We lean on online transactions more than ever. Doing transactions online has proven to be more convenient and safer than going out (due to the pandemic). In a highly-digitized society such as ours, online and cashless transactions have become the staple in today’s e-commerce.

However, online scams are on a rapid rise since the lockdown happened in March. Fraudsters have bolstered their efforts in tricking us and they do it at the comforts of their homes. This only makes it harder to catch or track them.

Phishing and spoofing are the most common online scams in the Philippines. Phishing scams alone are up 200% since March. Both of their goals are the same—to lure you in revealing your personal details such as bank account details. However, it’s good to know their difference since technically they’re not the same:

Phishing- Fraudsters lure you to clicking a link through legitimate-looking or sounding emails, text messages, and phone calls which aims to get your personal details.

Spoofing- Fraudsters fool you by using the identity of a legitimate source (disguising themselves as the domain name, phone number, or email address) to get your details.

The main difference between these two scams is that phishing might involve some sort of spoofing to make the phishing attack seem more valid.

To avoid online scams such as mentioned above, it’s actually pretty simple—don’t believe everything you watch or read online. You have to remain vigilant for messages, emails, and phone calls that you are receiving.

We have tips on how to avoid these scams, read more below.

Identify signs of Phishing and Spoofing

Online scams usually invoke fear or intrigue you in their messages so that you’ll take immediate action. These messages trick you into thinking that your account is locked or that you’ve won a raffle in a certain promo.

To avoid these scams, you must identify red flags immediately. Watch out for emails, text messages, and phone calls that:

• Ask for your personal information such as username, password, account number, card number, CVV code, PIN, birthday (Banks would not request these details thru email)
• Have a generic greeting, misspelling, or bad grammar
• Are unexpectedly or not typically received
• Link you to another website (Possibly spoof or fake website)

Check if the website is legitimate and secured

First, check the legitimacy of a website through its URL and its contents. A fake website usually looks outdated, uses old/altered logos, has grammatical and spelling mistakes, and many more. It’s a good idea to search the real website of the merchant first to verify the URL and its contents.

Second, check the URL of the site and see if it’s secured. The URL should start with https:// and not http:// (see screenshot below).

The “s” is extremely important because this indicates that a site is secured and encrypted. In addition to that, there should also be an icon of a closed padlock beside the URL (before or after depending on the browser you’re using).

Don’t share your personal details

To prevent your personal information from being captured by bogus websites, you should not disclose your personal, financial, or credit card information to little-known or suspected websites. If a merchant or seller keeps on insisting to get your personal details, back off the transaction immediately.

Protect your password

It is important to keep your password confidential at all times. You shouldn’t share this with other individuals easily, especially online. Some password tips:

• Do not choose a password that is easily guessed or anything that is highly related (ex. cellphone number, date of birth, anniversary date, etc.)
• Do not write down your password or store it in computer hard-disk, USB, mobile phone or other non-secure devices
• Do not key in your password within view of someone else
• Verify that the URL displayed in the browser is correct before entering your User ID and Password. It should have https:// in it
• Use the latest recommended internet browser so that you have the most updated security features available
• Change your password from time to time
• Change your password immediately if you suspect it has been exposed to others or the moment you suspect any unauthorized access

Check your account and transaction history regularly

Regularly check your transaction history details and statements to make sure that all details are updated and that there are no unauthorized transactions on your accounts. Take note of your last log-in date and time and verify if transactions really took place. If you see suspicious activity or unauthorized access, contact your bank/e-wallet provider immediately.

Protect your computer and mobile phone from viruses and malicious programs

Never visit untrusted websites and download anything from them. These untrusted websites usually carry a virus or malicious programs that may harm your computer and mobile phones. Aside from destroying important data, viruses may run a password sniffing program in the background to capture your password keystrokes without your knowledge.

Be vigilant all the time

You shouldn’t believe everything you watch or read online. That’s why it’s okay to be suspicious when doing online transactions. In fact, we encourage you to be suspicious and remain vigilant all the time. Always verify everything that you receive—from emails, text messages, and phone calls. It also pays to ask a lot of questions especially if you’re transacting with an online seller.

If you already suspect that your account may have been compromised, please inform your bank/e-wallet provider immediately to avoid further harm.

For Security Bank clients, please call our helpline at 8887-9188.