Tuesday, August 20, 2019


I am no longer surprised that a lot of us have ALREADY opened phishing emails which eventually preyed on curiosity, fear, and urgency kaya naman a lot of us are already aware of it. So my question is since many of us are knowledgeable about it, do you think you're not susceptible to phishing na? Well —think again!

2 weeks ago, I got invited to BDO's first-ever bloggers' appreciation event. I could say that it was a very-worthwhile day since I learned a lot about Anti-Fraud from the talk that was hosted by Mr. Edwin G. Reyes, the Executive Vice President and head of BDO’s transaction banking group, and BDO managers.

Here's sharing to you the highlight of his talk. This is worth a read~ dahil there are so many important things that were tackled. It would just take about 2-3 minutes of your time, so sit tight and read on....

First off, what is Phishing?
Phishing is a fraudulent attempt. Actually, from Mr. Reyes words, "I should call it practice pa nga eh kasi it’s not just one-off. It’s a fraudulent practice to induce individuals to reveal their sensitive, personal information, such as usernames, passwords, credit card details—yung mga ganyan—by disguising as a reputable company in an electronic communication. "

Typically it’s done through email or text messaging and it often directs users to enter personal information at a fake website, the look and feel of which is identical to the legitimate website.

These emails frequently use threats or they create scare—"tinatakot nila yung mga user so that they will actually respond. The information entered through the fake website becomes stolen user data which includes yung mga login details niyo and other confidential, personal information. The fraudster then uses the stolen data to access legitimate accounts. 'Pag nangyari yun, they’re free to transfer money to his or her accounts. "

Phishing is an example of social engineering. It’s a technique used to deceive users. "Parang may "pa-in". They bait. Kaya phishing yan eh, parang nangingisda ka. Except when you’re fishing, you’re trying to get fish. In this case, you’re actually trying to get data. Yun ang ninanakaw sa victim, yung data na yun. "

How is phishing done by fraudsters? 
In the context of BDO, there are people out there who are sending fake emails that look very real. They send it to as many people as they can hoping to reach BDO clients, so it’s a broad approach. Some BDO clients will be fooled by what appears to be an authentic communication from the bank. Based on the samples na nakita namin, they look authentic. They have our logo—there are really good ones, using the same font and color schemes, parang tunay talaga. Even the email address looks authentic. The only clue—and this is important—that will alert the reader to phishing, is the content of the email. BDO will never, never ask for your sensitive, personal information. Never. So pagka mayroon na kayong nakita sa content, asking for those things, then you should be suspicious. It’s probably not BDO. 

Once the modus operandi is done, what happens to a client’s account? 
They pretty much get everything. Once you go to the fake website and starting entering personal information, that’s it. Ultimately the information that is harvested will be used to steal money from you, from your accounts. 

How is BDO thwarting phishing attempts? 
"There’s what we call a multi-factor authentication. Ang trend is three factors. 

1. What you know, which is the ID and the password. 
2. What you have, which is the device, yung phone mo, without your phone, you know that it’s you, this kind of identifies you as well. 
3. Who you are, pwedeng fingerprint, pwedeng mukha mo o facial recognition, so that’s multifactor authentication. 

However, BDO cannot prevent the unauthorized use of authentic credentials. 'Pag binigay niyo po ang username, password, at other personal information to someone else, then that person can now access your account. "

Fraud is defined, broadly, as unauthorized use of authentic credentials. 

"So, in relation to multi-factor authentication, BDO also uses a service to take down suspected, phishing websites. Reported phishing attempts are investigated by a BDO cybersecurity partner. The goal is to take down the website that the phishing email uses to acquire sensitive, personal information. "

"All that said, the fraudsters are always a step ahead of us kasi yan ang trabaho nila full-time, so we’re always admittedly catching up. Pero bakit natin sila pababayaan manalo? Together, in partnership with our clients, ito yung advocacy natin. This is our fight. We need to thwart these phishing attempts. Dapat equipped tayo sa laban na ito and it starts with awareness. Consumer education is key. As you’ll always hear from us going forward, together with BDO, say NO to phishing."

BDO is already doing a lot of measures to counter-phishing— on the technical side, on the cybersecurity front, through their partners, and education programs. "

Join the advocacy: #saynotophishing! 
1. Never-ever give any information.
2. If ever you-encounter something suspicious or any phishing attack report it right away!

The fraudsters are out and about~thank you BDO for many important things we need to be aware of.

So again friends~ in any case you encounter such, do not hesitate to email and report it to reportphish@bdo.com.ph 

If all of us do our part, we could fight them!!


  1. Napakahalaga nito lalo na sa panahon ngayon! Napakadali lang makuha mga details ng account ng isang tao. Thankyou po for sharing.

  2. Nowadays, nakakatakot na po talaga kaya dapat doble ingat and dapat aware tayo sa paligid naten. Thanks fot the info Momsh. #saynotophishing