The Bangko Sentral ng Pilipinas is currently in close coordination with BDO Unibank Inc. and Union Bank of the Philippines regarding the reported hacking incidents of several BDO online banking accounts over the weekend, BSP Governor Benjamin Diokno said.
Diokno issued the statement after several BDO account holders reported unauthorized transactions on social media. They said they noted unauthorized transactions to a certain “Mark Nagoyo,” purportedly the beneficiary account for these illegal transactions.
BDO depositors further said “Mark Nagoyo” is a “bogus Union Bank of the Philippines owner” who transferred tens of thousands of pesos from their accounts to the Aboitiz-owned bank.
Diokno said BSP would do everything to ensure the safety and integrity of the financial system as well as the protection of financial consumers.
Meanwhile, Bankers Association of the Philippines president Jose Arnulfo “Wick” Veloso called on the public to be more vigilant against cyberattacks, following reports of fraudulent schemes involving one of the country’s biggest lenders.
In a statement released Sunday, Veloso reminded the public to refrain from giving out sensitive information which could lead to their accounts being compromised.
“An important reminder: You will never be a victim of cybercrime if you never give your personal information, such as One-Time Password, to other people. If you do not give your personal information to others, cybercriminals will never be able to steal your money,” he said in Filipino.
“BSP has been monitoring the surge in complaints posted in social media platforms since the early part of this week. We are in close coordination with BDO as well as UBP on this incident to ensure that remedial measures are being undertaken, including reimbursement of affected consumers,” Diokno added.
Asked by Manila Standard for comment, BDO released a statement on Sunday saying it was aware of a sophisticated fraud technique that affected some of its clients.
“We assure you that we have already implemented additional security controls to block further attempts and continue to protect bank credentials,” BDO said.
The bank assured its affected clients that it will “reimburse their losses.”
The Standard also tried to get a comment from Union Bank, but it told online news sites it was still verifying the reports.
BDO said cybersecurity is a focal point of the banking sector and it has been continuously investing and working towards improving its security infrastructure to protect its clients’ money.
Veloso added: “We continue to work to ensure your safe banking experience — an example of this is our Cybersafe campaign. Read the newspapers, follow your banks on Facebook, and watch your favorite social media influencers to know how to be safe while banking online.”
The Bankers Association of the Philippines is the umbrella organization of universal and commercial banks in the country.
Veloso said whenever a person encounters a cybercriminal, he/she must immediately report it to the respective banks and the police. “This is so we can work together to take down cybercriminals, such as the fake bank websites they are using to trick others,” Veloso said.
BDO has been warning its clients against scammers who are taking advantage of the enhanced community quarantine to trick people into giving their personal information, such as usernames, passwords, account numbers, and One-Time PINs (OTPs).
Using this information, scammers take their victims’ identities, access their online bank accounts, and steal their hard-earned money.
“Pretending to be bank officers, they communicate with accountholders over the phone, SMS, email, or even social media and urge them to verify their accounts or validate a transaction by sharing their personal information. Alarmed and anxious, many are victimized, especially those who are new to online banking,” it said.
BDO assures its clients that real bank officers will never ask for their personal information. One of the best defenses against scam, according to the bank, is never sharing OTPs with anyone. (See full story online at manilastandard.net)
OTPs provide another layer of protection for online bankers. They can be used once and only within a short span of time. The bank sends these unique six-character codes on two occasions: first, to complete a mobile number’s registration to BDO Online Banking, and second, to confirm an online transaction.
Besides asking directly, scammers can obtain OTPs from a stolen phone.
They can hack apps, which may have the owner’s banking details to make quick online transactions.
The bank reminds its clients to report when their registered mobile devices are stolen or missing, so that it can detect unauthorized transactions from it.
Some scammers select their victims carefully. They gather their victims’ personal information first before attacking. Through a scheme called SIM swapping, they pretend to be the mobile owner and deceive a phone line carrier into giving out a new SIM card.
BDO advised clients, when they notice unusual activities on their mobile devices, to ask their telecommunication company to block theirSIM number and for extra safety, freeze their bank accounts.