Have you heard of "cancel culture"? Merriam-Webster defines the phrase as the practice or tendency of engaging in mass canceling to express disapproval and exert social pressure. An example would be the mass withdrawal of support from public figures or celebrities who have done things that aren't socially accepted. This practice of "canceling" often occurs on social media platforms such as Twitter, Instagram, or Facebook.
While "canceling" may have its merits, it is often abused in social media. It should be stopped. But there's another cancel-movement that others may not yet be aware of, but we need to expunge—the "cancel order" scam. "ALERT! You have been charged Php 5,000 for online purchase. To cancel your order, immediately click the link below." And with a single click, your hard-earned money goes down the drain.
Remember that banks will never ask you to click on any link via email, let alone call you, to cancel your transactions. In BPI, 55% of the reported phishing attacks come from online and mobile app users aged 35-59, followed by users aged below 35 comprising the 33%. The remaining 12% comes from users aged 59 above. The biggest target, which is the age group 35-59, comprises those who usually have investments and higher salaries compared to the other age groups.
According to BPI Data Privacy and Enterprise Information Security Officer Jonathan Paz, online shopping has made people vulnerable to this "cancel order" scam.
"Everyone is vulnerable to cyber fraud. Cybercriminals are opportunistic and are not picky with their targets — they just carry out shotgun-like attacks and go after whoever bites. All of us can be victims, and this is why BPI has been relentless with its social media information campaign to shine a light on these cybercrimes," said Mr. Paz.
2020 data from Trend Micro show that ASEAN banking customers are the most targeted group for phishing attacks, accounting for 21.3% of the global figure. Kaspersky blocked 1.6 million phishing attempts from January to June 2020, where 200,312 came from the Philippines. Accordingly, the National Bureau of Investigation's Cybercrime Division documented a 200% increase in phishing scams since March last year as the community quarantine began.
Here are things to look out for when spotting a phishing email:
1) Sender. Are there spelling errors or alterations in the email address domain such as "@bpl.com.ph" instead of "@bpi.com.ph"?
2) Subject. Does the subject invoke a sense of urgency?
3) Links or attachments. Does the link include a misspelling or does it look sketchy?
4) Urgent call to action. Are you being asked to immediately click a link? Cancel a suspicious purchase online? Are you being asked to enter sensitive personal information such as your password and account details?
Always remember that cybersecurity is a shared responsibility.
Let us all be vigilant and smart as we do our part in cancelling the cancel culture and the "cancel order" scam.
Follow BPI in Facebook for your regular #BPIcybersecuriTips.
Published on October 6, 2021