TOP | 2015 | Weekly Column | Phishing and Skimming

Phishing and Skimming
DOST-ICTO
Writer and Web Coordination
Mr. Jefferson Lizardo
 
Phishing has once again started to become a trend in the Philippines. I have been a victim of this the first time way back in the early 2000's when I was tricked by an email to login my game account on a spoofed version of the game publisher's website. The email promised me a rare upgrade if I login immediately after reading it, but instead, I ended up getting locked out of the account. Making me hurry and not think my decisions over proved to be an effective way to get my account compromised.

Now, unbelievably, I again just recently got victimized through the same scheme using a slightly different approach. I opened an email seemingly sent by our IT administrator, but upon careful inspection, it was actually a spoof of his email using probably a fake mail generator. The email instructed me to log-out and login through the link to verify my account. All it took was a few seconds, and I lost access to my work email account.

It's a good thing that I only had the account for a few days, because it happened when I was relatively new and had yet to update it with any personal information. I also hadn't received any emails that may compromise my privacy.

Despite these incidents, I still consider myself lucky. Losing a game account and a fully recoverable work email account isn't so bad compared to what has happened to a number of Filipinos who have fallen victim to phishing and ATM card skimming schemes. ABS-CBN news, a local broadcasting network, said that victims have lost hundreds of thousands in Philippine pesos.

For a time, banks have been warning its clients of the dangers that entails online banking, but this time, as the numbers of victims continuously increase in an alarming rate, the Banko Sentral ng Pilipinas (BSP) decided to intervene.

The organization declared that they will be assessing security measures that private banks implement and will grade them accordingly as a step to combat the growing threat. They are also looking into ways to improve the security of ATM machines as more reports of ATM skimming are received by the police. Those that will be graded poorly shall be sanctioned by the BSP. This is definitely a good step to impose banks to adding more layers of security to their clients' accounts.

The National Bureau of Investigation is also helping raise awareness against phishing. They are closely working with local Internet Service Providers for possible measures that would detect and block such sites.

On the user's end, always being careful and vigilant is the best way to avoid being duped. Sometimes all you need is a bit closer inspection of the email address of the sender or the URL of the website you are putting your login credentials in. My personal experiences could have been avoided if I did these. In the cases of skimming, physically inspecting ATM card slots and the keyboard would largely help. This is still true for ATMs located within secured locations like malls, banks and the like. It doesn't hurt to be extra wary. What hurts is having your life-long savings stolen just by using a compromised machine.