This fake Banco de Oro (BDO) email is a Phishing Scam email

James Ryan Jonas

Don’t be deceived by an email supposedly sent by Banco de Oro (BDO) telling you to “request a new card”!

Did you receive this email?

The text reads:

==========

Attention: ALL BDO ATM cardholders

Your BDO ATM card was recently used on ATM which may be compromised with a skimming device. For security measures we will be issuing new ATM card.

Please click here to request new ATM card

Failure to confirm the request within 24 hours, will result in permanent cancellation of the card.

For concerns, please visit your branch of account, call the BDO Customer Contact Center or the BSP Financial Consumer Protection Department at (02) 708-7087.

Thank you.

BDO Unibank Inc. is regulated by the Bangko Sentral ng Pilipinas (BSP).

==========

The email contains a link to a dubious website that is not in any way affiliated with BDO.

The email also tricks you by showing that the email was sent by security@bdo.com.ph, but in reality, the email was sent by a fake website (security@bdo.com.pk) — note that the domain extension was PK, not PH.

Don’t be fooled by this email!

This is not an official message from BDO.

This and similar emails are known as phishing emails, and they’re designed to steal your personal information, including account numbers and passwords, so that the scammers and thieves can log in to your account and most likely steal your money.

How do you protect yourself in such cases? What do you do if you receive those seemingly scammy or phishing emails?

Here are our tips.

  1. Don’t simply click on any link you see in the email. Hover on the link and confirm if the destination URL is an authentic URL of your bank. If in doubt, don’t click on the link and do not visit the website.
  2. Double-check with your bank if they actually sent the message. Call their hotline or visit their offices to inquire. Better to be too safe than sorry.
  3. If you’re on a website that asks for your account name or account number or password, confirm first that the site has SSL security. The URL should begin with HTTPS, not just HTTP, which means data you will input will be “secured” and encrypted. Some browsers, especially Google Chrome, now shows a padlock icon or the phrase “Secure” if the website you’re visiting has SSL security. If the website you’re visiting does not start with HTTPS, think twice about inputting your personal information or login credentials.
  4. Mark as Spam or report as a Phishing email any fraudulent email that you receive. In Gmail, you can find these options (“Report spam” or “Report phishing”) in the dropdown menu beside the “Reply” arrow button, located in the same row as the Time/Date of the email and Star image.
  5. If you’re doubting the content of the email you received, search on Google the content of the email. It’s likely someone has already written about it and has marked the email as authentic or spam or fraudulent.

Stay safe! Don’t be fooled by these fake phishing emails!

James Ryan Jonas teaches business management, investments, and entrepreneurship at the University of the Philippines (UP). He is also the Executive Director of UP Provident Fund Inc., managing and investing P3.2 Billion ($56.4 Million) worth of retirement funds on behalf of thousands of UP employees.