Editorial: Guard against phishing

Appreciating the gesture of a former student to send her favorite pastry, retired teacher Belinda posted on social media a photo of the package. Another former student saw a detail in the online image that made Belinda vulnerable to scammers.

Belinda took her advice, deleting the post that included an image of the delivery receipt indicating her name and address.

In another incident, Benjamin answered finally persistent calls from a number that was not part of his contacts. The caller, a woman, asked for a person that Benjamin had never heard of.

In the ensuing exchange, the woman asked Benjamin for his full name, as if verifying his identity. Since she had a pleasant voice, he nearly forgot that he did not have to prove his identity to the caller and cut the call.

Benjamin had already been victimized in another vishing or voice phishing scam. He had revealed personal information, such as his name and one-time password (OTP) authorizing an online transaction, to a person who misrepresented himself as an employee of a bank where Benjamin had an account.

Though he thought of himself as digital-savvy, Benjamin was duped into shouldering credit card fees from fraudulent transactions in the phone phishing scam. Although he filed a formal complaint to the banks, he was informed by one establishment that he would have to shoulder the fees charged to his card since he had given the OTP to the scammer.

On hindsight, Benjamin reflected that the scammer’s voice — courteous, knowledgeable, professional — gained his trust and lowered his guard. Other common modes of vishing involve taxes or shipping fees, lottery or raffle, charity and “dugo-dugo (frightening the victim to transfer cash or valuables due to a false claim that a relative is in a medical emergency)”.

After the pandemic triggered lockdowns in March 2020 and drove more people to transact online, the National Bureau of Investigation’s (NBI) Cybercrime Division monitored a 200-percent increase in phishing scams, reported the news website Rappler on Aug. 12, 2020.

Phishing is a form of cybercrime that uses various digital channels of communication to steal data, such as personal information, login credentials and other information to access bank accounts, credit cards and online media accounts.

A frequent phishing technique deceives a victim into clicking an online link that, instead of directing one to the desired site, activates malware for the unauthorized harvest of personal data.

Only by constantly updating oneself on cybercrime strategies and practicing vigilance and caution can citizens protect themselves from cybercriminals.

Many establishments, such as banks, companies and the mass media, post online advisories to educate the public and alert them about scams currently circulating. On May 24, SunStar Cebu posted on its Facebook page a warning to alert netizens about a phishing scam luring netizens with screenshots of reports or news images intended to represent legitimate news media content, with the intent of getting victims to click the link and reveal login details.

Self-regulation is crucial for preventing the victimization of oneself and his or her network. Maybelline trusted the link sent by a former student and entered personal details to join a raffle program celebrating a supermarket’s anniversary.

Realizing that the process was too quick and too easy for her to win a major prize, she consulted her sons, who, by scrutinizing the link, informed her that this was a scam. Maybelline changed the log-in information for her social media page, as well as warned her social network about the scam.

Maybelline’s friend, Cherry, later saw the same promotional announcement and invitation to join, posted in her social media group. She warned fellow members not to click the link and summed up briefly Maybelline’s cautionary tale.

Digital communities are allies in countering digital predators.