BDO Unibank, Inc. alerts clients to be cautious about attempts by scammers to mimic official banking communications. Using the name and logo of the bank, these scams claim to be legitimate security notices asking for personal information from customers, which the scammers can then use to access and steal money from online bank accounts. BDO reiterates that it would never send text messages or e-mails asking for personal information from customers.
A recent modus finds scammers tricking clients into initiating BDO’s “Add Device” security alert, which is part of the bank’s two-factor authentication process to protect clients from unauthorized transactions. When account holders reply “Add Device” to this bank-sent text message, scammers get access to their online bank account.
BDO reminds account holders: “Only add trusted devices to your digital banking app. Do not reply to Add Device text messages if you did not make an Add Device request.” For added protection, the bank advises clients to limit permission to just one device.
How “mobile device takeover” scam works
The modus operandi starts with an email or text message that urges clients to click on a link to verify their accounts and avoid deactivation. Scammers often get clients’ data from scraping the internet for email addresses and mobile numbers. BDO reminds clients to be prudent when sharing personal information online.
Worried of the potential inconvenience, many clients click on the link, which prompts a fake website to open. Clients “log in” the fake website with their online bank account username and password. Scammers get their victims’ login details from the fake website and key these in the mobile app.
As a security protocol, BDO sends a text message to the client’s registered mobile number in case an unknown or new device is being used to access his or her online banking account. The alert asks the client to reply “Add Device” to get a One-Time PIN (OTP) to register the known and trusted mobile device.
Deceived by the scammers’ email, some clients reply “Add Device” to this prompt, thinking it will reactivate their “deactivated” online bank account.
BDO reassures clients that it will never ask clients to verify their bank accounts via email or a text message, or ask them to click on links to do so. The bank advises account holders to ignore or send these messages to ReportPhish@bdo.com.ph.
Report unauthorized transactions to BDO
If clients mistakenly register the scammers’ device, scammers will then send money from their victims’ account to theirs. When a fund transfer is successful, the bank sends a confirmation email to clients’ registered email address.
If they receive confirmation emails about transactions they didn’t do, BDO advises clients to immediately report it to its Customer Care Hotline at 8631-8000. They may also reach out by logging in Messenger and looking for BDO Customer Care with the blue verified checkmark from Facebook.
Again, never share OTPs
Scammers obtain their victims’ OTPs through the fake website. OTPs add another layer of protection for online banking. As the last part of the bank’s two-factor authentication process, the unique six-digit numbers register a mobile number to BDO Online Banking and confirm an online transaction. They can be used once and only within a short span of time.
BDO reminds clients not to give their bank account login information, such as username, password, and OTPs to protect their online bank accounts from theft.
About BDO Unibank, Inc.
BDO UNIBANK is a full-service universal bank which provides a wide range of corporate and retail banking services. These services include traditional loan and deposit products, as well as treasury, trust and investments, investment banking, private banking, rural banking, cash management, leasing and finance, remittance, insurance, retail cash cards, credit card services and stock brokerage services.
BDO has one of the largest distribution networks, with more than 1,400 operating branches and over 4,400 ATMs nationwide. It also has full-service branches in Hong Kong and Singapore as well as 13 overseas remittance and representative offices in Asia, Europe, North America and the Middle East.
BDO ranked as the largest bank in terms of total assets, loans, deposits and trust funds under management based on published statements of condition as of June 30, 2020. For more information, please visit www.bdo.com.ph.
No comments:
Post a Comment