A pet grooming salon owner lost P50,000 recently to a pishing scammer who masqueraded himself as a representative of the BDO Online Banking Team.
Verena Scheer, owner of Happy Tails Pet Grooming Salon and Accessories and Bavaria Kennel and manager of Bavaria Club-54 KTV BAR and Restaurant, said she lost the money to a fraudster identified as June A. Lopez who used the number 0917-800-1879.
Scheer said she received an email advising that her account in BDO Online Banking will be deactivated if the scammer will not “hear any actions” from her.
Worrying that her access might be removed, Scheer said she clicked the link in the email and entered her OTP. She then received an email from BDO stating that her request to transfer P50,000 had been processed and granted.
The money was transferred to Lopez’ account at EastWest Bank through the BDO’s Instapay electronic fund transfer (EFT).
In a complaint-letter to BDO San Pedro, Scheer said that when the amount was successfully transferred, she rushed to the bank within 20 minutes to ask for help.
“Nabiktima ako ng phishing email. Hindi legit ‘yong email, pero legit ‘yong link. Puwede mo naman i-check by yourself,” Scheer said.
Walang hiningi na details pero upon log in ko, hiningi ang OTP ko pero never naging successful. Diretso na-transfer agad ‘yong P50,000. Nabawas agad sa account ko via Instapay. Sumugod ako agad sa opening branch ko which is sa San Pedro to report what happened. Two times na akong nag-report at file ng dispute, pero denied. Hindi na-grant ‘yong reimbursement,” she added.
Scheer said she made a third request, hoping that BDO would reconsider and reimburse the P50,000 that was stolen from her.
She hopes that BDO will investigate and also get her side on the matter as what was lost was “hard-earned money”.
“Pangatlo na itong report ko so waiting pa ako baka ma-deny pa din, ewan ko lang. For me, sana if mag-investigate sila, kunin nila side ng client kasi kami ang nawalan at hindi naman sila. It’s our hard-earned money, not theirs,” she said.
“Sana man lang ma-trace nila na unauthorized transfer ‘yon tumawag man lang sana sila to confirm if ikaw talaga nagtra-transfer, lalo na malaking halaga. Hindi kasi credit card ang pinag-uusapan dito na granted, madali i-hack. Debit ito, savings. Hard-earned money na ipatatago mo sa kanila,” she said.
However, Dingdong Arzaga of the BDO branch in San Pedro, said their bank will not be reimbursing Scheer because a probe it conducted proved that what happened was not their fault.
He said the email Scheer received did not have their company logo but that of another business called “BV”.
Arzaga added that as far as their bank is concerned, Scheer’s transaction on January 6 was valid.
“Walang logo ng BDO, walang Uniform Resource Locator (URL) ng BDO ‘yong email,” Arzaga said.
Arzaga also said that their online banking system is secured and only the owner can access her account unless he/she shares private information to another person, such as account number and the OTP that is sent to his/her cellular number.
“Kapag nag-access ka ng ‘yong internet banking, papadalhan ka ng OTP. Unang-una, ‘yong password mo ikaw lang ang nakakaalam. ‘Yong ikalawa dyan, ang OTP mo sayo lang ipapadala sa cellphone na may warning na ‘do not disclose it to anyone’. Walang iba na may access nyan, siya lang,” Arzaga said.
“Meron ng sulat dito sa kanya, nandodoon na lahat nakapaliwanag kung bakit hindi mare-reimburse ‘yong pera niya sa kanya,” he added.
Arzaga said he cannot disclose the content of the letter to the media because only Scheer can open and read it.
He warned that clients and their loved ones should make vigilance their way of life in online banking.
“Do not let fraudsters scam you or your loved ones. Beware of suspicious emails and SMS. Do not click links in emails or SMS that claim to come from your bank. Be wary of websites that look like the official sites. Check the URL (uniform resource locator) before typing in your username and password,” he said.
“Remember that your bank will not email or send you an SMS asking you to validate or verify your account. Your bank will never ask for your username, password, and one-time password (OTP), so do not give these details to people claiming to be from your bank. Remember, vigilance is key,” Arzaga added.
Phishing can be avoided, according to him, by being keen-eyed against misspelled URLs; fraudsters sending threatening emails; messages that ask for clients to verify personal information, financial information, and OTP, and poorly written emails.