Avoid becoming yet another phishing victim statistic. "Lady" shares her encounter with a dubious caller who fished for her credit card information
MANILA, Philippines - The Anti-Cybercrime Group of the Philippine National Police (PNP-ACG) reported a rise in the number of illegal activities perpetrated using the Internet.
In a Philippine Star report, the top crimes reported to PNP-ACG in violation of Republic Act 10175, also known as Cybercrime Prevention Act of 2012, include online scams, online libel, online threats, identity theft and anti-photo and video voyeurism.
"From computer viruses to Website hacking and Financial Fraud, Internet crime became a larger concern than ever in the 1990s and early 2000s…The use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them is currently on the rise. For example by stealing personal information, that can lead to identity theft," another PNP-ACG report indicates. (http://acg.pnp.gov.ph/main/wp-content/uploads/2013/10/fraud.pdf)
PNP records further show identity theft as the 4th top cyber crime committed with 127 complaints.
Kami.com.ph puts particular interest on the modi operandi of identity theft, in line with the recent double murder case in Sta. Rosa Laguna. The case has been widely-followed in the news for three weeks now.
On March 2, a man named David Dela Cruz was reported on national television for allegedly commiting the gruesome murder of a mother and her one year old son in Santa Rita. But it wasn’t his face plastered on TV. It was that of an unsuspecting engineer.
Christopher Oliveros, an Electronics and Communications Engineer for Globe Telecom Inc. reported to the local police that he was a victim of identity theft.
“I got the shock of my life when I saw this particular news in the March 4, 2016 -7:00 pm edition of TV Patrol...showed an identification card of this David dela Cruz, bearing my photograph,” he said in his affidavit as reported in TV Patrol.
In the same report, Oliveros said his Facebook photo was “cropped and stretched” while the suspects got his professional details on his LinkedIn account, including the company logo.
The identification card was left in the murder scene, with a text message allegedly sent by the victim to her family. It said that the man in the ID was responsible in case something happened to her and the baby.
Last Sunday, more than two weeks after their deaths, one of the two suspects surfaced and turned himself in to authorities. He confessed being paid by the husband of slain Pearl Sta. Ana, and father of baby Denzel.
The victims’ relatives and authorities are preparing to file double counts of parricide against Ricardo Sta. Ana. The suspect Ramoncito Galo, along with his alleged accomplice currently in hiding but identified under the alias “Bryan” Espera, face murder, robbery and rape cases.
Last June 8, 2015, the Bangko Sental ng Pilipinas (BSP) issued a public advisory against phishing. (http://www.bsp.gov.ph/publications/media.asp?id=3751)
Listed in the PNP-ACG’s report on the most common types of scams, BSP defines phising as a kind of identity theft wherein a victim’s online personal account is used “to commit fraudulent acts/crimes, or conduct unauthorized business.”
Scammers can encash checks, swipe credit cards and even open another bank account under their victims’ names after they have phished for information.
BSP also warned that phising may fool online users into clicking dubious link by using formal messages and logos that might look legitimate to the unsuspecting netizen.
“The message is usually accompanied by a link that, when clicked, leads to a spoofed or fake website which asks you to input your personal and financial information such as User IDs, passwords and account and personal identification numbers.”
A woman around 25, was issued a credit card this year, only to be a near victim of phising. For security purposes, she requested to be identified as Lady instead of her real name.
She received a call a week after she swiped her card in three consecutive transactions –in a grocery store, a transport service and a clinic.
“It took four calls before I was able to pick up the call from a guy who said he is conducting an online monitoring. He told me is doing a live monitoring of my card, and he seemed to be on a hurry.”
When she asked if the caller was from the bank, she was told that the person was calling from a group that would secure her transactions online. He just needed to verify details of her physical card.
“He knew my name, and the first four digits of my card. He said we cannot commit mistakes as the online monitoring is live and I should not commit mistakes in my answers,” she said about the scammer who introduced himself as an agent.
Lady just woke up, half dazed, when she answered the call. A “newbie cardholder," she confirmed most of the details asked from her.
But then he asked for her security pin and her suspicion grew.
“When he was done getting almost every information, he told me that the bank has duly approved my card among a number of applicants, then asked me to look for the digits at the back. He said these digits mean I am ***th (her three-digit security pin) of the persons approved within the branch… I felt duped, I knew he was lying.”
The dubious agent also told her that she would be given a ‘prestige discount card for travels.’
She gave out her pin number. He said her card would be delivered within a week. The call was transferred to one of the managers who would officially welcome her to her newest ‘membership.’
“The manager didn’t sound like an agent or a supervisor at all, he told me that they will continue the transaction and deduct an amount of 3, 000 pesos payable within the next six months. I quickly said okay and ended the call.”
Then Lady called the bank.
A bank agent informed Lady that no one from the bank would ask for her security pin especially on a roundabout basis such as personal calls, denying any connection to the pseudo company that called her.
Her credit card was blocked and replaced immediately.
After an hour, the dubious caller informed Lady that their system could not reach her account. He asked her to check on the “exact details” in the card once more.
“I told him, I don’t believe you because you had asked for my pin and no one will ask of that except If I input it myself,” Lady recalled saying. “I can sense he was dumbfounded, he just replied ‘Okay.’
An officer of the PNP-ACG said phishing was the possible modus used against Lady. He also said the anti-cybercrime law covers cases done by verbal phishing.
“The goal of criminals using brand spoofing is to lead consumers to believe that a request for information is coming from a legitimate company, but in reality it is a malicious attempt to collect customer information for the purpose of committing fraud,” the officer said in a phone interview.
Avoid getting phished
Here are some ways to avoid falling victim to phishing scammers, according to the PNP-ACG.
Photos obtained from Wikimedia