MANILA, Philippines — The Philippine National Police Anti-Cybercrime Group issued reminders for the public Tuesday to avoid falling prey to online fraud and theft amid the recent cyber attack that stole sizable sums from the accounts of bank depositors.
Earlier this weekend, account holders began reporting unauthorized transactions on social media. Some accounts say they lost as much as P50,000 without their knowledge.
"When using Social Media, be careful not to accept random friend requests. Cybercriminals often create fake accounts to befriend you. Trust no online friends unless you know them personally," the PNP Anti-Cybercrime Group said in a statement.
"“The best way to avoid a cyber attack is to be more discerning whenever your information is asked online and to immediately report to the authorities when suspicion arises,” Police Gen. Dionardo Carlos also said.
Fraudulent emails
A common method of cybercriminals is to hack into personal computers or gadgets to send them emails with infected attachments, the PNP-ACG said.
"It is important to note not to respond to these dubious emails with embedded links. Don’t open links and attachments when in doubt. Such communication may be classified as Phishing emails."
If unsure, the PNP said, users can contact the company or organization claimed by the email source to verify if the communication is legitimate or fraudulent.
Password protection
The PNP also reminded the public not to give away vital information especially your contact and bank details.
It also encouraged security measures regarding passwords, including:
- If possible, constantly change and remember your password.
- Enable layers of security by using passwords and other encryption features like a two-factor authentication system.
- Be discreet with your password by not divulging it to anyone.
- When using mobile devices, limit the use of your contact numbers online as attackers may collect these digits.
Avoid unsecured wi-fi hotspots; set your device so that it doesn’t automatically connect to external sources. Disable Bluetooth when not in use so you can veer away from attackers exploiting open connections.
'Drive-by'
The PNP Anti-Cybercrime Group also alerted the public against the “Drive-by Download Attack” involving malicious programs that install on devices without the computer user’s consent.
Similar attacks include unintentional downloads of files or bundled software onto a computer.
"A drive-by download will usually take advantage of the exploited browser, app, or operating system that is out of date and has a security flaw...It is masked in all corners of the web, these attacks cause even perfectly legitimate sites to spread this threat," the PNP said.
"This initial code that is downloaded is often very small since its job is often simply to contact another computer where it can pull down the rest of the code onto the smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on the computer."
According to the PNP-ACG, downloads may be placed on otherwise innocent and normal-looking websites.
Victims might receive a link in an email, text message, or social media post that tells the target to look at something interesting on a site. Then it will exploit vulnerabilities in web browsers, plug-ins or other components that work within browsers not known to the computer user.
Cybercriminals make use of drive-by downloads to steal and collect personal information, inject banking Trojans, or introduce exploit kits or other malware to endpoints, among many others.
"What sets this type of attack apart from others is that users need not click on anything to initiate the download. Simply accessing or browsing a website can activate the download. Don’t rush in downloading phone applications and carefully download those from trusted sources."