us immediately and report the fraud incident to (02) 88-700-700 or 1-800-1888-5775. You can also email us at customercare@metrobank.com.ph using “Report on Possible Fraud” as the subject.

Metrobank takes fraud seriously. You can be part of the fight. Browse through our articles and learn more about how we can fight fraud together.

Help & Support

How may we help you?

What valid IDs can I present?

No money was dispensed when I tried to withdraw

What should I do if I forgot my username or password?

How do I open an account?

I lost my card. What do I do?

What is card alias?

What investment options are available to me?

How do I apply for a home loan?

Go to FAQ Helpdesk