Whenever you receive an SMS, chat message, or email from an unknown sender, be on guard. Protect yourself from phishing, smishing, and vishing scams, and keep your personal details and your money safe. In case you’re not familiar with these scams, here are some important things to know so you won’t fall victim.
Phishing, Smishing, and Vishing: What are they?
One thing that you need to know right off the bat is that phishing, smishing, and vishing are all scams that cybercriminals use to obtain sensitive information from their victims, like their credit card information and account passwords.
In a phishing attack, cybercriminals will pose as legit financial institutions or trusted organizations and send you an email, chat message, or SMS with an urgent message so you’ll be tricked into clicking a link. The link usually leads to a site that will install malware or ransomware to your device or reveal your sensitive information.
Smishing, or SMS phishing, is a phishing attack using mobile text messaging. Vishing, on the other hand, is done through phone calls.
Cybercriminals may pose as bank representatives or even law enforcement and get you to disclose your sensitive financial information. To do this, they often use voice over internet protocol (VoIP) so potential victims will see a trusted caller ID. The goal is to steal your money and identity.
Red Flags: How to Spot a Phishing Scam
Always be wary or skeptical when people ask for your information.
Just remember: If you did not initiate the call to your bank or to any other relevant agency or office, you should never divulge any personal or financial information over the phone or via email, SMS, or any messaging applications. Anyone calling, texting, or emailing you out of the blue and asking for sensitive personal or financial information should immediately ring alarm bells for you.
Cybercriminals also create a sense of urgency. They will tell you that your account will be suspended or penalized if you don’t avail the offer or update your account, or they will even threaten you with arrest warrants.
Don’t fall for it. Keep your calm and don’t give out your information. Conduct your own investigation. Call your bank’s official contact numbers and speak to authorized staff or representatives directly.
Received a friend request online from someone you don’t know? Don’t accept these connection requests. Cybercriminals may be behind these accounts. Once you accept their request, they can now glean information from your social media accounts and use this to phish information from you.
Be wary of friend requests from people you know as well. Cybercriminals can also clone social media accounts and target people from their victim’s friends list. Warn the person being impersonated for them to be aware and inform his/her family, relatives, and friends.
How to protect yourself from Phishing Attacks
Cybercriminals are everywhere, and they can attack both individuals and enterprises. These days, it pays to be extra careful and be more vigilant. Avoid being a phishing victim by doing these things to make your online activities safer.
Be careful what you click on
Links in trusted websites, emails, and messages are alright. But from random senders or those who spoof legitimate companies? Definitely not.
To check if it’s a secure site, hover on the URL. Look for the padlock symbol. The URL should also start with https://. This means that the website is secured with a Secure Sockets Layer (SSL) certificate. Ensure that the certificate is valid this can be seen in your browser.
Furthermore, banks will never ask for your confidential information via email, SMS, or chat message. So don’t click on any links asking you to update your account or your personal information. Instead, just type the website address directly on your browser’s address bar to see if it’s the legit site.
Bad content is a big red flag
Most phishing emails don’t have your name on it and have badly written content, from the email subject line to the body of the email itself. So look out for greetings like “Dear Customer” or “Dear Valued Client”, spelling mistakes, wrong grammar, and low-quality images and logos. When you receive this kind of email, delete it right away.
Beef up your online protection
Most internet browsers have anti-phishing toolbars which you can download for added protection against phishing attacks. They can issue an alert when you visit a possible or known phishing website. The great thing about this is that installation of anti-phishing toolbars is free.
Aside from anti-phishing toolbars, make sure to use firewalls as well. A desktop and a network firewall can greatly reduce your odds of falling victim to hackers and your computer or network being infiltrated by phishers. Make sure your antivirus software is also updated.
Regularly check your online accounts
Additionally, make sure to regularly log in to your online accounts and update your passwords. Set unique passwords each time, preferably something that won’t be easily looked up online, like your date of birth, nicknames, pet’s names, etc. Avoid reusing passwords across different accounts.
Activate the security features of your online banking account, like face or biometrics login, OTP, and card lock, just to name a few.
It’s also important to choose a bank that prioritizes customer safety. RCBC’s enhanced security features provide an additional layer of protection for its customers. Through its device registration and biometrics login, you’re assured that you can only access your online bank account when using your own registered devices. The bank also allows clients to lock and unlock their accounts conveniently, anytime using the app.
And if you ever receive any phishing emails and text messages, you can report it right away to firstname.lastname@example.org or 8877-RCBC (7222).
Use your cards properly
When paying with your card, never lose sight of it, especially in restaurants or gas stations. For card payments, establishments will simply bring the card terminal to you or ask you to go to the cashier to swipe the card.
Don’t lend your card to anyone or leave it just lying around. Once fraudsters get your card number and CVV, they can already use it for different transactions.
For online transactions, you usually get a One-time Password (OTP) before the transaction becomes successful. It is a unique set of numbers that is sent to your registered mobile number that you need to key in to authorize the transaction. It is an additional layer of protection that ensures only you can authorize the transaction to proceed. The bank never calls to ask for the OTP. If you receive any calls asking for your OTP, that person is most likely a fraudster.
Don’t give away your personal information
These days, information about anyone can be looked up online. So be careful about what you share online. Never share any personal information, especially information about your finances, because cybercriminals can use this information to hack into your accounts.
Also be careful with online forms that you fill out. Read their data privacy agreement first and make sure that the site is secure and encrypted.
When in doubt about its safety or legitimacy, just leave the site or delete the suspicious email or SMS.
Always be wary whether you’re using your laptop or your mobile phone, because cybercriminals can attack anytime. Keeping your accounts safe and secure is a shared responsibility. While banks and other institutions invest in enhancing their data security, it is also the responsibility of clients to never share their personal information.
At the end of the day, trust your guts. When in doubt, don’t click.