Photographer: Johannes Eisele/AFP via Getty Images

Businesswoman reportedly loses more than PHP 1 million in RCBC Bank account


December 13, 2022
Updated on December 13, 2022
{{bullet-1}}
{{bullet-2}}
Share this article
Email

A businesswoman named Flordelina Chan lost more than PHP 1 million from her Rizal Commercial Banking Corporation (RCBC) bank account. According to the victim, she received multiple SMS messages containing her One-Time Pin (OTP) on October 26 and 27, but chose to ignore them as she said she does not use online banking for any transactions. She then received another SMS message warning her of suspicious activities in her account, which then prompted her to report the incident to the bank. However, upon personally going to the bank to withdraw, she discovered the missing money from her account. She immediately reported the incident to the National Bureau of Investigation (NBI) Cybercrime Division, and the report was also received by the Bangko Sentral ng Pilipinas (BSP).

In a written letter sent by the RCBC Tuazon branch to Chan, they said that the money could no longer be returned due to the use of an OTP, which authorized the transactions, and the lack of breach detected in their systems. Chan disputed this in an interview, stating that all her transactions happened over the counter.

RCBC also released a statement, claiming that the victim’s account “was compromised outside of the bank’s system.” RCBC reminds all their clients that “when a client gives their account information, password or one-time passwords, they are giving access to their accounts. RCBC constantly reminds its clients should never be shared with anyone.” No further information has been released as of this moment regarding how exactly Chan’s account was compromised.

Banking-related scams, even when done by relatively sophisticated syndicates, still appear to require successful phishing emails or social engineering over the phone to trick victims into giving access to their accounts or revealing “One Time Pins” connected to bank accounts, or otherwise scamming and tricking the victims. There is also a possibility that the devices of the victims, usually the phone, are compromised by malware obtained by downloading an unverified application or plug-in. The malware allows syndicates to view the SMS messages of the victim, including the OTP code that was sent to the victim’s phone number. This article talks about one of the many malwares that has the ability to compromise android devices.

The following recommendations are suggested to minimize your exposure to potential scams:

  • Make purchases online from reputable sellers.
  • Monitor your bank accounts for any unauthorized transactions
  • Don’t click on any links allegedly from your bank. Instead go directly to your bank’s website through a search engine or the bank’s app.
  • If receiving a call from your bank regarding an allegedly compromised account, consider hanging up and calling the bank directly to verify that it is a legitimate security alert.
  • Never share your one-time pin with anyone. Your bank won’t ask for your one-time pin.
  • For those using online banking apps, please make sure that you have downloaded your application from a legitimate app store. Users are also advised to change their password every 3-6 months.