IT WAS just an ordinary day for Girlie Jacildo, 37, of Barangay Tangub in Bacolod City, and a business process outsourcing firm employee, until she received a disturbing email.

Jacildo told SunStar Bacolod that she received the email on December 29, 2021, informing her that her GCash account, a virtual wallet application, was allegedly blocked and that she needed to click a link to verify it.

Worrying that she may no longer be able to access her account, she immediately called the customer service of GCash to ask whether she violated anything, Jacildo said.

“That’s when I learned that my account is active and that I did not violate anything, making me realize that I could have fallen victim to an online fraud,” she added.

To make her friends and loved ones aware of this kind of modus, she posted this experience on Facebook.

This was not her first time receiving dubious emails as she also experienced the same before wherein she was told that her bank accounts were compromised.

“Ironically, I don’t even have accounts on those banks mentioned,” Jacildo said, adding that being a former online employee of a bank, she knows that she needs to verify the legitimacy of those emails before doing or clicking anything.

When she was still working in a bank, she said customers with similar experience would report the incident to them and they would advise them to close their account and open a new one.

Customers are also advised to ignore future emails and report the incident to authorities, she said.

National Bureau of Investigation (NBI)-Bacolod head Renoir Baldovino said Incidents like this could be considered as phishing.

An identity theft

The Banko Sentral ng Pilipinas (BSP) had defined phishing as a form of identity theft whereby someone steals or uses personal or sensitive information of another person without his or her knowledge or permission, through hacking into one’s personal account, hijacking one’s data and taking over one’s online identity, to commit fraudulent acts or crimes, or conduct unauthorised business.

The BSP said that once the scammers have your information, it becomes possible for them to withdraw money or purchase items under your name, open a new bank or credit card account, use your present account to illegally deal with other people, or encash checks on your behalf.

It noted that scammers may also install computer viruses and worms or embed them in your e-mail and disseminate more phishing emails to other people and that these fraudsters usually send an email with a generic greeting.

The BSP added that fraudsters behind phishing activities would start the email with “Dear Customer” or “To Our Valued Client” with an urgent message or content containing a threat such as “Verify your account,” “Update your account,” or “Failure to do so will result in account suspension.”

The agency warned that the message is usually accompanied by a link that, when clicked, leads to a spoofed or fake website that asks individuals to input their personal and financial information such as User IDs, passwords and account and personal identification numbers.

At first, the email would look legitimate because the scammers may use official-looking logos and other identifying information from a financial institution or other legitimate organization, it said.

Baldovino said that phishing may be done in various methods other than email, such as text messages and chat rooms, among others.

“To avoid being victimized by these kinds of scams, do not reply to suspicious emails, ignore and delete the message, do not click any link in a suspicious message, and avoid giving of personal and financial information requested through email,” he said.

“If a similar incident happened to you, better call your bank and send a letter to verify if such email request is real or if you think you have given out information to a phisher, report the incident immediately to the company,” he added.

History, evolution

Website phishing.org stated that internet records showed that the first time that the term phishing was used and recorded was on January 2, 1996 in a usenet newsgroup called AOHell and since then it became a major criminal issue worldwide.

In many ways, the report said that phishing has not changed a lot since its heyday, the website said, adding that in the late 2003, phishers registered dozens of domains that looked like legitimate sites like eBay and PayPal if one was not paying attention.

Further, the report noted that phishers reportedly used email worm programs to send out spoofed emails to PayPal customers. Those customers were led to spoofed sites and asked to update their credit card details and other identifying information.

On the rise

Statista, a German company specializing in market and consumer data, reported that in 2019, before the onset of the coronavirus disease (Covid-19) pandemic, about 58,000 Filipinos fell victims of phishing.

As the pandemic set in and with most Filipinos online all the time, the NBI’s Cybercrime Division recorded a 200-percent increase in the number of phishing cases in the country since the lockdowns started back in March 2020.

Phishing is listed by Philippine authorities as the top cybercrime being committed in the country during the Covid-19 pandemic, followed by online selling scams and proliferation of fake news, the website techwireasia.com also reported.

Baldovino said, luckily, they have not received any complaints about it yet in Bacolod City and Negros Occidental.

Difficult to trace

The NBI-Bacolod head admitted difficulty in investigating cybercrimes like phishing because they need to trace the perpetrators.

If in case there are reported incidents of phishing and other cybercrimes, Baldovino said they will refer them to their national office based in Metro Manila.

The main office of NBI has personnel who are trained to handle cases like this and equipment to use, he said.

Jake Pomeprada, who is a Masters of Arts in Education major in Information Technology graduate, said not unless the phishers are using a virtual private network or VPN or an encrypted connection over the internet from a device to a network, then it would be impossible to arrest these fraudsters.

A science research specialist of the Technological University of the Philippines-Visayas, Pomperada said tracing the phishers through Internet Protocol or IP address or the unique address that identifies a device on the internet or a local network is also not possible as this could be changed or altered.

Warning

Baldovino warned that phishers, once arrested, could be penalized under the law. What they are doing is illegal under the CyberCrime Prevention act of 2012 or Republic Act 10175, he said.

Under this law, computer-related fraud or the unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage with fraudulent intent is prohibited.

It also prohibits computer-related identity theft or the intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without approval.

Any person found guilty of these offenses may be punished with imprisonment of prision mayor or a fine of at least P200,000 up to a maximum amount commensurate to the damage incurred or both.

Wrong way

With the pandemic still badly hitting many sectors of the society, especially those who have lost their jobs and sources of income, phishing and other fraudulent acts could continue to flourish.

Whatever the reason of these people for doing such activity, the ends could not justify the means, and as the saying goes “no one can escape the long arm of the law.”

A sad reality that we need to face is that, while digital technology has indeed gone a long way with many people using it to uplift their lives, unfortunately, there are few who are using it in a wrong way and to the detriment of others.