Coronavirus spurs cyber-fraud epidemic

FREEPIK

Luz Wendy T. Noble, Reporter

PAMELA SAMIA, 54, lost P145,000 after an unauthorized withdrawal from her ATM account in January.

“You’d think your money is safe because it’s in a bank,” she said by telephone. “I wasn’t aware about the withdrawal until a week later because I don’t do online banking. I was also scared of being hacked if I went digital.”

Ms. Samia said she was planning to buy a lot where they would bury their mother’s ashes and donate the rest of the money to a hospital that took care of her when she got the coronavirus last year.

Those will have to wait.

The coronavirus pandemic has spurred increased spending at all levels of the global economy, from online shopping to trillions of dollars of stimulus packages. Criminals want a slice of the funds.

And with more and more people working from home, spam messages multiplied 220 times between February and March last year, while malicious URLs — links leading to malware downloads or scams — almost quadrupled, according to cybersecurity company Trend Micro.

Of the 20,000 consumer concerns received by the Philippine central bank last year, 13% were related to fraudulent, unauthorized transactions involving deposits, credit cards, e-money services and remittances. Most involved scammers, Bangko Sentral ng Pilipinas (BSP) Governor Benjamin E. Diokno said at a recent briefing.

Even powerful politicians are not exempted. In January, Senator Sherwin T. Gatchalian discovered that his credit card had been used to buy about a million pesos worth of liquor through Foodpanda.

Mr. Gatchalian said UnionBank of the Philippines, Inc. had been very responsive since the fraud occurred. Based on the bank’s investigation, the culprit changed the senator’s contact number — used to approve credit card transactions — by calling the bank and pretending to be him.

“That’s the funny part, this was not IT-related at all,” he said by telephone. “This was just pure and simple fraud.”

“It’s difficult for people like us — public servants and public figures — because our information is scattered all over the internet,” the lawmaker said. “If you are resourceful enough, you’ll get my information — my middle name, which high school I attended and my telephone number.”

The senator reached out to the National Bureau of Investigation (NBI), while UnionBank tapped police to trace the culprit.

Jose Paolo G. Rufo, chief information security officer at UnionBank, said they regularly review policies and procedures to ensure their clients’ safety. Consumer should also practice due diligence and vigilance against cyber-criminals, he said in an e-mail.

“Our customers’ safety and security are our utmost priority, and we have invested heavily in measures that are designed to secure all of their online and mobile banking transactions, and to respond to cybersecurity incidents and fraud in the digital space,” Mr. Rufo said.

REINVENTED SCAMS
Users are more likely to trust technology today than a year ago, Trend Micro researcher Fernando Merces and spokeswoman Erin Johnson said in a report posted on the company’s website.

“Since the pandemic started, devices and apps have been integral tools for school, work, shopping and even staying connected with friends and family,” they said. “All aspects of life have become a little bit more digital.”

But criminals have adapted as well by going digital. “Scammers took advantage of the surge in online commerce and payments, and also heavily targeted businesses and buyers that were settling into new ways of transacting,” they said.

Victims across the world have lost millions to these reinvented scams in online shopping, food delivery and messaging apps, and government assistance.

Fake shops abound on online platform sellers Lazada and Shopee, many of them selling graphics cards and other high-value items that are in short supply at 80% discount. Many of them will try to contact you on Viber and ask you to make a 10% deposit in their bank accounts before shipping.

A major cyberattack could shake the banking system’s stability. S&P Global Ratings has flagged emerging risks to banks’ credit ratings due to cyberattacks once they cause financial losses and reputational damage.

“A BSP-supervised financial institution may assess its cybersecurity defense as robust, but they may instantly change due to the highly evolving cyberthreat landscape,” Mr. Diokno said at an online briefing. He urged banks to reassess their spending on cybersecurity as more users shift to digital transactions.

The central bank is backing House Bill 6768 or the Financial Products and Services Consumer Production Act, which congressmen passed on third and final reading as early as June last year. A counterpart Senate bill is pending at the committee level.

The measure allows regulators to award the financial claims of duped consumers. It also slaps fines, suspension and penalties on financial service providers that have failed to prevent credit card fraud.

The Bankers Association of the Philippines (BAP) said rising online transactions during the pandemic had opened opportunities for fraud.

“With the higher number of Filipinos resorting to online banking, the chances of getting victimized by cyber-fraud also rise,” it said in an advisory posted on its website. “More people are now easy prey to bank personnel impersonation via texts or e-mails.”

Consumers victimized by credit card fraud should contact their banks and product vendors and file a report to dispute the charges, BAP said. They may also seek a review of the charges within 20 days.

People should also change their personal identification numbers and passwords after an incident. Clients may also request for a new credit card or register for a new account if they feel unsafe, BAP said.

Identity or password thefts account for 80% of cyber-breaches, Cisco Philippines Managing Director Karrie C. Ilagan said. The work-from-home setup means people are using more gadgets and doing transactions in unsecured networks.

“The attack surface has grown exponentially with the expansion of remote workers, home networks and unsecured devices, and applications and workloads have become the new attack vector,” she said in an e-mail.

The Anti-Money Laundering Council (AMLC) found that from March 16 to Aug. 31, 2020, cases such as skimming, phishing and unauthorized transactions made up 49% of suspicious transaction reports by covered institutions.

“Just as we have become alert in protecting our health from the virus, so too must we be alert in protecting our hard-earned money and personal information from fraud,” AMLC Executive Director Mel Georgie B. Racela said in a Viber message.

Unlike powerful politicians — Mr. Gatchalian was never charged P1 million — ordinary consumers are less protected. In May, Ms. Samia got a letter from the Malacañang branch of Land Bank of the Philippines denying her claim.

“Based on the investigation conducted by the bank, there is no compelling evidence that your account was exposed to fraud,” according to a copy of the letter. “In this respect, we regret to inform you that we cannot favorably act on your request for restitution.”

The government bank did not reply to an e-mail and text messages seeking comments.

Ms. Samia has appealed the ruling and wants to know who’s behind the scam. “I don’t care about the money anymore,” she said. “I just want to know who did it. What if they do it again?”