Breaches of privacy are often times the fault of the data subjects. According to statistics from a CompTIA report “human error accounts for 52 percent of the root causes of security breaches.”
ALYSSA Jowil, 23 got an email allegedly from her mobile wallet asking her to log-into her account to verify it and re-enter some of her personal information, including bank details, supposedly to re-activate her account. Jowil found it strange because prior to the email, she just paid P440 for a Lazada purchase. Her account was fine but the email gave her the jitters.
She reported the incident through the payment app’s messaging portal and almost immediately got a service ticket and a response from the app. She also made sure she made a screenshot of the sender’s email address which was cleverly disguised with an alias. Hovering over the URL however revealed a “.ng” country suffix, revealing that the email either came from Nigeria or used a domain assigned to that country. By not doing anything with the supposedly “urgent” emails, Alys protected herself from being a victim of fraud.
Cybersecurity company Sophos suggested that being mindful of emails especially those that call for a log in, show an invoice, offers an amount of money or a gift in exchange for personal information is crucial especially if these ask for a password, or access to credit or debit cards or bank accounts.
Later in the week, the National Bureau of Investigation accosted Jherom Anthony Taupa who admitted to creating both a phishing website and sending out fake GCash emails which was used to illegally capture details of users. A second suspect Ronelyn Panaligan was hauled in later as well a person codenamed “X-men” later identified as Clay Revillosa who sold over 800,000 mailing lists containing log in credentials of online banking accounts including those of 700 BDO depositors whose accounts were hacked robbing up to P50,000 in each account.
The alleged mastermind, Nigerian Ifesinachi Fountain Anaekwe, alias Daddy Champ was also apprehended along with another Nigerian national, Chukwuemeka Peter Nwadi. They were charged with violations of Republic Act No. 8484, or the Access Devices Regulation Act of 1998 because of trafficking unauthorized access devices.
GCash last week said its platform “retains its integrity and is secure,” while BDO in a statement said that it will return all money lost because of the hack to affected depositors, releasing an upgrade to its app and began overhauling its 10-year old ERP.
Breaches of privacy are often times the fault of the data subjects. According to statistics from a CompTIA report “human error accounts for 52 percent of the root causes of security breaches.” Reasons for this include the use of weak passwords (the most common is 1234556789), exposing data unnecessarily, like freely sharing a credit card in a restaurant or check out counter, sharing passwords, posting photos of an ID card on the Internet, sending sensitive information to the wrong recipient or falling for phishing scams.
As consumers connect to companies via messaging platforms, banks deliver information thru chatbots and people order food via delivery instead of going to an actual restaurant, businesses conduct important meetings via encrypted video platforms and technology conferences happen on virtual conferencing portals that look just like a convention hall, the consequences to privacy and to security also increase.
