Phishing is a type of cybercrime in which a target or targets are contacted via email, phone, or text message by someone impersonating a legitimate institution in order to trick individuals into providing sensitive data such as personally identifiable information, banking and credit card information, and passwords. The information is then utilized to get access to critical accounts, which can lead to identity theft and financial loss.
Authorities recently revealed that phishing is the most common type of cybercrime committed in the Philippines during the pandemic, followed by online selling schemes and the spread of disinformation that causes public fear.
National Bureau of Investigation NBI-Cyber Crimes Division (NBI-CCD) Senior Agent Francis Señora said that reports of phishing cases to the agency has increased by more than 200%. Phishing is being listed by Philippine authorities as the top cybercrime being committed in the country during the COVID-19 pandemic.
Common Phishing Techniques:
- Phishing Email – Phishing emails are designed to appear to come from a legitimate source, like Amazon customer support, banks, PayPal, or another recognized organization. Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.”
- Spear Phishing – Typically spear phishing emails use urgent and familiar language to encourage the victim to act immediately. An example is an automated phone call or text message from your bank stating that your account may have been breached.
- Fake Websites / Link Manipulations – This link takes victims to a manipulated version of the popular website, designed to look like the real one, and asking the victim to enter their credentials or other information into the fake site’s interface.
- Mobile Phishing (Smishing) – A fraudulent SMS, social media message, voice mail, or other in-app message asks the recipient to update their account details, change their password, or tells them their account has been violated. The message includes a link that is used to steal the victim’s personal information or installs malware on the mobile device.
- Voice Phishing (Vishing) – This occurs when a caller leaves a strongly worded voicemail that urges the recipient to respond immediately and to call another phone number. These voicemails are urgent and convince the victim for example, that their bank account will be suspended if they don’t respond.
The Cyber Crime Unit of PNP suggests the following safety measures: regular updating of software, enabling firewall system, using different or strong passwords, using antivirus and anti-malware software, activate one’s email anti-spam blocking feature, encrypt local hard disks and emails, and always monitor online activities of children.