Search This Blog

Monday, October 26, 2020

BDO reminds accountholders: Do not reply to Add Device text messages if you did not make an Add Device request

BDO Unibank, Inc. cautions clients to be vigilant against scammers’ attempts to imitate official bank communications. Using the bank’s name and logo, these scams appear to be legitimate security alerts asking for clients’ personal information, which scammers’ will then use to access and steal money from online bank accounts. BDO reiterates that it will never send text messages or emails asking for clients’ personal information.

 

A recent modus finds scammers tricking clients into initiating BDO’s “Add Device” security alert, which is part of the bank’s two-factor authentication process to protect clients from unauthorized transactions. When accountholders reply “Add Device” to this bank-sent text message, scammers get access to their online bank account.

 

BDO reminds accountholders: “Only add trusted devices to your digital banking app. Do not reply to Add Device text messages if you did not make an Add Device request.” For added protection, the bank advises clients to limit permission to just one device.

 


How “mobile device takeover” scam works

 

The modus operandi starts with an email or text message that urges clients to click on a link to verify their accounts and avoid deactivation. Scammers often get clients’ data from scraping the internet for email addresses and mobile numbers. BDO reminds clients to be prudent when sharing personal information online.

 

Worried of the potential inconvenience, many clients click on the link, which prompts a fake website to open. Clients “log in” the fake website with their online bank account username and password. Scammers get their victims’ login details from the fake website and key these in the mobile app.

 

As a security protocol, BDO sends a text message to the client’s registered mobile number in case an unknown or new device is being used to access his or her online banking account. The alert asks the client to reply “Add Device” to get a One-Time PIN (OTP) to register the known and trusted mobile device. 

 

Deceived by the scammers’ email, some clients reply “Add Device” to this prompt, thinking it will reactivate their “deactivated” online bank account.

 

BDO reassures clients that it will never ask clients to verify their bank accounts via email or a text message, or ask them clients to click on links to do so. The bank advises accountholders to ignore or send these messages to ReportPhish@bdo.com.ph.

 

 

Report unauthorized transactions to BDO

 

If clients mistakenly register the scammers’ device, scammers will then send money from their victims’ account to theirs. When a fund transfer is successful, the bank sends a confirmation email to clients’ registered email address.

 

If they receive confirmation emails about transactions they didn’t do, BDO advises clients to immediately report it to its Customer Care Hotline at 8631-8000. They may also reach out by logging in Messenger and looking for BDO Customer Care with the blue verified checkmark from Facebook.

 

 

Again, never share OTPs

 

Scammers obtain their victims’ OTPs through the fake website. OTPs add another layer of protection for online banking. As the last part of the bank’s two-factor authentication process, the unique six-digit numbers register a mobile number to BDO Online Banking and confirm an online transaction. They can be used once and only within a short span of time.

 

BDO reminds clients not to give their bank account login information, such as username, password, and OTPs to protect their online bank accounts from theft.

 

7 comments:

  1. Yes mommy. Dami na nga scammer ngayon. Minsan may ibibigay na link.
    Thanks for this awareness mommy Lou and BDO..❤️

    ReplyDelete
  2. Thank you for sharing this po..need po talagamag ingat ngayon..

    ReplyDelete
  3. Dami na po nagkalat na ganyan ngaun kaya hanggat maari wag click ng click.. 👍

    ReplyDelete
  4. Mag ingat lalo sa panahon ngaun maraming nananamantala

    ReplyDelete
  5. Need talaga natin mag ingat lalo na ang may mga BDO account usong uso na kadi scammer ngayon grabi makapanloko lang gagawin lahat.. salamat dito ms. Lou

    ReplyDelete
  6. Thank you for sharing this Ms Lou,will share this po para maging aware ang lahat.

    ReplyDelete

Olay Bodyscience is partnering up with Watsons and Robinsons to take the BL heartthrobs all over Philippine stores.

Fans have been waiting since forever for Bright Vachirawit and Win Metawin to be together again, and Olay BodyScience came through for the...