Vishing is a crime that consists of impersonating companies, calling the victim by phone, and obtaining their data. Cybercriminals can gain remote access to your computer if you follow their instructions.
I got scammed yesterday out of thousands of my savings account. To give context to what happened and how everything went down: I currently own a Security Bank Checking account for work and our ATM cards expire by June 2022. I have not received my new card as of this writing as I was not able to make it during the card distribution. I have been waiting for the card for weeks now and the last conversation via e-mail was that they will update me through call once the card is already made available.
Note that I have 3 bank accounts - 1 is the mother account where my salary is being sent out and I have 2 extra accounts for savings and the other for my skincare.
I requested for the card renewal 2nd week of June, so today I received a call and the person calling me stated they are from Security Bank and are asking about my debit card. Red Flag #1: I assumed it was Security Bank. I told them I have not received it yet and asked what the status was. The person speaking stated he will check and that he will get back to me. Red Flag #2: The line was too quiet, normally when I call them the line is too noisy with other agents talking over each other. Then he asked me that he will send an OTP to complete the transaction, I told him this was already requested and he stated that we need to activate a biometric chip and will require the OTP. Giving me a barrage of benefits, it was lunch time and honestly have been at this ATM replacement for several weeks now so I didn't really pay much attention to it. I might have shared my account number too, everything went too fast that I could not recall when I gave him this.
The agent stated that he will then pass the call to his "supervisor" stating that he will complete the request. The supervisor asked me what online banking I use, I told him I use the old version as I find it easier for me. He asked for my username and I do not know why I gave it to him. A few minutes later he asked to send another OTP to complete the ATM request. This was the time that I checked my messages and of course, gave him the code. He stated that the code did not work and he will send a new one. Red Flag #3 Had I not checked the text messages and if I had given him the 3rd OTP my entire savings would have been lost. He attempted to take out money from the skincare account. A few seconds later the call dropped and my heart sank as I saw a confirmation text that I have "transferred" thousands of money via Instapay. He called again and I knew I got scammed.
I immediately logged into my online app and saw that one of the three accounts I have has been debited PHP22,400 off my savings account and the skincare account still has some balance to it. Funnily enough, he did not take out all the money - he left me with PHP80.76 from the account. Does he deserve a thank you? The scammer called multiple times during this time but I was already calling Security Bank to block everything and report the fraudulent activity. I immediately moved the skincare funds over to my own BPI account as I waited to get to a Security Bank agent. I waited for an hour before I reached someone.
When I reached the Security Bank agent, I reported what happened. Someone pretended to be them and what was shocking was how was it that they were able to get access to my account - checking on the site all you need are the username and password to gain access. Now if you forget a password, a username and e-mail are required. Yes, I did share the username but not my e-mail address so I can assume that they already have access to my profile. I also saw in e-mail all the things that happened:
1:06PM they changed my password - this was the first OTP
1:07PM they were able to access my online account
1:09PM they already transferred the money to a Chinabank account via Instapay - this was the 2nd OTP
1:12PM I moved my remaining cash over to another bank
1:15PM I have been logged out from all apps due to multiple simultaneous access
What the Security Bank agent do during our 1-hour and 45-minute call, note the line was really noisy with agents speaking at random intervals.
2:10PM deactivated all online accounts
3:09PM created a new ticket or the ATM replacement - goddamn it's been a month already!
3:18PM deletion of the account where the money was taken out
3:18PM deletion of the salary account
3:18PM deletion of the credit card account
3:52PM ticket sent for an unauthorized transaction
I was told this will be a 20-business day investigation. I honestly do not hope for much, the pessimist in me says that there is no way this will be valid. Also, I have read that this happened previously and there has been and yes, I know that somehow this is my fault for giving them the OTP and username and even the account number but what I wondered was that even during the first call at 1:06 how was he able to change my password if they do not have immediate access to it?
I honestly feel this was a targeted call and here's why:
1. How could they have called my number out of all of the people in the Philippines?
2. How could they have known I am waiting for a card? Was it because I responded I waited for it?
3. How could they have been able to get inside my online account without full details?
I have been very careful with all these vishing, spam, and phishing messages that I get daily from random folks saying I won the lottery or that they are hiring, and have been rather careful in answering calls. I hate making and receiving phone calls and if I can avert it I will.
Here's what I did after:
1. I changed all passwords to my accounts.
2. I created a new e-mail address and connected it to my online banking.
3. I have decided to call forward all calls to a dead number - yes! I just did that!
4. If I do decide to answer a call, I will ask for identification first and remain vigilant or heck not talk to them at all.
5. Should I need anything from my bank, I will call them directly instead.
I also knew of a friend who lost her PHP5000 from GCASH just by clicking a somewhat legitimate link from her email. I felt weak to my knees knowing that in less than 10 minutes, I was robbed of my own money. I was caught at a very bad time and yes I could have done better. I know it's just money and that I can manage to earn it, what just hurts is that there are people that do not fight fair. In a world where technology is just at the tip of our fingers - we still have to be careful.
Stay safe out there.
Also, the site went offline by 5PM MLA.
Update:
July 14th - I filed a complaint with BSP about what happened with my Security Bank Account.
July 18th - Received an email from Security Bank that they have received a complaint from BSP about the incident and that they are currently working on it.
July 20th - Received this email today.
Long story short, I already expected this result after I filed the complaint. I knew that they will never return my money as I have read countless stories about the same incident. What I wish to learn from this is to accept that people do not fight fair and that money can be replaced. Also, I realize that justice in the Philippines is just a thing of the past.
May you learn from my mistake and not become vulnerable to these instances. Stay safe out there.
well organized. billion dollar industry talaga fraud, dae connection or should i say employee 😂
ReplyDeleteMAGABAAN RA GYUD NA SILA! Matod pa'ng jonic: ganahan uroy sila mukaon anang ilang kinawat
ReplyDelete