Congratulations, you won PHP 1M! Please send me your OTP

If you will send me your OTP, that means you have been scammed.  

In moments like these, urgency replaces doubt, and the more personal or emotionally charged the message becomes, the more likely people are to trust the voice on the other end of the line.  

Behind these urgent calls and too-good-to-be-true scenarios lies a growing threat in digital banking: vishing, a type of scam conducted through phone calls where criminals impersonate legitimate institutions to extract sensitive financial information.  

As digital banking continues to evolve, fraudsters are also becoming more sophisticated in bypassing security systems by targeting a more vulnerable point: human emotion.  

Scammers typically create scenarios involving fear, urgency, or excitement. Victims may be told that their accounts have been compromised, that a family member is in danger, or that they have won a prize. In all cases, the goal remains the same: to pressure individuals into revealing one-time passwords (OTPs), passwords, or other sensitive banking credentials under the guise of “verification” or “security checks.”  

As banks strengthen their defenses through multi-factor authentication, stronger encryption, and AI-driven fraud detection, Metrobank cautioned that fraudsters continue to exploit behavioral vulnerabilities instead of technical ones.  

“We are all human, and when a situation feels personal or close to our hearts, we can become vulnerable. Fraudsters exploit these emotions by creating a sense of fear, urgency, or excitement to pressure people into making decisions they normally wouldn’t,” said Digs Dimagiba, Chief Marketing Officer of Metrobank. “This is why customer awareness is critical in preventing fraud attempts from succeeding.”  

Metrobank explained that vishing scams often involve callers posing as bank representatives, government officials, or law enforcement agents.   

The bank stressed that one of the clearest red flags is any request for OTPs or passwords, reiterating that legitimate bank personnel will never ask for such information under any circumstance.  

“Even if scammers already have partial personal information, customers should remain vigilant and never disclose sensitive credentials such as OTPs, passwords, and account numbers,” Dimagiba said.  

Another key warning sign is the use of urgency and fear-based messaging, such as claims that an account has been compromised or that immediate action is required to prevent financial loss.  

“These tactics are designed to pressure customers into making rushed decisions,” Dimagiba added. “The moment urgency replaces verification, risk increases significantly.”  

Metrobank advised customers to immediately end suspicious calls and verify concerns only through official banking channels, such as the bank’s hotline, website, or mobile application.  

“A healthy dose of doubt goes a long way,” Dimagiba said. “If you suspect something is wrong, hang up and contact your bank directly through official channels to confirm your account status.”  

For more information on how to protect yourself from scams, visit: https://www.metrobank.com.ph/financial-education/fight-fraud