This is to warn you that if ever you receive an email from Rizal Commercial Banking Corp (RCBC) telling that your account was suddenly deactivated, DO NOT believe that message as RCBC confirmed that this is a phishing scam, trying to steal your important information.
It was Monday when I received an email from RCBC telling me that my bank account was deactivated due to implementation of a new bank security and that I need to click a link in order to reactivate it. I took a screenshot of the message below.
Still, I decided to communicate with the bank to verify if this is indeed another ‘RCBC phishing scam’. After 24 hours, I received this reply.
I hope that this post helped you in seeking information about RCBC phishing scam or other related case, if ever you received the same email.
LOOKING DEEPER: WHAT IS A PHISHING SCAM AND HOW TO DISTINGUISH IT?
I took advantage of this experience to share to you what is a phishing scam and how you can easily identify it. If you’re ready to understand this cyber crime, read further.
A Phishing Scam is an attempt to acquire sensitive information such as username, password, credit card number and other personal and financial information. Most phishing scams such as the above mentioned case is in the form of email, but there are also phishing scams that is done via phone calls or other electronic medium. The purpose is simple: to steal money.
While you can’t avoid phishing scams, there are important key points to bear in mind that could help you identify that it is an attempt to steal information and therefore not become a victim of it. Take a look again at the image below.
A phishing scam or a phishing email in particular comprises of most if not all the following parts:
- Popular Company – scammers usually use a well-known, big company to masquerade their adentity in stealing information. Be aware of this in reading an official email from one entity. A big company like RCBC is not dumb enough to not to include at least the bank’s official logo or a proper heading for that matter in releasing official messages.
- Informal Link – Although an email message from one entity (or RCBC in this case) can contain links that direct users to their official website, you should always check if the link printed on the message matches the link where you will be directed. In the example image above, the printed link is https://rcbc.com/1/Active_CUSTOMERMIGRATION but when I mouseover that the display link is http://clicks.fanbridge.com/ with a suffixed encrypted data. Take note that you should avoid informal and encrypted links and DO NOT ever click them!
- Threat – A threat in a phishing email is meant to force you or give you pressure so that you’ll have that imperative thinking of clicking the specified Informal Link in the suspicious message. If you feel threatened, then you may rather submit a query to the support center or contact the customer service landline to personally verify if the message was indeed valid. In the RCBC case, I decided to contact their official Facebook account to verify the message and their prompt response (posted above) allowed me to conclude that the message was a phishing email.
- Spelling and Bad Grammar – Some online scammers tend to have a bad grammar and spelling in their messages. True enough especially when the source is from a non-english speaking country. Entities such as RCBC however are reputable enough to have a staff or copy readers that ensure that their messages are relayed in proper form and grammar.
- Spoofing Popular Websites or Company – Some scammers are talented enough to put graphics in phishing emails that are associated to a big company and/or website. Again, this is part of masquerading and part of further convincing you that the message is authentic.
WHAT TO DO THEN AFTER RECEIVING A PHISHING EMAIL?
In cases like this, after identifying that a forwarded message is a phishing email, you have to inform concerned people and entity/ies involved to avoid further damage it may cause. In the RCBC case, I immediately decided to make a communication to them via Facebook to verify the message. By informing them, you are also giving them an inference that something illegal activity is going on and they have to act for it.
You are advised to immediately disregard the message. You may report or mark it as a spam or just delete the message. You can further prevent your friends or other people that matter to you from getting scammed too by informing them about your experience. You can forward them a screen shot of the message you received and tell them that the message was not true. If truly verified, you may even take the initiative of uploading a screenshot of the message to your social media accounts so that everybody will be informed.
Last modified: September 27, 2012