Phishing refers to the different forms of online scams that attempt to “fish” for your personal information, which can include usernames and passwords to online accounts and banking details.
Similar to casting a net to catch fish, phishing will always send scams very often to different emails hoping that one day a victim may unsuspectingly clicked or take the bait.
More often than not, a phishing attempt will utilize tactics that employ a variety of technologies combined with storytelling and a fake narrative. A phishing site, for example, is a fake website that mimics a trusted entity, such as a bank, a recognized software company, or an online payment platform, among other organizations.
Here are some of the sources for phishing messages:
- Email platforms
- Phone calls or voice messages (also referred to as “vishing”)
- SMS or text messages (also known as “smishing”)
- Social media sites and messaging platforms (examples: Facebook, Instagram, Twitter, etc.)
- Website ads
- Misleading anti-virus software and other unsecure apps
Common types of phishing attacks
Here are some of the ways a phishing message weaves a narrative into getting a fraud target to provide sensitive information:
Suspicious Activity. The message describes some suspicious activity, such as multiple failed log-in attempts on certain online platforms, which are often made to look legitimate through a phishing website.
Problems with Billing Information- The message claims that they’re encountering problems with your account and payment information. It may ask you to verify or validate specific personal info.The message can also include a fake invoice demanding clarifications regarding your immediate payment.
The Invitation- The message includes an invitation to click on a link to complete a transaction or go straight to their website or app to register. Phishing links can lead to harmful downloads like malware.
Bogus Prizes- The message can also say you’ve won a prize, reward, reclaimable points, or eligibility for government refunds.The message can also offer “free” coupons, bags, or credits.
What to do when targeted by phishing tactics
When you receive an email, text message, or phone call that seems suspicious, follow these steps:
- Stay calm, collect yourself, and verify the legitimacy of the message and the sender.
- Ask yourself if you have any connections to the account, company, or individual reaching out to you.
- If the answer is no, then report the message to the authorities, delete the message, and block the sender. Otherwise, if the answer is yes, contact the company or organization through a phone number, email, or website that you’re certain is the actual and real one, and not through any contact info found in the suspicious message.
- Do not click any links or download attachments, as these can install malware and other viruses.
That being said, if you’ve still clicked on a fraudulent link, or downloaded an attachment containing harmful software, perform the following steps immediately
- Disconnect from the internet;
- Clear your web browser's cache, cookies, and history, and;
- Perform a full antivirus scan from your desktop or mobile.
If you have responded to a phishing message and have fallen victim to an online scammer,
- If it’s online bank access, immediately change the password through the official website or mobile app of your bank, and;
- Call your bank to report it.
There are different types of prevention depending on modus, so regularly visit the following websites:
Scamproof.ph is an initiative that Metrobank, alongside other premier banks, companies, and organizations, launched to spread awareness about financial fraud, cybersecurity, and the different types of scams. Share your experiences and insights on fraud to improve the community.
Haveibeenpwned.com is a free-use website that aims to help people identify and assess any potential risks that come with their online accounts getting compromised, or any data breaches their accounts may have been involved in as a user.
APWG.org, the website for the Anti-Phishing Working Group–an international organization focused on fighting cybercrime–offers an online venue for people to discuss, share, and report issues of phishing, spoofing, fraud, and identity theft.
Don’t be a victim: protect yourself from phishing
Apart from awareness and practicing caution, there are ways to increase your protection from scammers and fraudsters. Here are some simple steps you can take to prevent falling victim to phishing tactics:
Investing in reliable security and anti-virus software- This ensures that your computer can automatically detect any security threats like malware. Updating your mobile phone’s software can also add another layer of protection against spurious applications.
Multi-factor authentication- This offers a user additional protection against phishing tactics by only granting access to a website or app once the user has fulfilled the requirements of the authentication mechanism. Utilizing this feature serves as another line of defense in the event that a fraudster gains access to your account credentials.
Develop secure passwords- Updating your online accounts’ passwords regularly, strengthening them, and using a password manager are proactive steps that also protect you from phishing tactics.
With the many ways fraudsters and scammers are innovating phishing tactics, it’s just right that you exercise due diligence in protecting yourself. Awareness of these scams and exercising extra care in navigating online messaging platforms and engaging websites can make a large difference in preventing fraud. Take the proactive steps necessary to improve your online security.
Don’t hesitate to contact Metrobank for any questions or inquiries on fighting fraud and protecting your hard-earned money.
