Please be warned of Phishing attacks presently being lodged against Philippine banks by foreign syndicates. Such attacks are perpetrated by unscrupulous groups (called "phishers" / "scammers") who randomly send bank clients an email message asking for their User IDs, Log-in and Transaction Passwords and claiming that this is for the purpose of ensuring their continued use of the bank's internet banking facility (in RCBC's case, RCBC Online Banking). Please be informed that these messages are fictitious, fabricated and are only meant to mislead you into allowing these phishers to steal your online financial identity and then illegally transact on your behalf.
Falling for this ploy could also allow these "syndicates" to steal your money.
Given this scenario, RCBC would like to remind you to NEVER trust or click on any link sent via e-mail or SMS if it requests for any personal information. RCBC WILL NEVER ask customers to provide these confidential information through email. Do not click on links provided in emails. Instead, type the bank's website (www.rcbc.com) directly into your browser's address bar
Please ensure that you use your User ID and Passwords ONLY when transacting directly to RCBC Online Banking.
Likewise, please be reminded that as stipulated in the Terms and Conditions you signed for RCBC Online Banking, the bank will NOT take responsibility for whatever losses you may incur in case of incident accessing bogus / unsecured websites.
Should you receive a suspicious "phishing" email, please report this immediately and email
email@example.com or call 877 RCBC (877-7222)
If you receive an email that:
Tells your online banking account is locked and you need to unlock it at the link they have provided
Asks for help, in exchange of a reward of great value
Offers you a job to receive and send money to someone else's account
Offers you to buy goods or services at unusually huge discounts
that are too good to be true
and asks you to provide your personal and financial information,
you might be a target of scamming or phishing attacks.
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Communications that are made to look that they are from popular social web sites, auction sites, online payment processors or IT administrators are usually used to lure the unsuspecting public. Phishers commonly get to their victims through "Phishing emails
A Phishing email is one that pretends to be from a company or bank, like RCBC, Apple, eBay, PayPal, etc. and asks you, the client (for various malicious reasons), to enter your account data such as your login details. These scams are often supported by fake spoof websites (unfortunately, not noticed by customers) and victims are tricked into thinking they are logging to the real company or Bank's website. Phishing is a form of identity theft, where fraudsters steal your identity and personal information to gain access to your properties, accounts or commit other crimes using your personal.
-->CAUTION: Take note that this is not RCBC's e-mail address
Subject: Urgent Notice // Account Blocked@RCBC
Dear Valued Customer,
Your account has been disabled for security reasons. Kindly reactivate now. Account will be suspended till further notice if not activated now. We take this opportunity to thank you for your understanding and patience.
Activate Now http://www.rcbc.com/secured.activate.php
-->CAUTION: Take note that this page does not exist in RCBC website
Rizal Commercial Banking Corporation
------------------------------------------- END OF SAMPLE ------------------------------------------
If you do receive an email you suspect to be a "Phishing email," do not click on any of the links it contains or immediately believe anything it says.
Please check if the email did come from the official e-mail address found on our website. The golden rule is that banks and other institutions NEVER ask for personal data via email or text message. If in doubt, you can forward and confirm the email to the supposed sender and ask them if they sent it, but make sure you type in the return address by hand the exact/correct email or website address of a Company/Bank.
If it somehow looks believable and credible, do not automatically click on the link provided on the email. Instead, enter the URL of your company's website (in this case, www.rcbc.com for RCBC accounts) directly into the web browser. Avoid being re-directed to another website (even if it bears a striking resemblance to your company's online site), or hyperlink from a website that may not at all be secure. If you want to further validate the legitimacy of the provided site, you may also look at the Universal Resource Locators (URLs) shown which should begin with "https." It should likewise display a closed padlock icon on the status bar on its browser. To confirm the authenticity of the site, double-click on the lock icon to display the security certificate information of the site.
Then again, if you are really suspicious with the email to begin with, you should ideally delete it right away. In the case of emails particularly pertaining to your RCBC accounts, it would be useful if you submit or forward it to us through RCBC Contact Center (firstname.lastname@example.org) so we can look into the matter right away.
You should act immediately. Depending on how much information you revealed, you should log into your relevant accounts and immediately change your log-in and transaction passwords. This will stop the fraudsters accessing your accounts with the information you sent them. Contact the concerned company or in the case of RCBC, the Bank's Contact Center hotline at 877-7222. You may also email email@example.com and make us aware of the situation in case of problems so we can give you further help and advice.
Contact the concerned company or in the case of RCBC, the Bank's Contact Center hotline at 877-7222 right away. You may also email firstname.lastname@example.org and make us aware of the situation in case of problems so we can give you further help and advice.
However, in similar cases, while RCBC can do an investigation on the fraud committed to you, the Bank will not assume any responsibility of your losses. This has been stipulated in the Terms and Conditions you signed and agreed to when you opened your RCBC Online Banking account.
The incident is truly regrettable and we sincerely sympathize with you on your predicament. However, it was your own action of providing the phishers your account details that enabled them to acquire your online identity with RCBC. Moreover, since your having clicked on the link provided in the Phishing email effectively redirected you to a site spoofing RCBC's, then the "scam" happened outside of RCBC's site-leaving the Bank's without any responsibility on the "act." For the record, since the Bank knows that you should be on the lookout for possible risks such as "phishing," it has posted warnings and precautionary messages against these illegal online activities since September 20, 2011, or way before the Phishing attacks have even started.
It is truly a wonder how these scammers got your email address or knew you as connected with a particular company like "RCBC." Often, it is just good luck on the part of the scammers. They normally do not target individuals, but send out thousands of scam emails to randomly generated email addresses, in the hope that just a few will be successful. They also trawl the web for valid addresses they can use, and swap this information with each other. If you have ever posted on an internet forum or published something on the web, there's a good chance your address is out there somewhere just waiting to be found. If you have fallen victim before, your address is normally added to a list of 'easy victims', and you are likely to then receive even more scams.
RCBC posts advisories on its corporate website (www.rcbc.com) and only use email@example.com as an official sender of all e-mail communications of the bank.
When receiving emails supposedly coming from RCBC, be wary of additions, deletions and or insertions on the addresses listed above since any deviations shall mean, it does not officially come from RCBC.
As per our Online Banking Enrollment Terms and Conditions that states the provision on accessing secured websites, RCBC shall not be responsible in the case of incident accessing bogus/unsecured websites.
RCBC's Internet Banking system is fully secure as it is equipped with security features that can suppress virus and malware attacks. The only way that clients can be victimized is if they have been misled by online syndicates to give their internet banking information on bogus sites that they were redirected to when they clicked the link provided in the Phishing email they received. No, RCBC's internet banking facility has not been hacked and is fully secure.