Security Bank users claim phishing losses totaling more than P5.7M

Account holders from Security Bank have banded together to claim losses totaling more than P5.7 million, allegedly stemming from phishing and unauthorized transactions performed on their accounts. 

The group, currently listing 38 victims, has compiled their claims, with the biggest alleged stolen amount for one individual at P1 million. The amounts ranged from P4000, P5,000 to several in the P100,000 to P600,000 range. Many of the incidents took place between May and July 2021. 

The victims reported a range of incidents from receiving phishing emails, and phone calls from fake Security Bank employees, leading to stolen one-time passwords (OTPs), and unauthorized transactions and customer profile updates. 

The group also claimed that some incidents involving the unauthorized update of the customer profile did “not even involve the victim’s participation with the fraudsters,” resulting in the breach of their bank account information and subsequent monetary losses. They have requested refunds for their cases but none have been successful in getting one, which has led to the group seeking assistance from the media and the Senate. 

Among the claims that have gone public on Facebook is an incident involving the sister of Razzel So, who posted about her sister’s losses of P155,000. 

Tying in with the group’s claim that some fraudulent actions do not require the victim’s participation, So said that her sister had received an email from Security Bank saying that she was updating her Security Bank profile. Alarmed, she checked her Security Bank app, and saw an “updating profile” notice on the app. 

She then went back to the email she received, which also said “"If you’re not updating your profile, please click the link and log in your account." She clicked and accessed the link, and logged in using her credentials. Immediately, she lost access to her account and received a notice that her account had been updated. 

At this point, the link she accessed was likely a spoof of the Security Bank log-in page, allowing the scammers to steal her credentials. Her email and registered number were changed, thus allowing the scammers to receive the OTPs that would allow transactions. 

She later received a call from a supposed Security Bank agent, informing her that she had been hacked, but that no money was stolen. Another agent called the following morning saying that she had been hacked, and that a total of P155,000 was transferred from her account. 

Appeals for a refund were denied because the bank reportedly told them that the transaction was made via a Security Bank online transaction that requires the use of an “enrolled username, password, and one-time password (OTP)” to log in. The bank on July 13 told her there would be no reinvestigation, and advised to report the incident to the NBI. 

Majority of the incidents claimed by the group involve unauthorized profile amendments leading to unauthorized transactions. 

The group says it continues to appeal to Security Bank.

Security Bank, from time to time, publishes articles on its blog warning people of phishing scams, along with tips on identifying fraud emails.

In an email to Rappler, Security Bank confirmed that some clients have received phishing emails from fraudsters, and noted that phishing has been widespread, affecting other financial institutions as well.

"The bank is taking these complaints very seriously, conducting a thorough investigation of each complaint and adhering to the appropriate reporting protocols. Our Security Department is also coordinating with the relevant government agencies (i.e. NBI/CIDG) in the course of these investigations." – Rappler.com

Have you been a victim in an online scam? Email the editor at angelo.gonzales@rappler.com.

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.

image