Metrobank’s Official Anti-Phishing Guide

Dear Metrobank Client,

In order to maintain the security and confidentiality of your accounts, we are providing you the following information and tips for your protection.

There are con artists posing as legitimate businesses who send emails to clients requesting that clients verify confidential information online, such as usernames, passwords, and account numbers. This scam is called “phishing.”

What is “Phishing?”

Phishing is the act of sending an email falsely claiming to originate from a legitimate source—such as a bank or credit card company—in order to steal clients’ confidential information to commit fraud and/or theft. These email messages usually contain links that, when clicked, lead clients to what appears to be a trusted organization’s website, or which generates a pop-up window, and requests that clients enter confidential personal and financial information.

Metrobank will never send you an email requesting that you verify any confidential information such as usernames, passwords, account balances or account numbers.

What emails should I be wary of?

1. Verify your account”—businesses will not ask for personal or financial information via email

2. “If you don’t respond within 48 hours, your account will be closed”—phishing emails are polite in tone, but will also contain a sense of urgency to try to trick you

3. “Dear valued customer”—phishing emails are sent out in bulk and do not contain client names; most legitimate companies will address clients by name

4. “Click on the link below to gain access to your account”—these emails may contain a link or forms that you can fill out, just as in a website. These links are “masked” (may contain the name of a legitimate business) and will lead you to the con artists’ website, which will look like a legitimate business’ website.

This type of scam is perpetrated with the help of malicious software called “spyware”—which is also known as adware, keyloggers, or Trojans. Spyware may be embedded on a webpage, email, or attachments to an email; once the infected item is opened, this software is secretly installed on your computer and may be capable of recording your keystrokes as you enter confidential information online.

How do I protect myself online?

1. Be wary of emails requesting that you verify personal and financial information online.

2. Be wary of clicking links on email messages—avoid clicking on any links on email  messages unless you are very sure of the destination. Phishing usually contains links in email messages that upon clicking, will often take you directly to a phony site where you could unwittingly input your personal or financial information.

3. Delete suspicious emails without opening them and do not open attachments even if they seem to come from someone you know.

4. To visit your bank’s website, type the URL directly onto your browser or use your personal bookmark.

5. Be wary of messages that claim they contain “patches” to fix or upgrade your system; no software vendor sends out patches via email—they must be downloaded from the software vendor’s own website.

6. Report any suspicious emails to the legitimate originating source for investigation.

7. Check for security certificate before entering sensitive information on a website—you can check security certificates by looking for the yellow lock on the lower right of the status bar of your Internet Explorer browser; if the lock is closed, this signifies that the website is encrypted to protect you when you enter sensitive information onto the website. This symbol may only be present when the website is requesting you for your information but unfortunately, even the lock icon can be faked. For further safety, double-click on the lock icon to display the security certificate of the site—it should display the name of the website following “issued to”. If the name doesn’t make sense, it means that it’s a fake or spoofed website.

It is important these days to be careful online, so please take note of these tips. Metrobank is always vigilant for any type of security threat, and we will always keep you informed on how you can protect yourself online.

Thank you for your valued patronage, and rest assured that through the latest technology and measures available, the security and confidentiality of our relationship will always be maintained.

Sincerely,

Metrobank e-Banking Division