You protect your hard-earned money, which is why you stash your cash in the bank. But since we have mostly shifted to online banking, scammers have also gone digital. So here are ways to prevent a mobile device takeover and protect yourself from being a victim of internet fraud.
A Warning Against Mobile Device Takeover and Internet Fraud
BDO Unibank, Inc. cautions all their clients to be vigilant against attempts to imitate official bank communications.
Using the bank’s name and logo, scammers send what would appear to be legitimate security alerts through email. They will then ask for clients’ personal information, which scammers will use to access and steal money from online bank accounts.
BDO reiterates that it will never send text messages or emails asking for clients’ personal information.
New Online Scam MO That We Should be Aware Of
As the bank improves its online security features, scammers also work hard to break them.
A recent modus finds scammers tricking clients into initiating BDO’s “Add Device” security alert. This is part of the bank’s two-factor authentication process to protect clients from unauthorized transactions.
When accountholders reply “Add Device” to this supposed bank-sent text message, scammers get access to their online bank account.
BDO has this reminder to account holders. “Only add trusted devices to your digital banking app. Do not reply to Add Device text messages if you did not make an Add Device request.”
For added protection, the bank advises clients to limit permission to just one device.
How “Mobile Device Takeover” Scam Works
The modus operandi starts with an email or text message that urges clients to click on a link to verify their accounts. It usually comes with a warning that the user should do this immediately to avoid deactivation.
Scammers often get clients’ data from scraping the internet for email addresses and mobile numbers. BDO reminds clients to be prudent when sharing personal information online.
Worried about the potential inconvenience, many clients click on the link. A fake website is then prompted to open. Clients would then “log in” the fake website with their online bank account username and password.
Scammers get their victims’ login details from the fake website and key these in the mobile app.
The Override Happens
As a security protocol, BDO sends a text message to the client’s registered mobile number in case an unknown or new device is being used to access the online banking account. The alert asks the client to reply “Add Device” to get a One-Time PIN (OTP) to register the known and trusted mobile device.
Deceived by the scammers’ email, some clients reply “Add Device” to this prompt. They think that it will reactivate their “deactivated” online bank account.
BDO reassures clients that it will never ask clients to verify their bank accounts via email or a text message. Nor will they ask clients to click on links to do so.
The bank advises accountholders to ignore or send these messages to ReportPhish@bdo.com.ph.
Report Unauthorized Transactions to BDO
If clients mistakenly register the scammers’ device, scammers will then send money from a victim’s account to theirs. When a fund transfer is successful, the bank sends a confirmation email to the clients’ registered email address.
If you receive confirmation emails about transactions you didn’t do, immediately call BDO to report the anomalous transaction.
Call the BDO Customer Care Hotline at 8631-8000.
You may also reach out through Messenger and look for the BDO Customer Care. It should have a blue verified checkmark from Facebook.
Never Share OTPs
Scammers obtain their victims’ OTPs through the fake website. OTPs add another layer of protection for online banking. As the last part of the bank’s two-factor authentication process, the unique six-digit numbers register a mobile number to BDO Online Banking and confirm an online transaction. They can be used once and only within a short span of time.
BDO reminds clients not to give their bank account login information, such as username, password, and OTPs to protect their online bank accounts from theft.