DOJ, banks set ‘coordinated’ crackdown on cybercriminals
MANILA, Philippines — In the wake of cyberhacking and phishing incidents that victimized many clients of the country’s two biggest banks, the banking community has vowed to intensify the crackdown against cybercriminals by teaming up with the Department of Justice (DOJ) in a “collective, coordinated and strategic” response.
The Bankers Association of the Philippines (BAP) will sign a memorandum of understanding (MOU) with the DOJ on Feb. 4 to “cement the partnership” between the banking industry and the national government in the fight against cybercriminals.
The agreement is seen as crucial in this period of “heightened cyber criminality,” the association of the country’s universal banks said in a statement on Sunday.
“The (BAP) believes that all stakeholders — such as the government, the banking industry, and the Filipino public—must work together to keep Filipinos safe and make cybercriminals pay for the crimes they have committed,” the BAP said.
“Promoting cybersecurity in the banking system is a joint effort in as much as it is a core aspect of the nation’s security and the economy’s stability.”
Article continues after this advertisementThis developed after many clients of BDO Unibank and the state-owned Land Bank of the Philippines recently fell prey to cybercriminals.
Article continues after this advertisement‘Nagoyo’ scam
In the case of BDO, there was a sophisticated hacking scheme that bypassed the one-time password (OTP) security protocol of some 700 depositors, resulting in unauthorized bank withdrawals and the transfer of the stolen funds to “mule” accounts, including those transferred to Union Bank of the Philippines accounts under the name of one “Mark Nagoyo.”
The National Bureau of Investigation has since caught the suspects in the “Nagoyo” scam — two Nigerians and three Filipinos.
From 2019 to 2021, about P2 billion had been lost to digital banking fraud, including hacking and phishing incidents, based on consumer complaints lodged at the Bangko Sentral ng Pilipinas. These incidents have increased at an alarming rate during the pandemic as consumers were forced to shift to digital banking channels because of mobility restrictions.
“We thank the [NBI] and the [DOJ] for their successful collaboration in holding cybercriminals accountable for what they have done. Their actions demonstrate that cybercriminals will never go unpunished for victimizing the Filipino banking public and stealing their hard-earned savings,” said BAP president Jose Arnulfo Veloso, who is also president of Philippine National Bank.
Nestor Tan, president and CEO of BDO, assured the bank’s clients that all of their cybercrime-related concerns would be immediately addressed. BDO promised to reimburse the 700 clients affected by the “Nagoyo” scam.
Teachers, too
“We continue to make investments and enhancements in our security systems to assure our banking clients will have a safe and secure banking experience,” Tan added.
Some teachers have also reported losing their hard-earned money deposited at Landbank to cybercriminals.
While the bank claimed that this was a phishing incident and not a hacking of its system, the complaining depositors said they had not clicked on or opened any malicious link or email.
Cecilia Borromeo, president of Landbank and also first vice president of BAP, assured stakeholders that the banking industry would continue to do its part in promoting cybersecurity.
“Suspicious messages should be immediately reported to the authorities. The banks have dedicated personnel to handle these incidents to ensure protection of our clients,” Borromeo said.
Phishing is a type of social engineering attack in which cybercriminals trick victims into revealing sensitive information or installing malware, whether through fraudulent texts emails and phone calls. Once scammers get hold of their bank credentials, they are able to access their accounts and steal money.
“A central pillar to a strong banking system is the capabilities of government agencies who enforce the law. As we move toward the digitalization of our banking system, a key role in ensuring the safety of Filipinos in cyberspace is the swift and resolute enforcement of the rule of law,” said Hans Sicat, country CEO of ING Philippines and second vice president of BAP.
“The banking industry will always be a partner of the national government to ensure every Filipino will be safe against cybercriminals,” said Jose Teodoro Limcaoco, president of Bank of the Philippine Islands. “Aside from investments in our cybersecurity systems, we closely coordinate with government authorities such as the [NBI] and share information that has led to the apprehension of cybercriminals.”
Senate inquiry
In the Senate, Sen. Richard Gordon, chair of the blue ribbon committee, filed a measure last Wednesday urging his colleagues to investigate recent cases of digital theft, particularly the “diminishing money” from the Landbank accounts of public school teachers and other government personnel.
“The Senate must spearhead an inquiry, in aid of legislation, on strengthening existing pertinent legislation on cybersecurity in close cooperation with law enforcement… to adequately protect the Filipino people, particularly those most vulnerable, and the financial security of their persons and families essentially relying on our collective cybersecurity,” the Gordon resolution read in part.
Gordon said the state must serve and protect the people “now that criminals are using technology to pilfer from the people’s savings.”
“The Senate is compelled to act on the vicious commission of cybercrimes against the Filipino people, particularly against teachers and other public servants, private employees, and businesses, taking away their hard-earned savings, violating their financial security, assaulting their cybersecurity, and disregarding their rights,” he said.
He also invoked the Cybercrime Prevention Act, which cited the need to protect and safeguard the integrity of computer and computer systems, networks, and databases from misuse, abuse, and illegal access.
READ: Amid continuing cybercrime in PH, public, execs reminded: There’s CICC