Bank fraud probe tags 6 ‘persons of interest’

WE FOUND ’EM: Union Bank announced a breakthrough in a recent scam.

MANILA, Philippines — Six “persons of interest” have been identified in relation to the recent cyberfraud attack against the country’s largest bank, BDO Unibank Inc., whereby some of the funds were illegally transferred to accounts at UnionBank of the Philippines (Unionbank).

This is according to UnionBank chief technology and operations officer Henry Aguda, who did not name the suspects.

A surge of social media posts complaining about unauthorized bank transfers over the weekend prompted the Bangko Sentral ng Pilipinas (BSP) on Sunday to urge both banks to implement remedial measures.

In a press briefing on Wednesday, Aguda said Unionbank already filed with the National Bureau of Investigation and the Philippine National Police information that the bank gathered in relation to funds that were illegally transferred from BDO clients.

There were close to 700 BDO clients affected by this incident, some of whose funds were transferred to Unionbank, which in turn has since frozen about P5 million worth of funds.

“As one of the receiving banks, Unionbank stands in solidarity with the entire banking industry and the relevant government agencies in fighting against the cybercriminals. We are collaborating closely with BDO. In fact, we’ve started collaborating even over the weekend,” Aguda said.

Apart from the cases filed with the PNP and the NBI, all the necessary reports would likewise be submitted to the BSP, Aguda said.

Aguda also appealed to the public to help the banking system uncover “mules,” or those who sell their bank accounts, such as to criminals who need vehicles to launder proceeds from criminal activities.

“We’re doing everything we can do to help the victims,” he said.

‘Data is gold’

In a separate event, Unionbank vice president and head of micro, small and medium enterprise segment Jaypee Soliman talked about phishing, defined as “a fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”

“Data is like gold we need to protect, especially for professionals and businesses,” Soliman said in a session on cyberattacks at the Association of Certified Public Accountants in Commerce and Industry 37th Annual National Convention.

He said phishing could happen through compromised emails. Fraudsters can easily get passwords that allow them to go through your sensitive information or files. Usually, the same password is used for mobile banking. Thus, when they pose as bank representatives and convince people to give their one-time password, they now have access to online banking accounts.

In this age of social media, phishing is no longer limited to emails as it can be done through popular sites, like Facebook, Instagram, or Twitter, such as through bogus promos or ads.

How to avoid a phishing attack

Soliman walked through the steps that professionals and businesses should know to avoid falling victim to these phishing attacks.

First, understand the entry points or gateways where fraudsters can get in, such as an email. Each and every access point is a potential entry point of threats.

Second, have an early detection system. Depending on the strategy of the company, it can be an internal communication system where threats are recognized.

Third, have a response mechanism. This may vary depending on what industry the company belongs to. Have a solid communications system. This helps get information about potential threats inside the company that also extend to the customers.

Lastly, have a recovery plan. This is the strategy on how to treat intrusions, how to block or even eliminate these threats.

Soliman also recommended the following:

Read more...