Home > Electronic Banking
Beware of email scams and phishing attacks
If you receive an email that:
- tells your online banking account is locked and you need to unlock it at the link they have provided
- asks for help, in exchange of a reward of great value
- offers you a job to receive and send money to someone else’s account
- offers you to buy goods or services at unusually huge discounts that are too good to be true
and asks you to provide your personal and financial information, you might be a target of scamming or phishing attacks.
Should you encounter this or a website with similar schemes, please report this immediately.
Call 877-RCBC (7222) or
PHISHING SCAM FAQs
- What is an email phishing scam?
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Communications that are made to look that they are from popular social web sites, auction sites, online payment processors or IT administrators are usually used to lure the unsuspecting public. Phishers commonly get to their victims through "Phishing emails."
- What are Phishing emails?
A Phishing email is one that pretends to be from a company or bank, like RCBC, Apple, eBay, PayPal, etc. and asks you, the client (for various malicious reasons), to enter your account data such as your login details. These scams are often supported by fake spoof websites (unfortunately, not noticed by customers) and victims are tricked into thinking they are logging to the real company or Bank's website. Phishing is a form of identity theft, where fraudsters steal your identity and personal information to gain access to your properties, accounts or commit other crimes using your persona.
- How does a Phishing E-mail may look like?
Here is a sample of a "Phishing email"
----------------------------------- SAMPLE MESSAGE -----------------------------------
Message from "RCBC." <firstname.lastname@example.org>
-->CAUTION: Take note that this is not RCBC's e-mail address
Subject: Urgent Notice // Account Blocked@RCBC
Dear Valued Customer,
Your account has been disabled for security reasons. Kindly reactivate now. Account will be suspended till further notice if not activated now. We take this opportunity to thank you for your understanding and patience.
Activate Now http://www.rcbc.com/secured.activate.php
-->CAUTION: Take note that this page does not exist in RCBC website
Rizal Commercial Banking Corporation
------------------------------------------- END OF SAMPLE -------------------------------------------
- Oh, yes! I remember receiving a similar email. What should I do if I receive something that I suspect as a Phishing email?
If you do receive an email you suspect to be a "Phishing email," do not click on any of the links it contains or immediately believe anything it says.
Please check if the email did come from the official e-mail address found on our website. The golden rule is that banks and other institutions NEVER ask for personal data via email or text message. If in doubt, you can forward and confirm the email to the supposed sender and ask them if they sent it, but make sure you type in the return address by hand the exact/correct email or website address of a Company/Bank.
If it somehow looks believable and credible, do not automatically click on the link provided on the email. Instead, enter the URL of your company’s website (in this case, www.rcbc.com for RCBC accounts) directly into the web browser. Avoid being re-directed to another website (even if it bears a striking resemblance to your company’s online site), or hyperlink from a website that may not at all be secure. If you want to further validate the legitimacy of the provided site, you may also look at the Universal Resource Locators (URLs) shown which should begin with "https." It should likewise display a closed padlock icon on the status bar on its browser. To confirm the authenticity of the site, double-click on the lock icon to display the security certificate information of the site.
Then again, if you are really suspicious with the email to begin with, you should ideally delete it right away. In the case of emails particularly pertaining to your RCBC accounts, it would be useful if you submit or forward it to us through RCBC Contact Center (email@example.com) so we can look into the matter right away.
- Oh, no! I think I may have fallen victim to “Phishing” and sent out my details to Phishers! What should I do?
You should act immediately. Depending on how much information you revealed, you should log into your relevant accounts and immediately change your log-in and transaction passwords. This will stop the fraudsters accessing your accounts with the information you sent them. Contact the concerned company or in the case of RCBC, the Bank’s Contact Center hotline at 877-7222. You may also email firstname.lastname@example.org and make us aware of the situation in case of problems so we can give you further help and advice.
- I checked too late! They have already gotten a huge portion of my money! What should I do?
Contact the concerned company or in the case of RCBC, the Bank's Contact Center hotline at 877-7222 right away. You may also email email@example.com and make us aware of the situation in case of problems so we can give you further help and advice.
However, in similar cases, while RCBC can do an investigation on the fraud committed to you, the Bank will not assume any responsibility of your losses. This has been stipulated in the Terms and Conditions you signed and agreed to when you opened your RCBC AccessOne account.
- That's unfair! I lost my money because I thought it was really RCBC that sent me that email.
The incident is truly regrettable and we sincerely sympathize with you on your predicament. However, it was your own action of providing the phishers your account details that enabled them to acquire your online identity with RCBC. Moreover, since your having clicked on the link provided in the Phishing email effectively redirected you to a site spoofing RCBC's, then the “scam” happened outside of RCBC's site—leaving the Bank's without any responsibility on the "act." For the record, since the Bank knows that you should be on the lookout for possible risks such as "phishing," it has posted warnings and precautionary messages against these illegal online activities since September 20, 2011, or way before the Phishing attacks have even started.
- This is all so strange. I received the phishing email on my yahoo/hotmail/gmail/personal email inbox. How could they have possibly gotten my email address?
It is truly a wonder how these scammers got your email address or knew you as connected with a particular company like "RCBC." Often, it is just good luck on the part of the scammers. They normally do not target individuals, but send out thousands of scam emails to randomly generated email addresses, in the hope that just a few will be successful. They also trawl the web for valid addresses they can use, and swap this information with each other. If you have ever posted on an internet forum or published something on the web, there's a good chance your address is out there somewhere just waiting to be found. If you have fallen victim before, your address is normally added to a list of 'easy victims', and you are likely to then receive even more scams.
- This is RCBC's fault. The bank should have advised us of these risks at the onset when we were just applying for online banking access!
RCBC posts advisories on its corporate website (www.rcbc.com) and only use firstname.lastname@example.org as an official sender of all e-mail communications of the bank.
When receiving emails supposedly coming from RCBC, be wary of additions, deletions and or insertions on the addresses listed above since any deviations shall mean, it does not officially come from RCBC.
As per our AccessOne Enrollment Terms and Conditions that states the provision on accessing secured websites, RCBC shall not be responsible in the case of incident accessing bogus/unsecured websites.
- Since fraudulent incidents such as this is possible, could it be that RCBC’s online banking facility is not secure? Worse, could it be that the Bank's site has been hacked?
RCBC’s Internet Banking system is fully secure as it is equipped with security features that can suppress virus and malware attacks. The only way that clients can be vicitimized is if they have been misled by online syndicates to give their internet banking information on bogus sites that they were redirected to when they clicked the link provided in the Phishing email they received. No, RCBC's internet banking facility has not been hacked and is fully secure.