Millions on lockdown can be easy prey for scammers who exploit their desire to secure their lives and their income during uncertain times. The tactics are the same—a seemingly harmless phone call from a telemarketer, an urgent e-mail alert.
The baits, however, have adapted to the pandemic: you've been contact-traced, you need to change your SIM. They tug on human instincts to survive, act now and act fast without much thinking. On any given day, there are 18 million malware and 240 million scam attacks that are designed for those who are quarantined at home, according to Google data.
"Hackers continue changing and shifting the type of content they're going to use and the types of attacks their going to exploit," said Mark Risher, Google's senior director for Account Security, Identity and Abuse.
"Now they know that anywhere around the planet, COVID-19 will be recognizable and will stimulate action from victims... They move from generic messages to much more targeted, much more precisely crafted attacks," he said in a recent video conference with reporters.
Cybersecurity experts agree, when confronted with an unexpected phone call or e-mail, don't just give away your personal details like your birthday or mother's maiden name as these can be used to unlock your bank accounts. It also goes without saying that you shouldn't give out your credit card details to unsolicited callers.
When in doubt, check with your bank, credit card provider, local government or state agency. Most of them have verified accounts on Facebook and Twitter with blue badges, experts said.
It is also important to exhaust security layers such as two-factor authentication which requires an e-mail or SMS code to access internet accounts on top of passwords. For ATMs and credit cards, activate transaction notifications and OTPs or one time PIN to make sure you block unauthorized charges.
To avoid falling for cybercriminals, it will be helpful to understand how they are trying to trick you. Lives and livelihoods are at stake and the road ahead is uncertain so be careful and smart. Try thinking like a scammer to avoid falling for one.
"You were exposed to someone with COVID-19."
It's a scam says the Department of Health. Don't fall for those who will call or message you, introducing themselves as "contact-tracers" and asking for money in exchange for COVID-19 testing.
Block and report the fraudster's number to the DOH and coordinate with your barangay on contact-tracing efforts that are specific to your location, the health department said. No, the DOH said it has no "contact tracing team."
"You need to secure your money."
The country's largest bank, BDO, alerted customers during the early days of the lockdown over a scam email asking them to "verify" their accounts by clicking on an email link. At that time, work was uncertain as businesses began to close. It would make sense to "verify" an account, but this do the reverse: give hackers access.
"Be smarter than a scammer. BDO will NEVER ask you to verify your account. DO NOT click links or give login details and your OTP to fake BDO employees asking to 'verify' your account," the bank said at that time.
"You need to donate and do your part."
This was one of the earliest scams, appealing to human compassion. Be careful with pages that claim to solicit donations for COVID-19, especially those on social media, experts said. Check the donation links on the official pages of foundations and aid agencies.
"You need to change your SIM."
Who wouldn't be swayed to do this during these work from home times? Our mobile phones are our gateway to work, shopping and keeping in touch and the thought of losing that because of a faulty SIM could convince one to swap.
The Bangko Sentral had warned about this, hackers will use the surrendered SIM to get OTPs and two-factor codes. Exchange your SIM only in carrier stores.
"You need to click now."
This is the lure of phising emails, or those that dupe users into giving out their account details by clicking on an attachment. The messages seem urgent —act now because your details have compromised. Check the source, experts said. If it's a corprate email, check with your administrator who could've warned you about it before. If it's a purported bank alert, check with your bank. Simply put: think before you click.