Promoting cybersecurity awareness

Published in Philippine Star

Buying and selling has grown more convenient over the years with the rise of online shopping and the overall digitization of most transactions, making purchases more convenient for Filipinos.

But along with this convenience also comes the rise of another threat we’ve all become too aware of: cyber-related crimes such as fraud and hacking. Scams like these are designed to gain access to a person’s online information such as their digital banking accounts.

“Fraud, nowadays, is wide-ranging and quite extensive,” observed RCBC’s Chief Information Security Officer Carlos Tengkiat. “Fraudsters understand that people have additional discretionary income. Social engineering methods, such as phishing, vishing, and pretexting, are still the most prevalent methods used to trick people into giving away vital account information and One Time Password (OTP).“ Tengkiat added that such acts are low-risk and high-return activities for criminals, yet have far-reaching consequences to society in general.

“When these attacks become successful on a massive scale, not only does it affect the victimized clients, but can cause fear and uncertainty amongst the public. This will eventually lead to disruption in all levels of society, including the business and financial markets,” Tengkiat cautioned.

How RCBC fights off cybersecurity crimes, online fraud Tengkiat said that cybersecurity is a shared responsibility between the government and private financial institutions, such as banks. With this, Tengkiat said that RCBC is committed to do their part in battling online fraud by spreading cybersecurity awareness.

“In RCBC, we keep abreast of cybersecurity and fraud trends and deploy applicable controls using advanced technology and industry best practices to prevent these from happening,” Tengkiat explained. “At the same time, it is RCBC's goal, with its cybersecurity and fraud awareness campaigns, to empower clients with knowledge so they can do their part in protecting their own accounts.

He added that recent cooperation between government agencies and private entities have resulted in innovations to prevent the prevalence of phishing attacks. Recent changes to SMS messaging prevent links from being sent, eliminating the danger of accidentally visiting fake websites. He cautioned, however, that while the adoption of technology is easy, using it with the proper safeguards takes time.

For their part, RCBC and RCBC Credit Cards have removed all clickable links in emails or electronic direct mailers (eDM), SMS, and Viber sent to all their clients to continuously increase protection against cybercrimes, as well as to easily distinguish legitimate communications from phishing, smishing, vishing and other cybercrime attempts.

“Apart from that, RCBC is constantly working with other banking institutions, e-wallet companies, telecommunication firms, security organizations and agencies, and government institutions to ensure that these threats are mitigated and acted upon immediately,” Tengkiat added. Tengkiat shared five simple tips to help spare you from online criminals:

• Never share your OTP. Once provided, cybercriminals can take over your account and deplete your savings instantly. Banks or any institution will never ask for your passwords or OTPs via phone call, SMS, or email.

• Be wary of calls from unknown numbers. Use caution if you are being pressured to divulge personal information.

• Think before you click. Pay attention to emails you receive. Don’t open emails from unknown senders or click on links in suspicious messages.

• Practice good digital hygiene. Update your devices' operating systems, use strong passwords (e.g. atleast 8 characters consisting of alphanumeric and special characters), delete unused applications/softwares, be cautious of what you download, and use safe browsers.

• Be careful of what you post on social media. Cybercriminals will search social media accounts for social engineering purposes. Oversharing leads to creating a detailed public profile of oneself (e.g. where you work, interests, activities, etc.) which can be used by bad actors to gain your trust and eventually ask for your personal or account information.